[Samba] Re: Netbios over ipsec (slightly ot)
siteforum at rsnetservices.com.br
Sun Feb 20 18:10:57 GMT 2005
bdbruin at aub.nl wrote:
> This issue might be a slightly offtopic, but someone might have experience
> with it. Thanks for reading this post anyway.
> I have the following setup:
> Network 10.227.7.X is connected over a wlan (18.104.22.168 <-> 22.214.171.124) to
> network 128.1.1.X.
> This setup works, I have cross-subnet browsing going and I am able to
> login. When I enable IPSEC (raccoon (linux <-> freebsd)) I am still able
> to login and to browse the network, but I am unable to access any of the
> shares on the other subnet (this *does* work without ipsec).
> I used tcpdump to see if any packages are arriving on both ends and the
> server (samba 3.0.10) does seem the receive the packages and answers
> these packages as well, but the when having ipsec enabled the connection
> behave differently than without ipsec as the client seems to ask multiple
> times for something.
> I tried changing the MTU, but this does not seem the help.
> Maybe I am forgetting something as this setup is slightly complicated as
> it considers 4 firewalls (don't ask me why please ;-)), but the firewalls
> do not seem to be the problem as logins do work over ipsec.
> B. de Bruin
My bet is that you must enable the traffic between the authentication
port and the data flow too through the firewall to the interface used by
the vpn. With iptables - i'm a linux guy - it can happen if it's allowed
connection to the vpn interface (in my case, i use openvpn, and it is
tap/tun) in the INPUT and FORWARD chains.
More information about the samba