[Samba] Network browsing with through OpenVPN

rruegner robert at ruegner.org
Mon Oct 4 22:39:56 GMT 2004 

Carlos Oliva G. schrieb:

> Hi all,
>
> I have succesfully joined together three LANs using OpenVPN over Linux 
> (Debian) gateways at the 'exit' of each one of these LANs.
>
> The VPN seems to be OK, as I can ping network hosts from one LAN to 
> another using their private IP addresses with no problem at all. 
> However network browsing through the VPN is not working.
>
> The network diagram for my setup is at 
> http://www.igloo.cl/~pink/network.jpg if you're willing to take a look 
> at it.
>
> This is the detailed setup I have:
>
>  * I have three networks with a public IP address each, called 
> '2norte', '4norte' and '6norte', respectively.
>
>  * Each of the Linux gateways has five network interfaces: two 
> physical (eth0 and eth1), for Internet and LAN connections, the 
> loopback interface (lo) and two virtual interfaces for the VPN link 
> (tun0 and tun1). They all accept all kind of traffic, both incoming 
> and outgoing, as there are NO firewall filtering rules on them (yet) 
> except for masquerading of outgoing connections to the Internet.
>
>  * On the tunX interfaces the gateways have 10.0.0.X IP addresses, 
> which are the VPN links.
>
>  * Each of the LANs has a WORKGROUP style Windows network, which has 
> mixed Win98 and XP clients. All the LANs has configured the same 
> workgroup name.
>
>  * On each LAN there is a wireless access point which only ocasionally 
> serves to floating clients, mostly XP machines and my OS X iBook.
>
>  * On each of them the Linux gateway acts as a DHCP server for its 
> local segment, and is also configured as a Samba server, with    both 
> 'local master = yes' and 'preferred master = yes', and 'os level = 65'.
>
>  * The 6norte gateway is configured as the WINS server ('wins support 
> = yes'), the other two gateways are pointing at it ('wins server = 
> 192.168.1.1'). Also 6norte is configured as the domain master browser 
> ('domain master = yes'), while the other two has this explicitly set 
> to 'no'. All the DHCP servers has the specified IP address 192.168.1.1 
> as their WINS server ('option netbios-name-servers 192.168.1.1;' on 
> dhcpd.conf)
>
>  * Only recently I added the 'remote announce' and 'remote browse 
> sync' parameters to each of the gateways samba configuration, with the 
> respective other two gateways IPs as parameters.
>
> This is an excerpt of my different smb.conf files for each one of the 
> three gateways:
>
> 6norte:
> [global]
>    workgroup = MYWORKGRP
>    netbios name = 6NORTE-SERV
>    wins support = yes
>    interfaces = eth0 lo tun0 tun1
>    bind interfaces only = yes
>    domain master = yes
>    local master = yes
>    preferred master = yes
>    os level = 65
>    remote announce = 192.168.0.1 192.168.2.1
>    remote browse sync = 192.168.0.1 192.168.2.1
>    name resolve order = wins bcast lmhosts host
>
>
> 4norte:
> [global]
>    workgroup = MYWORKGRP
>    netbios name = 4NORTE-SERV
>    wins support = no
>    wins server = 192.168.1.1
>    remote announce = 192.168.1.1 192.168.0.1
>    remote browse sync = 192.168.1.1 192.168.0.1
>    interfaces = eth1 lo tun0 tun1
>    bind interfaces only = yes
>    domain master = no
>    local master = yes
>    preferred master = yes
>    os level = 65
>    name resolve order = wins bcast lmhosts host
>
>
> 2norte:
> [global]
>    workgroup = CUERNAVACA
>    netbios name = 2NORTE-SERV
>    wins support = no
>    wins server = 192.168.1.1
>    remote announce = 192.168.1.1 192.168.2.1
>    remote browse sync = 192.168.1.1 192.168.2.1
>    interfaces = eth0 lo tun0 tun1
>    bind interfaces only = yes
>    domain master = no
>    local master = yes
>    preferred master = yes
>    os level = 65
>    name resolve order = wins bcast lmhosts host
>
>
> Sorry for the rather long mail but I wanted to give as much detail as 
> possible.
>
> Regards,
>
> -- 
> Carlos Oliva G.
> Igloo Sistemas Ltda.
> carlos.oliva at igloo.cl - http://www.igloo.cl
> Tel/Fax: +56 32 684798
>
Hi iam not sure what is exact your question?
I run samba over openvpn and it runs fine,
i strongly recommend to use the tap interface ( man openvpn )
for windows networks, additional having the right entries ( remote sync  
etc ) and a working dns will help you very much at these setups.
My configs are pdc and bdc with ldap , i only had samba act as
smb proxy on the openvpn machines.
Regards

More information about the samba mailing list