Actually - as I stated - I have cross subnet browsing working (and thus
wins). And I do have a samba box on both ends. The behaviour I noted
happens irregularly: sometimes I can open a share on the other subnet, but
mostly I cannot not.
I'll still have a look at your suggestions though, it might help.
Regards,
Bolke
> I suspect your problem is, netbios *broadcasts* simply don't traverse
an
> IPSec tunnel... OpenVPN is likely a different story, but I never had
> any luck with this unless I set up a Samba box on both ends that
> maintained browse lists on both sides.
>
> There are plenty of fairly detailed explanations on this, some of which
> have my name attached, if you try Google-ing this list and FreeS/WAN.
>
> http://www2.frell.ambush.de/archives/freeswan-users/0721.html
>
> http://msgs.securepoint.com/cgi-bin/get/linux-ipsec-0111/477.html
>
> IIRC, the issue revolved around part of the browse process utilizing
> broadcasts (which aren't routable and won't traverse the VPN).
Using
> WINS and browse list syncronization allowed the clients to browse with
> IP information rather than just Netbios names. The key was getting
IP's
> involved...
>
> So, the browse list tells you that remote subnet includes machines x,y,
> and z. But if you try to browse those machines directly, the system
> doesn't have an IP and resorts to 'who has x?' broadcasts which
aren't
> routable. Hence no response. With WINS, the client does a lookup for
> x,y, or z and queries it by IP. And gets a response.
>
> Brock
>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sun, 20 Feb 2005 15:49:14 +0100 (CET)
>> From: bdbruin@aub.nl
>> Subject: [Samba] Netbios over ipsec (slightly ot)
>> To: samba@lists.samba.org
>> Message-ID:
<50834.145.99.214.138.1108910954.squirrel@mail.aub.nl>
>> Content-Type: text/plain;charset=iso-8859-1
>>
>> Hi,
>>
>> This issue might be a slightly offtopic, but someone might have
>> experience
>> with it. Thanks for reading this post anyway.
>>
>> I have the following setup:
>>
>> Network 10.227.7.X is connected over a wlan (172.1.1.1 <->
172.1.1.2) to
>> network 128.1.1.X.
>>
>> This setup works, I have cross-subnet browsing going and I am able to
>> login. When I enable IPSEC (raccoon (linux <-> freebsd)) I am
still able
>> to login and to browse the network, but I am unable to access any of
>> the
>> shares on the other subnet (this *does* work without ipsec).
>>
>> I used tcpdump to see if any packages are arriving on both ends and the
>> server (samba 3.0.10) does seem the receive the packages and answers
>> these packages as well, but the when having ipsec enabled the
connection
>> behave differently than without ipsec as the client seems to ask
>> multiple
>> times for something.
>>
>> I tried changing the MTU, but this does not seem the help.
>>
>> Maybe I am forgetting something as this setup is slightly complicated
as
>> it considers 4 firewalls (don't ask me why please ;-)), but the
>> firewalls
>> do not seem to be the problem as logins do work over ipsec.
>>
>> Regards,
>>
>> B. de Bruin
>
>