[Samba] Re: Netbios over IPSec
bdbruin at aub.nl
bdbruin at aub.nl
Mon Feb 21 20:17:23 GMT 2005
Actually - as I stated - I have cross subnet browsing working (and thus
wins). And I do have a samba box on both ends. The behaviour I noted
happens irregularly: sometimes I can open a share on the other subnet, but
mostly I cannot not.
I'll still have a look at your suggestions though, it might help.
> I suspect your problem is, netbios *broadcasts* simply don't traverse an
> IPSec tunnel... OpenVPN is likely a different story, but I never had
> any luck with this unless I set up a Samba box on both ends that
> maintained browse lists on both sides.
> There are plenty of fairly detailed explanations on this, some of which
> have my name attached, if you try Google-ing this list and FreeS/WAN.
> IIRC, the issue revolved around part of the browse process utilizing
> broadcasts (which aren't routable and won't traverse the VPN). Using
> WINS and browse list syncronization allowed the clients to browse with
> IP information rather than just Netbios names. The key was getting IP's
> So, the browse list tells you that remote subnet includes machines x,y,
> and z. But if you try to browse those machines directly, the system
> doesn't have an IP and resorts to 'who has x?' broadcasts which aren't
> routable. Hence no response. With WINS, the client does a lookup for
> x,y, or z and queries it by IP. And gets a response.
>> Message: 1
>> Date: Sun, 20 Feb 2005 15:49:14 +0100 (CET)
>> From: bdbruin at aub.nl
>> Subject: [Samba] Netbios over ipsec (slightly ot)
>> To: samba at lists.samba.org
>> Message-ID: <50822.214.171.124.138.1108910954.squirrel at mail.aub.nl>
>> Content-Type: text/plain;charset=iso-8859-1
>> This issue might be a slightly offtopic, but someone might have
>> with it. Thanks for reading this post anyway.
>> I have the following setup:
>> Network 10.227.7.X is connected over a wlan (126.96.36.199 <-> 188.8.131.52) to
>> network 128.1.1.X.
>> This setup works, I have cross-subnet browsing going and I am able to
>> login. When I enable IPSEC (raccoon (linux <-> freebsd)) I am still able
>> to login and to browse the network, but I am unable to access any of
>> shares on the other subnet (this *does* work without ipsec).
>> I used tcpdump to see if any packages are arriving on both ends and the
>> server (samba 3.0.10) does seem the receive the packages and answers
>> these packages as well, but the when having ipsec enabled the connection
>> behave differently than without ipsec as the client seems to ask
>> times for something.
>> I tried changing the MTU, but this does not seem the help.
>> Maybe I am forgetting something as this setup is slightly complicated as
>> it considers 4 firewalls (don't ask me why please ;-)), but the
>> do not seem to be the problem as logins do work over ipsec.
>> B. de Bruin
More information about the samba