[Samba] Re: Netbios over ipsec (slightly ot)

Renato Salles siteforum at rsnetservices.com.br
Sun Feb 20 18:10:57 GMT 2005


bdbruin at aub.nl wrote:
> Hi,
> 
> This issue might be a slightly offtopic, but someone might have experience
> with it. Thanks for reading this post anyway.
> 
> I have the following setup:
> 
> Network 10.227.7.X is connected over a wlan (172.1.1.1 <-> 172.1.1.2) to
> network 128.1.1.X.
> 
> This setup works, I have cross-subnet browsing going and I am able to
> login. When I enable IPSEC (raccoon (linux <-> freebsd)) I am still able
> to login and  to browse the network, but I am unable to access any of the
> shares on the other subnet (this *does* work without ipsec).
> 
> I used tcpdump to see if any packages are arriving on both ends and the
> server  (samba 3.0.10) does seem the receive the packages and answers
> these packages as well, but the when having ipsec enabled the connection
> behave differently than without ipsec as the client seems to ask multiple
> times for something.
> 
> I tried changing the MTU, but this does not seem the help.
> 
> Maybe I am forgetting something as this setup is slightly complicated as
> it considers 4 firewalls (don't ask me why please ;-)), but the firewalls
> do not seem to be the problem as logins do work over ipsec.
> 
> Regards,
> 
> B. de Bruin

My bet is that you must enable the traffic between the authentication 
port and the data flow too through the firewall to the interface used by 
the vpn. With iptables - i'm a linux guy - it can happen if it's allowed 
  connection to the vpn interface (in my case, i use openvpn, and it is 
tap/tun) in the INPUT and FORWARD chains.


HTH,

RSalles



More information about the samba mailing list