Re: [Openvpn-users] OpenVPN and partial windows network browsing

["John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>]

On Wed, 2006-10-04 at 07:42 -0500, Charles Duffy wrote:
> OverTech Argentina wrote:
> > But with this bridging mode a little problem appear: both WRT54GL works 
> > as DHCP for the clients physically connected, but after the VPN bridge 
> > is running what a client connected to anyone of the WRT54GL sees it's a 
> > subnet with two DHCP, so sometimes happened that clients behind office 
> > WRT54GL got IP information from the home WRT54GL and vice-versa.
> 
> One way to solve this is using ebtables to block DHCP/BOOTP traffic from 
> traversing the bridge. ebtables is included in OpenWRT, and Google finds 
> some hints on using it for your present purpose.
> 
> > I installed a WINS server at Windows 2003 Server primary domain 
> > controller located at the office, and I discovered that my home computer 
> > connected to my home WRT54GL, registers its name and IP in the WINS 
> > server correctly, but then when I go to My Network Places in my home 
> > Windows  XP computer I only see the home computer and not all the 
> > computers at the office.
> 
> Is the WINS server being used by the clients on both ends? Typically, 
> the access method and address for a WINS server should be set by DHCP -- 
> especially if it's on a different subnet. You should be able to use 
> ipconfig on Windows to see which WINS servers, if any, are presently 
> configured; if your WINS server isn't shown, you need to configure your 
> DHCP service to provide its address (and, on the remote side, specify 
> that it should be accessed via unicast traffic). This is similar to what 
> OpenVPN's built-in mini-DHCP-server does with a Windows client when 
> "dhcp-option WINS 1.2.3.4" and "dhcp-option NBT 8" are set.
> 
> I believe the same settings can be entered manually via the TCP/IP 
> properties pane associated with the relevant adapter on Windows, though 
> this is obviously only a reasonable course of action on a very small 
> network.
> 
<snip>
My apologies but I missed this original e-mail and perhaps I am not
replying to the original question.  I am assuming it is a question about
browsing not working or not working consistently across the VPN.  I am
also assuming someone suggested bridging to solve the problem.  If
that's not the issue, then don't bother reading the rest of this
e-mail :)

We've dealt extensively with such issues in our production rollouts of
the ISCS network security management system
(http://iscs.sourceforge.net).  Most of the OpenVPN remote access
clients we secure are on Windows and in a Windows server environment and
we do have them browsing successfully.

We almost never use a bridged environment lest we haul all the broadcast
traffic across the VPN link.  One does need to implement WINS for
browsing even in a 100% active directory network.  This will allow
browsing to work in the routed environment.  However, there are two
needed changes to the desktop registry so that the desktop will look to
the remote browse masters and not to itself as the browse list
maintainer:

HKLM\System\CurrentControlSet\Services\Browser\Parameters, make sure
that IsDomainMaster and MaintainServerList are both set to FALSE.

These settings can be added into the NullSoft installer script to
automate the changes.

That has solved the problem for us.  I hope it helps you.  Good luck -
John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users