[Samba] browsing across subnets/vpn

David Adam zanchey at ucc.gu.uwa.edu.au
Fri Apr 16 07:17:00 MDT 2010

On Fri, 16 Apr 2010, David Cake wrote:
> At 4:40 PM +0800 14/4/10, David Adam wrote:
> > On Wed, 14 Apr 2010, David Cake wrote:
> > 
> > > 	I am setting up a client with vpn to access a samba share. The samba
> > >  server (which is both file and WINS server) is also the vpn machine, so
> > >  nothing too complicated as far as routing goes, and the vpn stuff
> > > (openvpn
> > >  stuff) all seems to work fine, client can manually log into shares by
> > >  specifying the name and vpn interface address of the share.
> > > 	I am using layer three bridging (IP over a tun interface), not layer
> > >  two (ethernet over a tap interface)
> > > 	But what I would need to do to allow clients to browse shares on this
> > >  one machine.
> > > 	Is there a way to configure the Windows client (and samba if
> > >  necessary) to allow browsing of shares, without switching everything over
> > > to
> > >  ethernet bridging (which seems a lot to do do for  simple task).
> > > 	I assume this is, at heart, a fairly simple browsing across subnets
> > >  question. Please forgive my cluelessness.
> > 
> > I think the instructions at
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#DMB
> > will solve your problem - I assume you are not using a domain? Anyway, set
> > your VPN server up to be the domain master browser and you should be
> > laughing.
> 	I have set my VPN up to be the domain master browser, it still does
> not appear to be working.
> > 
> > If you are using a VPN configuration interface that lets you hand out
> > options as well as addresses, you might consider running a WINS server as
> > well.
> 	I am running a wins server, and I am pushing the WINS server details
> via the VPN (successfully as far as I can tell).
> 	Any suggestions for how to work out what is going wrong here?

Are you able to access the Samba shares by IP address 
(\\ip.add.re.ss\sharename)? If not, this may indicate a lower-level 
networking problem. Another thing to make sure you have checked is your 
firewall rules for VPN clients.

I'd start with wireshark/tcpdump, turning the logging up on nmbd, and/or 
using strace on the nmbd process. You can use nbtstat on Windows and 
nmblookup on Linux to force name queries - http://toasterz.com/node/27 has 
been a useful reference for me.

David Adam
zanchey at ucc.gu.uwa.edu.au

More information about the samba mailing list