[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Cross-VPN Browsing

  • Subject: [Openvpn-users] Cross-VPN Browsing
  • From: Danko Krajisnik <krajisni@xxxxxxx>
  • Date: Fri, 20 Jul 2007 21:18:58 -0700

Hey all,

I'm having a bit of a problem with cross-subnet browsing where one of
the subnets is managed by an OpenVPN server.

My network is set up with a central wireless router running OpenWRT.
192.168.10.x is the subnet for wired hosts and 192.168.20.x is the
subnet for wireless hosts. To allow cross-subnet browsing, the OpenWRT
router is running as a WINS server (samba).

Now, I've added an OpenVPN subnet (192.168.30.x) in routed mode. The VPN
works well (hosts on all 3 subnets can communicate with one another).
However, I am having some problems with browsing.

1. Hosts that are on the wired/wireless subnets can see one another in
the workgroup browser (Network Places -> Entire Network -> MS Windows
Network -> Workgroup) but cannot see VPN hosts.

2. VPN hosts cannot see wired/wireless subnet hosts in the workgroup

3. VPN hosts can access wired/wireless hosts directly by name
(//computername) but wired/wireless hosts can only access VPN hosts by
IP (//192.168.30.x).

All hosts are running windows (except the router running OpenWRT) and
all firewalls are disabled.

# network
port 1194
proto udp
dev tun
push "route"
push "route"
push "redirect-gateway"
push "dhcp-option WINS"

# certificate and keyfiles
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
tls-auth /etc/openvpn/shared.key

keepalive 10 120
status /tmp/openvpn.status

  syslog = 0
  syslog only = yes
  workgroup = WORKGROUP
  server string = OpenWrt Samba Server
  security = share
  encrypt passwords = yes
  guest account = nobody
  domain master = yes
  master = yes
  preferred master = yes
  wins support = yes
  name resolve order = wins lmhosts hosts bcast
  browse list = yes
  remote browse sync =
  remote announce =
  os level = 250

I posted this same message on the samba mailing list and the OpenWRT forums but 
received no solutions. I was thinking that perhaps using "topology subnet" might 
work since that would get rid of the /30 subnet given to each VPN client. Does 
that sound correct? Unfortunately, that option is not available in the version 
of OpenVPN that comes with OpenWRT.

Any ideas? Thanks in advance.

Openvpn-users mailing list