Hi all,
I have succesfully joined together three LANs using OpenVPN over Linux
(Debian) gateways at the 'exit' of each one of these LANs.
The VPN seems to be OK, as I can ping network hosts from one LAN to
another using their private IP addresses with no problem at all.
However network browsing through the VPN is not working.
The network diagram for my setup is at
http://www.igloo.cl/~pink/network.jpg if you're willing to take a look
at it.
This is the detailed setup I have:
* I have three networks with a public IP address each, called
'2norte', '4norte' and '6norte', respectively.
* Each of the Linux gateways has five network interfaces: two physical
(eth0 and eth1), for Internet and LAN connections, the loopback
interface (lo) and two virtual interfaces for the VPN link (tun0 and
tun1). They all accept all kind of traffic, both incoming and outgoing,
as there are NO firewall filtering rules on them (yet) except for
masquerading of outgoing connections to the Internet.
* On the tunX interfaces the gateways have 10.0.0.X IP addresses,
which are the VPN links.
* Each of the LANs has a WORKGROUP style Windows network, which has
mixed Win98 and XP clients. All the LANs has configured the same
workgroup name.
* On each LAN there is a wireless access point which only ocasionally
serves to floating clients, mostly XP machines and my OS X iBook.
* On each of them the Linux gateway acts as a DHCP server for its
local segment, and is also configured as a Samba server, with both
'local master = yes' and 'preferred master = yes', and 'os
level = 65'.
* The 6norte gateway is configured as the WINS server ('wins support =
yes'), the other two gateways are pointing at it ('wins server =
192.168.1.1'). Also 6norte is configured as the domain master browser
('domain master = yes'), while the other two has this explicitly set to
'no'. All the DHCP servers has the specified IP address 192.168.1.1 as
their WINS server ('option netbios-name-servers 192.168.1.1;' on
dhcpd.conf)
* Only recently I added the 'remote announce' and 'remote browse
sync'
parameters to each of the gateways samba configuration, with the
respective other two gateways IPs as parameters.
This is an excerpt of my different smb.conf files for each one of the
three gateways:
6norte:
[global]
workgroup = MYWORKGRP
netbios name = 6NORTE-SERV
wins support = yes
interfaces = eth0 lo tun0 tun1
bind interfaces only = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
remote announce = 192.168.0.1 192.168.2.1
remote browse sync = 192.168.0.1 192.168.2.1
name resolve order = wins bcast lmhosts host
4norte:
[global]
workgroup = MYWORKGRP
netbios name = 4NORTE-SERV
wins support = no
wins server = 192.168.1.1
remote announce = 192.168.1.1 192.168.0.1
remote browse sync = 192.168.1.1 192.168.0.1
interfaces = eth1 lo tun0 tun1
bind interfaces only = yes
domain master = no
local master = yes
preferred master = yes
os level = 65
name resolve order = wins bcast lmhosts host
2norte:
[global]
workgroup = CUERNAVACA
netbios name = 2NORTE-SERV
wins support = no
wins server = 192.168.1.1
remote announce = 192.168.1.1 192.168.2.1
remote browse sync = 192.168.1.1 192.168.2.1
interfaces = eth0 lo tun0 tun1
bind interfaces only = yes
domain master = no
local master = yes
preferred master = yes
os level = 65
name resolve order = wins bcast lmhosts host
Sorry for the rather long mail but I wanted to give as much detail as
possible.
Regards,
--
Carlos Oliva G.
Igloo Sistemas Ltda.
carlos.oliva@igloo.cl - http://www.igloo.cl
Tel/Fax: +56 32 684798
Just a guess but it's probably a routing table issue.
Your pings are probably transversing via
the physical paths.
jay
-----Original Message-----
From: Carlos Oliva G. [mailto:carlos.oliva@igloo.cl]
Sent: Monday, October 04, 2004 12:56 PM
To: samba@samba.org
Subject: [Samba] Network browsing with through OpenVPN
Hi all,
I have succesfully joined together three LANs using OpenVPN over Linux
(Debian) gateways at the 'exit' of each one of these LANs.
