[Samba] Using Samba over VPN - shares disconnect on Windows clients

rruegner robert at ruegner.org
Fri Sep 10 11:49:30 GMT 2004

Hi Mark,
doing wins is always the better choice, and it takes no costs
to the network, some older progs ignore dns and do only wins.
I always setup Samba as a wins server, to avoid additional broadcasts by 
the windows clients, have a propper setup internal dns should be the 
normal case.
But this seems to me is only a add in your case.
Adsl or isdn , is only a question from performance , it doesnt relate to 
the quality of the vpn. ( for sure it should be stable anyway )
If your network is not really stable , maybe firewall issuses
on the xp client or on the gateway itself, the open and close
from a folder ist not clearly noticed by the server-client connection,
this might be your problem , using tcpdump and etherreal may clear this.
Using vpn ( pptp ) is difficult to setup , cause there are some many 
parts you have to think off.
I usually test it from a internal machine first.
Even if the pptp conect works from internal works perfectly, i start
to test it from outside.
I allways start the test from a isdn win client directly connected
to the internet , without having any firewall on the client enabled.
( normally after this test this client musst be reinstalled cause its 
totaly hacked by minutes )
If this works i do the same test via a direct adsl line.
If this works i used to test it with a direct adsl line
and kerio firewall enabled.
I never use Win xp firewall cause of low tuning features.
Also the win xp client should be able to connect to the samba domain
in the internal net without any problems , before trying conect it from vpn.
Last test ist with multiple adsl routers , having pptp passtrough enabled.
During this testing , i tuned the pptpd options to the values i posted,
and it works now stable and nice.
I would start trying conect from a internal machine to the samba
server via vpn, so you are sure it works in principal,
this is the to boarder the bug, after that you know if you have to tune
pptp or samba.
I have a test net , parted from internal and vpn net via a iptables 
firwall, so no dhcp problems may happen.
As a tip , you should have a look to openvpn which works very nice too,
i use it for static vpn , between my office networks (fixed ips), but 
you can also use it ( with dyndns ) for windows.But it is not my first 
choice vor dialup vpns.
Sorry but i dont know any more tips, tracing your network traffic
looking the log on the client server and the gateway should show up the bug.

Best Regards

Mark Huff schrieb:

> robert,
> the user is coming in via ADSL on both sides of the line....
> As he is attaching to the samba share using IP address (not system name)
> then wins is not needed (is it?)...i.e., he maps the drive from WinXP as
> \\192.168.1.x\share .
> We do not have a problem with him connecting through the VPN at all, only in
> getting the mapped share to stay where it belongs.  He maps the drive
> initially, and can see the files in the share. He closes the explorer window
> for the mapped drive, then tries to reopen the explorer window for the drive
> to view the files and that is when the problem occurs....
> I have a feeling it might have something to do with the port 139, but am not
> sure on that.  I have lowered my mtu and mru in the options.pptpd file and
> initially we got good connection, but then, after being able to open the
> close the folders a few times, he got the problem of the not being able to
> open the folder with the error from windows that "the drive is already in
> use" kind thing.  If he disconnected the mapped drive then re-maps it, it
> connects just fine initially, the just dies away again.
> any thing else you can think of??
> Mark
> -----Original Message-----
> From: rruegner [mailto:robert at ruegner.org]
> Sent: Friday, 10 September 2004 8:33 PM
> To: Mark Huff
> Subject: Re: [Samba] Using Samba over VPN - shares disconnect on Windows
> clients
> Hi,
> i have also a dial in vpn over pptp and it works like charme,
> did you give the right wins server and dns server for the dial in
> machines, do you use the stripped domain patch?
> Are you aware that your dial in network range does not conflict with a
> dhcp server which migth be exist in your network too,
> what about the firewall ( iptables on the vpn gateway, some on th client? )
> What are the  samba logs.
> Are you sure that the problem does not not belong
> to a pptp passtrough problem on the client side?
> Inconsitant VPN Networks may result in multiple Problems.
> i have something like this as pptp.options
> Note: to use this on use suse 9 i had to do a few patches
> ie stripped domain , and 128 bit
> chapms-strip-domain
> name *
> lock
> mtu 1490
> mru 1490
> proxyarp
> auth
> +chap
> +chapms-v2
> ipcp-accept-local
> ipcp-accept-remote
> lcp-echo-failure 3
> lcp-echo-interval 5
> deflate 0
> mppe-128
> mppe-40
> mppe-stateless
> # Specify which DNS Servers the incoming Win95 or WinNT Connection
> should use
> # Two Servers can be remotely configured
> ms-dns
> # Specify which WINS Servers the incoming connection Win95 or WinNT
> should use
> ms-wins
> logfile /var/log/pptpd.log
> i am runnig the pptp server direct on the firewall and have a completly
> seperated net for dial in
> Best Regards
> Mark Huff schrieb:
>>I am running Poptop 1.1.4 VPN server, Samba 3.0.6, RH 9 (2.4.20-8 patched
>>for mppe-mppc).  When the end user connects via VPN, they can create a
> share
>>to the samba shared folder that was created.  When they clost the explorer
>>window, then reopen the shared drive from the "My Computer" view, the
> share
>>can not be re-opened with the error that the mapped drive is alreay in
> use.
>>I have searched high and low for possible solutions and have tried just
>>about all of them, but nothing seems to correct this issue.
>>The network for the Samba server and Redhat is 192.168.1.X but coming on
> on
>>the VPN the boxes are 192.168.2.x with client systems getting assigned IPs
>>in the range by the Poptop server.
>>I had been getting Samba read errors(436), but I seem to have gotten away
>>>>from those by resetting the services file of the Redhat on port 139 from
>>netbios to smbd.
>>Any ideas of where to jump from here?? (besides a tall building or short
>>Mark Huff
>>Outgoing mail is certified Virus Free.
>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>Version: 6.0.752 / Virus Database: 503 - Release Date: 3/09/2004
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.752 / Virus Database: 503 - Release Date: 3/09/2004
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.752 / Virus Database: 503 - Release Date: 3/09/2004

More information about the samba mailing list