|
|
Jordi, I've heard about this problem before (everything working except samba), and I haven't really been able to reproduce it. For me everything works including samba. If I were troubleshooting something like this I would try a few things in this order: (1) run tcpdump/WinDump on the tap interface and make sure that samba neighbor discovery broadcasts are correctly transiting the VPN. (2) Make sure that your samba configuration is correct. If you are bridging ethernet interfaces on the linux server, then the samba config probably doesn't need to be modified. However, if you are creating a new interface which uses a different subnet than the primary physical ethernet which samba is listening on, then you need to upgrade your samba config to a multi-subnet configuration, which requires setting up a WINS server, and setting up windows clients to point to this server. (3) On the Windows side, check out the --ip-win32 option in the man page. By default, the Windows version of OpenVPN uses the "ipapi" method. There are two other methods provided, "netsh" and "manual". Try them both. (4) If you go to the control panel for the TAP-Win32 adapter, you will see a driver specific parameter "Media Status" which defaults to "Application Controlled". Try changing this to "Always Connected". This will cause the TAP-Win32 adapter to always appear to be "plugged in" and connected rather than connected only when OpenVPN is running. (5) I've noticed that with each new version of windows, you can do a few more things without requiring a reboot. I've noticed cases where on Windows XP, you can change an adapter IP address and the change takes place immediately, while on Win2000, a reboot is required. Keep this in mind with respect to (3) and (4) as OpenVPN's implementation of the --ifconfig option requires that it be able to programmatically set the IP/subnet of the TAP-Win32 adapter. My intuition would be that if everything works over the VPN except samba, then it's probably a samba config file problem (unless for some reason the --ip-win32 setting is having an impact on broadcast propagation). Also keep in mind that getting samba to work over multiple subnets can be like pulling teeth :) This is no criticism of samba, but rather the terribly broken file sharing model of Windows which has struggled to evolve from trivial LANs into a true wide-area protocol even as it labors under the crushing weight of its own obsolesence. I've gotten it to work before, but only after lots of trial and error. A big reason for the popularity of ethernet bridging is that it allows you to construct a VPN using a single subnet. This fools samba into thinking that everything is connected to a LAN, and you can get away with a working samba config with less teeth pulling. If you figure it out, please post your solution to the list. James Jordi Sanfeliu <Jordi.Sanfeliu@xxxxxxxxxxxx> said: > Hello all, > > Please send a Cc: to me in addition to the list. I am not subscribed and > this will make it easier for me to follow the thread and reply. Thanks. > > > I have an office network (192.168.1.x) and I want to connect a w2k road warrior > from anywhere using bridging (TAP). Mi current scenario is this: > > +---------------+ > | Linux (IPMasq)|eth0(192.168.0.3) -[192.168.0.1-ADSL-PUBLIC_ADDR-A] -- <<INET>> > +---------------+ > eth1(192.168.1.3) > | > []-[]-[]-[]-[]-[] > network pc's > > > Somewhere on Earth I have a w2k: > > +---------------+ > | Windows 2000 |192.168.0.27 -[192.168.0.25-ADSL-PUBLIC_ADDR-B] -- <<INET>> > +---------------+ > tap(192.168.1.150) > > > The two configurations are: > > Linux server Windows 2000 > ------------ ------------ > local 192.168.0.3 remote PUBLIC_ADDR_A > ifconfig 192.168.1.3 255.255.255.0 dev tap > port 5000 ifconfig 192.168.1.150 255.255.255.0 > dev tap0 secret key.txt > tun-mtu 1500 ping 10 > tun-mtu-extra 32 comp-lzo > mssfix 1400 verb 4 > secret key.txt mute 10 > persist-key tun-mtu 1500 > persist-tun tun-mtu-extra 32 > ping-timer-rem mssfix 1400 > ping-restart 60 > ping 10 > comp-lzo > user nobody > group nobody > verb 4 > > Once connected I have no errors. I can telnet, ftp, ping, etc. from w2k to any > other UNIX/Linux/Windows machine existing in the network office. In short ALL > WORKS FINE!. > > Well ... all except that from w2k I can't see any other machine using network > neighborhood or typing the correct path and share. Is like if no broadcast > propagation occurred. > > The most strange thing is that from the Linux server in the office network, when > I try to connect to w2k using smbclient I get the following messages. Look at > this!!: > > # smbclient -L w2k > added interface ip=192.168.1.3 bcast=192.168.1.255 nmask=255.255.255.0 > added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0 > error connecting to 192.168.1.150:139 (Connection refused) > Error connecting to 192.168.1.150 (Connection refused) > Connection to w2k failed > > Connection refused??? > > I dont have any firewall installed on w2k. I have installed a fresh windows2000 > prior to install openvpn. So I dont have any special or even typical program > like msoffice installed on. > > I tried to connect via openvpn using dial-up connection and I get the same > results. So seems to have a w2k or bridging problem. > > I tried to connect a linux at the same network that w2k and try to connect using > smbclient and it works!, probably because I'm using the physical ethernet on w2k. > > Any idea or help would be appreciated. > > Thanks. > > -- > Jordi Sanfeliu > FIBRANET Network Services Provider > http://www.fibranet.com > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00023.html on line 340 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-12/msg00023.html on line 340 |