Help - VPN w/ linux + samba; cross-subnet browsing and worse :)

Tim Carr carrt at western.wave.ca
Sat Jan 15 05:17:59 GMT 2000


Please reply  if you have any solutions to this problem!

In this setup there are four computers:

C1  --- local lan -----(eth1)  C2  (eth0)------- internet ---------
(eth0) C3  (eth1) ---- local lan -------- C4
|
|
|-(tap0)-----------------------------------------encrypted tunnel (VPN)
--------------------(tap0)-|

Computers 1,4 = win98    (called windows machines hereafter)
Computers 2,3 = linux + samba    (called linux boxes hereafter)

The goal is to get computers 1 and 4 to see each other in network
neighborhood, and be able to use each other's shares (all thru the VPN)
-- without using lmhosts or any file similar on these machines, using
samba instead.

Computers 2 and 3 are setup to masquerade the internet to computers 1
and 4 (successfully), and also have a nicely encrypted tunnel running
between them using the /dev/tap0 device.  The tunnel is working fine,
because if one uses lmhosts on the two windows machines (computers 1 and
4) they can see & use each other's shares in network neighborhood.
Here's the samba setup as of now:

Computers 1 and 2 are on a seperate workgroup than 3 and 4.
Computers 2 and 3 are domain master browsers AND local master browsers
for their respective workgroups on BOTH subnets that they are on
(internal, and external being internet)
Computer 2 is a WINS server, computer 3 is a WINS client, and BOTH are
configured to proxy broadcast requests to a WINS server (in smb.conf:
wins proxy = yes).

Ideally computers 1 and 4 would just hook up to the WINS server, and
everything would be peachy. However, the windows machine that is behind
the linux box that is the WINS client cannot contact the WINS server
(the tunnel only connects it to the internal machines for security
reasons, and this cannot be changed).  So, i had hoped that by enabling
WINS proxy, I could solve the problem.  With proxy on, I had both
windows machines not using the WINS server (using just broadcast). This
had to be done becuase the way this is set up, the WINS client might
later on become the WINS server (long story).  It seems to almost work
-- computer 4 can see computer 1 and use it's shares (yay!), and
computer 1 can see computer 4, but NOT use it's shares (it doesn't get
C4's IP from anywhere).  I tried using remote browse sync (in smb.conf)
to ensure that computer 3 told computer 2 C4's address, but to no avail.

Please help me! I've forever more and more impressed with samba, but
networks are tuff, and this problem has been stumping me for awhile !

Sorry if this email was difficult to understand.

** ALL replies welcome ** :)

Tim



More information about the samba mailing list