[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Cross-VPN Browsing


  • Subject: [Openvpn-users] Cross-VPN Browsing
  • From: Danko Krajisnik <krajisni@xxxxxxx>
  • Date: Fri, 20 Jul 2007 21:18:58 -0700

Hey all,

I'm having a bit of a problem with cross-subnet browsing where one of
the subnets is managed by an OpenVPN server.

My network is set up with a central wireless router running OpenWRT.
192.168.10.x is the subnet for wired hosts and 192.168.20.x is the
subnet for wireless hosts. To allow cross-subnet browsing, the OpenWRT
router is running as a WINS server (samba).

Now, I've added an OpenVPN subnet (192.168.30.x) in routed mode. The VPN
works well (hosts on all 3 subnets can communicate with one another).
However, I am having some problems with browsing.

1. Hosts that are on the wired/wireless subnets can see one another in
the workgroup browser (Network Places -> Entire Network -> MS Windows
Network -> Workgroup) but cannot see VPN hosts.

2. VPN hosts cannot see wired/wireless subnet hosts in the workgroup
browser.

3. VPN hosts can access wired/wireless hosts directly by name
(//computername) but wired/wireless hosts can only access VPN hosts by
IP (//192.168.30.x).

All hosts are running windows (except the router running OpenWRT) and
all firewalls are disabled.


/etc/openvpn/server.conf:
-----------------------------------------------------
# network
port 1194
proto udp
dev tun
server 192.168.30.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option WINS 192.168.10.1"

# certificate and keyfiles
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/shared.key

#misc
keepalive 10 120
status /tmp/openvpn.status
-----------------------------------------------------

/etc/samba/smb.conf:
-----------------------------------------------------
[global]
  syslog = 0
  syslog only = yes
  workgroup = WORKGROUP
  server string = OpenWrt Samba Server
  security = share
  encrypt passwords = yes
  guest account = nobody
  domain master = yes
  master = yes
  preferred master = yes
  wins support = yes
  name resolve order = wins lmhosts hosts bcast
  browse list = yes
  remote browse sync = 192.168.10.255 192.168.20.255 192.168.30.255
  remote announce = 192.168.10.255/WORKGROUP 192.168.20.255/WORKGROUP 
192.168.30.255/WORKGROUP
  os level = 250
-----------------------------------------------------

I posted this same message on the samba mailing list and the OpenWRT forums but 
received no solutions. I was thinking that perhaps using "topology subnet" might 
work since that would get rid of the /30 subnet given to each VPN client. Does 
that sound correct? Unfortunately, that option is not available in the version 
of OpenVPN that comes with OpenWRT.

Any ideas? Thanks in advance.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users