Topic: VPN / Network Config Question...

[sgt-spam]

Hopefully an easy one...  

I've got two SME 6.0.1-01 boxes connected over the net with an IPSEC tunnel using FreeS/WAN.  Used several posts here - up and running in no time.

I was concerned about my remote PPTP users, but HAD to have the tunnel up...

To get both subnets seeing each other, I configured the IPSEC tunnel client with the address of our WINS server at the main campus.  I also configured the Advanced Workgroup panel on each box with the WINS server at our main campus.

The tunnel works great, but my remote PPTP clients, after connecting, are unable to resolve all network hosts.  Any address is pingable (both sides of the IPSEC tunnel), but only hosts manually added to the Hostnames panel will resolve, and only using the internal FQDN at that.

Before the IPSEC tunnel was in place, PPTP clients were able to resolve WINS and DNS hosts on the LAN using hostnames - no extra settings in the client VPN config.

After adding the IPSEC tunnel I'm forced to manually add a WINS server to the client VPN configuration.  Once that address is in place, the client can resolve WINS hosts on both sides of the IPSEC tunnel.

My question is this: Is there a setting I've missed that is stopping my remote PPTP users from receiving the WINS server address when they connect?


Thanks!

[ztasevski]

Hi,

Is your SME server the master DNS/WINS server for your network ?

Zoran

[sgt-spam]

Hi, thanks, and no - we have an NT 4 domain in place.

[ztasevski]

hi,

i've seen similar issue to the one you described and the way i overcame that one was to point the sme server (admin console) to use the windows dns server instead of resolving dns queries itself (by default) !

[mbachmann]

By setting the WINS resolution in Advanced Workgroup panel to your WINS server IP, ztasevski? Or how did you do it?

[sgt-spam]

When I came in this morning, I had NO name resolution to the other side of the tunnel.

After double checking all the Adv. Workgroup settings, I started searching here.

Came across this - changed the initial command to 'getprop' and saw there were no WINS addresses listed even though Adv. Workgroup had the right address listed.

I ran ipconfig /all on my machine and found I didn't have a WINS address either.

After running the above command with setprop and including the local WINS server, then doing a release / renew, I am able to resolve the hosts on the other side of the tunnel.

Regarding DNS, our SME is our gateway and doing DHCP / DNS - our PDC / BDC is only doing WINS.

Guess we'll see how things progress through the day...

Thanks for the advice!

[ztasevski]

By setting the WINS resolution in Advanced Workgroup panel to your WINS server IP, ztasevski? Or how did you do it?

hi mbachmann,

i'm still waiting for your complete sme update sites    only kidding  

i think that way it would also work start-settings-network connections-vpn connection-networking-tcp/ip-properties-advanced-wins. have you tried it before ?

z

Came across this - changed the initial command to 'getprop' and saw there were no WINS addresses listed even though Adv. Workgroup had the right address listed

hi sgt-spam,

i used a howto to resolve the wins issue on an old sme 5 not on a sme 6 (approx. 2 years ago) server...by looking at the link it looks like the one. Let us know how you go !

z[/quote]