[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Windows Browser Service

  • Subject: [Openvpn-users] Windows Browser Service
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Thu, 09 Aug 2007 11:21:10 +0100

Hi all,

This is written in the hope that it might help someone; it took me a 
while to find.

If you look at 
it will tell you that the MS computer browser service may have problems 
working on a multihomed computer. Almost by definition you have such if 
you have a tap adaptor installed. Browser service is a Windows 
'solution' that allows computers on a small LAN to know where the others 
are and communicate, and share directories (if that is enabled). Larger 
LANs would normally have a WINS server, or local DNS server to 
centralise that function, and would also be set up as domains to allow 
centralisation of access control lists, but for a small LAN, MS's 
Computer Browser Service is a decentralised alternative, and quite handy.

Now mostly, with OpenVPN, you'll be using UDP; it's recommended, and as 
you see at http://sites.inka.de/sites/bigred/devel/tcp-tcp.html using 
TCP over TCP is a bad idea. Given that you've made that choice you will 
not be able to get the MS Computer Browser Service to work over your 
VPN, browsing doesn't work over UDP. However rather than shutting down 
browsing on my VPN server (which is useful for the rest of my LAN) it 
struck me that I could simply disable netbios over tcp/ip on the VPN 
adaptor, and then, hopefully, the browser service would not 'know' that 
my computer was multi-homed.

To cut a long story short, it worked like a charm. Browsing works on my 
LAN, my remote clients can map LAN drives to their system with a simple 
script, and when they are back home browsing just works. vpn 
properties/tcpip properties/advanced/WINS/disable netbios over TCP/IP 
radio button. In fact I think the installer should disable netbios by 
default, leaving the user to enable it if he really wants (in a bridging 
configuration perhaps)

Hope this helps someone.


Openvpn-users mailing list