|
|
On Tuesday, November 02, 2004 2:12 AM [GMT-5=EST], Mathias Sundman
<mathias@xxxxxxxxxx> wrote:I've been experiencing a problem regarding the client-to-client directive in my bridged configuration. It seems that when I have two or more remote clients behind the same subnet requesting resources from eachother by netbios name, their traffic is routed through the OpenVPN tunnel instead of being routed locally. I've been running Beta11 since its release, and it seems that this issue has just recently appeared. Am I missing something in my server configuration to prevent this from happening? I guess it "works as designed". As you have created a bridge you now have two "local subnets" connecting these two hosts, just like if you have had two physical network adapters in each machine and had connected them both between these machines. Not sure if this is even possible, but maybe there could be a directive that's pushed to the client that can take care of this programmatically. I can only think of two ugly work arounds. Add the local hosts you want to communicate with locally to your LMHOSTS file or add statical entries in the WINS server. I fully understand the whole theory behind this, but it's really strange that it only recently started affecting me. It all began few weeks ago when I noticed my VNC connections from my Wi-Fi connected laptop into my wired desktop becoming completely laggy. Pings were sometimes 4,000+ms, and I began to think it was the Wi-Fi connection at my new residence. Then I actually paid attention and noticed that the pings were resolving to the desktop's OpenVPN 'virtual' IP address instead of its local IP address. And on Tuesday, November 02, 2004 7:50 AM [GMT-5=EST], Leonard Isham <leonard.isham@xxxxxxxxx> wrote: OK without seeing your exact configuration here is what I believe is happening, and I do have to say it does work as designed as this is Microsoft's architecture controlling the behavior.
Assumptions: 1. The server site is the location of netbios resolution because one of the following: - You are using WINS at the server site - the remote site is always the master browser for theses systems because of specific configuration or the fact that servers and domain controllers are heavily favored.
2. The remote computers do not have any "infrastructure servers" Not sure what this means, but it's probably the case. There are no Domain Controllers at the server site -- it's simply a peer-to-peer network in the classical sense. What happens: 1. Netbios resolution looks to the WINS server or master browser which has the bridged IP address related to the netbios name. So, the OpenVPN client is receiving name resolution from the Master Browser at the server site? Possible resolutions: 1. Add static entries into WINS with the local IP addresses for the remote systems. 2. Change name resolution order to LMHOSTS first and maintain the file on the machines. 3. Change to routing instead of tunneling. (more complex from the network side, but properly configured would resolve your netbios issues) I may just end up removing the client-to-client form the server config. It's a wonderful idea, but it seems that there's just too much room for no-so-optimized routing in a bridged configuration. -Adam
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00037.html on line 250 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-11/msg00037.html on line 250 |