The VPN seems to be OK, as I can ping network hosts from one LAN to
another using their private IP addresses with no problem at all.
However network browsing through the VPN is not working.
The network diagram for my setup is at
http://www.igloo.cl/~pink/network.jpg if you're willing to take a look
at it.
This is the detailed setup I have:
* I have three networks with a public IP address each, called
'2norte', '4norte' and '6norte', respectively.
* Each of the Linux gateways has five network interfaces: two physical
(eth0 and eth1), for Internet and LAN connections, the loopback
interface (lo) and two virtual interfaces for the VPN link (tun0 and
tun1). They all accept all kind of traffic, both incoming and outgoing,
as there are NO firewall filtering rules on them (yet) except for
masquerading of outgoing connections to the Internet.
* On the tunX interfaces the gateways have 10.0.0.X IP addresses,
which are the VPN links.
* Each of the LANs has a WORKGROUP style Windows network, which has
mixed Win98 and XP clients. All the LANs has configured the same
workgroup name.
* On each LAN there is a wireless access point which only ocasionally
serves to floating clients, mostly XP machines and my OS X iBook.
* On each of them the Linux gateway acts as a DHCP server for its
local segment, and is also configured as a Samba server, with both
'local master = yes' and 'preferred master = yes', and 'os
level = 65'.
* The 6norte gateway is configured as the WINS server ('wins support =
yes'), the other two gateways are pointing at it ('wins server =
192.168.1.1'). Also 6norte is configured as the domain master browser
('domain master = yes'), while the other two has this explicitly set to
'no'. All the DHCP servers has the specified IP address 192.168.1.1 as
their WINS server ('option netbios-name-servers 192.168.1.1;' on
dhcpd.conf)
* Only recently I added the 'remote announce' and 'remote browse
sync'
parameters to each of the gateways samba configuration, with the
respective other two gateways IPs as parameters.
This is an excerpt of my different smb.conf files for each one of the
three gateways:
6norte:
[global]
workgroup = MYWORKGRP
netbios name = 6NORTE-SERV
wins support = yes
interfaces = eth0 lo tun0 tun1
bind interfaces only = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
remote announce = 192.168.0.1 192.168.2.1
remote browse sync = 192.168.0.1 192.168.2.1
name resolve order = wins bcast lmhosts host
4norte:
[global]
workgroup = MYWORKGRP
netbios name = 4NORTE-SERV
wins support = no
wins server = 192.168.1.1
remote announce = 192.168.1.1 192.168.0.1
remote browse sync = 192.168.1.1 192.168.0.1
interfaces = eth1 lo tun0 tun1
bind interfaces only = yes
domain master = no
local master = yes
preferred master = yes
os level = 65
name resolve order = wins bcast lmhosts host
2norte:
[global]
workgroup = CUERNAVACA
netbios name = 2NORTE-SERV
wins support = no
wins server = 192.168.1.1
remote announce = 192.168.1.1 192.168.2.1
remote browse sync = 192.168.1.1 192.168.2.1
interfaces = eth0 lo tun0 tun1
bind interfaces only = yes
domain master = no
local master = yes
preferred master = yes
os level = 65
name resolve order = wins bcast lmhosts host
Sorry for the rather long mail but I wanted to give as much detail as
possible.
Regards,
--
Carlos Oliva G.
