browsing subnets over vpnd

[Matt Comer]

Hey :) I have recently set up VPN links between 3 subnets. I can ping back
and forth between all of the computers just fine, and samba works on all but
one subnet. The problem is that I am unable to use the VPN to browse
computers on the office network. I can browse them locally from the office,
and I can browse other subnets from them (ie. at home, etc), but when I get
on another subnet and try to browse windows 98 machines at the office
(behind a suse 6.4 box) it just doesn't work. I can browse the shares on the
suse 6.4 box however.

The other subnets are run by suse 7.0. I'm not sure if that is the reason
they work and the 6.4 subnet doesn't, but I figured I would mention it. I
know the problem is just that the server on that subnet won't route packets
to the machines on port 139. For instance, I try to telnet port 139 on
192.168.1.2 (office workstation) from 192.168.2.1 (home workstation) it just
times out. Here is a copy of what it says:

gimp:~ # telnet 192.168.1.2 139
Trying 192.168.1.2...
telnet: connect to address 192.168.1.2: Connection timed out

I can telnet 192.168.1.1 on port 139 though.

gimp:/ # telnet 192.168.1.1 139
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

Since I can still ping 192.168.1.2, I am assuming it is an error in the
samba configuration file. Here is a copy of that.

[global]
   workgroup = workgroup
   server string = office server
   guest account = nobody
   keep alive = 30
   os level = 200
   kernel oplocks = false
   security = user
   encrypt passwords = yes
   username map = /etc/smbusers
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes
   remote announce = 192.168.2.1 192.168.3.1
   remote browse sync = 192.168.2.1 192.168.3.1
   hosts allow = 192.168. 127.
   socket options = TCP_NODELAY
   map to guest = Bad User
   local master = yes
   domain master = no
   interfaces = 192.168.0.0/16
   wins server = 192.168.2.1
   include = /etc/smb.conf.public
   include = /etc/smb.conf.%u
   include = /etc/smb.conf.%m

I have a WINS server on 192.168.2.1 (home server) and it works fine, because
it shows all the computers in the network, even at the office. I just cant
access the ones at the office, except for the server there. Here is a copy
of pretty much everything I can think of that you guys would need to know to
figure stuff out :P If its too much info, just scroll down a bit and ignore
it,

stellar:~ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:20:78:15:DB:25
          inet addr:cens0red  Bcast:64.192.112.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:64864 errors:0 dropped:0 overruns:0 frame:0
          TX packets:86136 errors:0 dropped:0 overruns:0 carrier:0
          collisions:3 txqueuelen:100
          Interrupt:10 Base address:0xf780

eth1      Link encap:Ethernet  HWaddr 00:A0:CC:34:67:4F
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11527 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9797 errors:3 dropped:0 overruns:3 carrier:3
          collisions:0 txqueuelen:100
          Interrupt:11 Base address:0xf000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:268 errors:0 dropped:0 overruns:0 frame:0
          TX packets:268 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

sl0       Link encap:VJ Serial Line IP
          inet addr:192.168.1.1  P-t-P:192.168.2.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7558 errors:0 dropped:0 overruns:2167 frame:0
             compressed:0
          TX packets:7305 errors:0 dropped:0 overruns:1671 carrier:0
          collisions:331 compressed:0 txqueuelen:10

stellar:~ # ipchains -L
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.1.0/24       anywhere              n/a
Chain output (policy ACCEPT):

stellar:~ # route -N
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         cens0red	  255.255.255.255 UGH   0      0        0 eth0
192.168.2.1     0.0.0.0         255.255.255.255 UH    0      0        0 sl0
192.168.3.0     192.168.2.1     255.255.255.0   UG    0      0        0 sl0
192.168.2.0     192.168.2.1     255.255.255.0   UG    0      0        0 sl0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
64.192.112.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         cens0red 	  0.0.0.0         UG    0      0        0 eth0

stellar:~ # lsmod
Module                  Size  Used by
slip                    8220   2
slhc                    4440   1  [slip]
ip_masq_cuseeme         1144   0  (unused)
ip_masq_vdolive         1400   0  (unused)
ip_masq_raudio          3064   0  (unused)
ip_masq_irc             1624   0  (unused)
ip_masq_ftp             2424   0  (unused)
nfsd                  146188   4  (autoclean)
tulip                  30680   1  (autoclean)
ne2k-pci                4232   1  (autoclean)
8390                    6228   0  (autoclean) [ne2k-pci]
serial                 42612   0  (autoclean)
memstat                 1476   0  (unused)

stellar:~ # uname -a
Linux stellar 2.2.14 #1 Fri May 5 17:43:12 GMT 2000 i586 unknown

Wellllll anyway, I guess that's it. If any of you see some kind of error, or
if you know how I can make subnet browsing work on that server over the VPN,
please let me know. I would really appreciate it@!

--Matt