[Samba] Re: Netbios over IPSec

bdbruin at aub.nl bdbruin at aub.nl
Mon Feb 21 20:17:23 GMT 2005

Actually - as I stated - I have cross subnet browsing working (and thus
wins). And I do have a samba box on both ends. The behaviour I noted
happens irregularly: sometimes I can open a share on the other subnet, but
mostly I cannot not.

I'll still have a look at your suggestions though, it might help.



> I suspect your problem is, netbios *broadcasts* simply don't traverse an
> IPSec tunnel...  OpenVPN is likely a different story, but I never had
> any luck with this unless I set up a Samba box on both ends that
> maintained browse lists on both sides.
> There are plenty of fairly detailed explanations on this, some of which
> have my name attached, if you try Google-ing this list and FreeS/WAN.
> http://www2.frell.ambush.de/archives/freeswan-users/0721.html
> http://msgs.securepoint.com/cgi-bin/get/linux-ipsec-0111/477.html
> IIRC, the issue revolved around part of the browse process utilizing
> broadcasts (which aren't routable and won't traverse the VPN).  Using
> WINS and browse list syncronization allowed the clients to browse with
> IP information rather than just Netbios names.  The key was getting IP's
> involved...
> So, the browse list tells you that remote subnet includes machines x,y,
> and z.  But if you try to browse those machines directly, the system
> doesn't have an IP and resorts to 'who has x?' broadcasts which aren't
> routable.  Hence no response.  With WINS, the client does a lookup for
> x,y, or z and queries it by IP.  And gets a response.
> Brock
>> ----------------------------------------------------------------------
>> Message: 1
>> Date: Sun, 20 Feb 2005 15:49:14 +0100 (CET)
>> From: bdbruin at aub.nl
>> Subject: [Samba] Netbios over ipsec (slightly ot)
>> To: samba at lists.samba.org
>> Message-ID: <50834. at mail.aub.nl>
>> Content-Type: text/plain;charset=iso-8859-1
>> Hi,
>> This issue might be a slightly offtopic, but someone might have
>> experience
>> with it. Thanks for reading this post anyway.
>> I have the following setup:
>> Network 10.227.7.X is connected over a wlan ( <-> to
>> network 128.1.1.X.
>> This setup works, I have cross-subnet browsing going and I am able to
>> login. When I enable IPSEC (raccoon (linux <-> freebsd)) I am still able
>> to login and  to browse the network, but I am unable to access any of
>> the
>> shares on the other subnet (this *does* work without ipsec).
>> I used tcpdump to see if any packages are arriving on both ends and the
>> server  (samba 3.0.10) does seem the receive the packages and answers
>> these packages as well, but the when having ipsec enabled the connection
>> behave differently than without ipsec as the client seems to ask
>> multiple
>> times for something.
>> I tried changing the MTU, but this does not seem the help.
>> Maybe I am forgetting something as this setup is slightly complicated as
>> it considers 4 firewalls (don't ask me why please ;-)), but the
>> firewalls
>> do not seem to be the problem as logins do work over ipsec.
>> Regards,
>> B. de Bruin

More information about the samba mailing list