Igloo Sistemas Ltda.
carlos.oliva@igloo.cl - http://www.igloo.cl
Tel/Fax: +56 32 684798
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Carlos Oliva G. schrieb:> Hi all, > > I have succesfully joined together three LANs using OpenVPN over Linux > (Debian) gateways at the 'exit' of each one of these LANs. > > The VPN seems to be OK, as I can ping network hosts from one LAN to > another using their private IP addresses with no problem at all. > However network browsing through the VPN is not working. > > The network diagram for my setup is at > http://www.igloo.cl/~pink/network.jpg if you're willing to take a look > at it. > > This is the detailed setup I have: > > * I have three networks with a public IP address each, called > '2norte', '4norte' and '6norte', respectively. > > * Each of the Linux gateways has five network interfaces: two > physical (eth0 and eth1), for Internet and LAN connections, the > loopback interface (lo) and two virtual interfaces for the VPN link > (tun0 and tun1). They all accept all kind of traffic, both incoming > and outgoing, as there are NO firewall filtering rules on them (yet) > except for masquerading of outgoing connections to the Internet. > > * On the tunX interfaces the gateways have 10.0.0.X IP addresses, > which are the VPN links. > > * Each of the LANs has a WORKGROUP style Windows network, which has > mixed Win98 and XP clients. All the LANs has configured the same > workgroup name. > > * On each LAN there is a wireless access point which only ocasionally > serves to floating clients, mostly XP machines and my OS X iBook. > > * On each of them the Linux gateway acts as a DHCP server for its > local segment, and is also configured as a Samba server, with both > 'local master = yes' and 'preferred master = yes', and 'os level = 65'. > > * The 6norte gateway is configured as the WINS server ('wins support > = yes'), the other two gateways are pointing at it ('wins server = > 192.168.1.1'). Also 6norte is configured as the domain master browser > ('domain master = yes'), while the other two has this explicitly set > to 'no'. All the DHCP servers has the specified IP address 192.168.1.1 > as their WINS server ('option netbios-name-servers 192.168.1.1;' on > dhcpd.conf) > > * Only recently I added the 'remote announce' and 'remote browse > sync' parameters to each of the gateways samba configuration, with the > respective other two gateways IPs as parameters. > > This is an excerpt of my different smb.conf files for each one of the > three gateways: > > 6norte: > [global] > workgroup = MYWORKGRP > netbios name = 6NORTE-SERV > wins support = yes > interfaces = eth0 lo tun0 tun1 > bind interfaces only = yes > domain master = yes > local master = yes > preferred master = yes > os level = 65 > remote announce = 192.168.0.1 192.168.2.1 > remote browse sync = 192.168.0.1 192.168.2.1 > name resolve order = wins bcast lmhosts host > > > 4norte: > [global] > workgroup = MYWORKGRP > netbios name = 4NORTE-SERV > wins support = no > wins server = 192.168.1.1 > remote announce = 192.168.1.1 192.168.0.1 > remote browse sync = 192.168.1.1 192.168.0.1 > interfaces = eth1 lo tun0 tun1 > bind interfaces only = yes > domain master = no > local master = yes > preferred master = yes > os level = 65 > name resolve order = wins bcast lmhosts host > > > 2norte: > [global] > workgroup = CUERNAVACA > netbios name = 2NORTE-SERV > wins support = no > wins server = 192.168.1.1 > remote announce = 192.168.1.1 192.168.2.1 > remote browse sync = 192.168.1.1 192.168.2.1 > interfaces = eth0 lo tun0 tun1 > bind interfaces only = yes > domain master = no > local master = yes > preferred master = yes > os level = 65 > name resolve order = wins bcast lmhosts host > > > Sorry for the rather long mail but I wanted to give as much detail as > possible. > > Regards, > > -- > Carlos Oliva G. > Igloo Sistemas Ltda. > carlos.oliva@igloo.cl - http://www.igloo.cl > Tel/Fax: +56 32 684798 >Hi iam not sure what is exact your question? I run samba over openvpn and it runs fine, i strongly recommend to use the tap interface ( man openvpn ) for windows networks, additional having the right entries ( remote sync etc ) and a working dns will help you very much at these setups. My configs are pdc and bdc with ldap , i only had samba act as smb proxy on the openvpn machines. Regards