Topic: IPSEC VPN + SAMBA + Network Neighborhood

[paulmancan2]

Hello again.

jprice's (thanks!) advanced workgroup panel helped me deal with the problem I last posted where I could not ping hosts by hostnames on the opposite side of the VPN. This is now fine.

However I want to be able to see the hosts on the respective "other sides" in Network Neighborhood, but no matter what I do, I can't seem to get this to happen! I can only see the hosts on the current side I am looking at.

Any help with troubleshooting this would be greatly appreciated!

Thanks!

[smeghead]

.. just thinking out loud here - I assume you have pointed your SME server to the other SME server for WINS using 'jp's' contrib.

Go to the tcp/ip network setup in your w/s and nominate both SME servers as WINS servers & see if this helps.

Or course I might just be dribbling here ...

[paulmancan2]

Thanks smeghead.

The ipsec "server" is set as the WINS server. The ipsec "client" is set to use the "server" as the WINS server.

192.168.1.1 is the ipsec "server" with WINS enabled
192.168.4.1 is the ipsec "client" set to use 192.168.1.1 for WINS

I did try adding both 4.1 1.1 to a ws's WINS setting to no avail but anyway why would I be doing this if 4.1 isn't a WINS server anyway and is using 1.1?

[smeghead]

doh! - I did warn you about the dribble

Now I have screwed my head back on the right wat around ...

Look at the bottom of jp's Advanced workgroup panel and check out the advanced options for network browsing (the docs are actually my small contribution).  Be sure to read the docs properly so you know which combination of options will be best to try.

HTH

[paulmancan2]

Ugghh I have tried every combination I can come up with!

[paulmancan2]

Well apparantly I missed one. On the "client" side I enabled the browser settings and set them all to NO. I also regedited the workstations to stop them from becoming master browsers.

I don't really understand why this works, my (poor) understanding was that the browse list would sycn between both sides but I guess not.

I would be happy to hear any explanations of whats really going on behind the scenes.

[paulmancan2]

Uggggghhh stuck again!

I need to keep the browser list synchronized (stupid application requirs this type of networking,) it seemed to work for awhile then just stop.

Any help would be greatly appreciated thanks!

I have have two VPN remote sites with configured as:
Domain Master = NO
Preferred Master = NO
Local Master = Yes
OS Level = 65

The main site is configured as:
Domain Master = YES
Preferred Master = YES
Local Master = Yes
OS Level = 65

With this configuration the local masters have only the names for that subnet and same thing with the Domain Master. At some point they were synchronized but they are no longer. I see log references to sync request but they all say (0 records)

I tried adding remote sync = IP ADDRESS OF DOMAIN MASTER on the local masters to no avail.

[ryan]

I use IPCop to connect sites via IPSEC.

All systems can see all other systems at all sites.  No WINS is in use, only AD2003 DNS.  This likely means the remote systems viewable in Network Neighborhood are part of AD replication.  

When I connect by pptp vpn (to SME) from home, Network Neighborhood does not show remote systems.  

Sorry if this post does not belong here, but if you have  several PCs and some time, you can give IPCop a try for LAN to LAN VPNs.  

ryan

[paulmancan2]

Hi Ryan, thanks. Your scenario works probably because you are using AD where I am not.

I am indeed using WINS but as far as I know this does not do anything for browsing Network Neighborhood.

Unfortunately I am relying on the antiquated broadcast/browse_master/browse list methods and it is simply not working

[MSmith]

How about adding entries to your HOSTS files?  Cumbersome, to be sure, but it should help.

[ryan]

paulman,

Back in the days of NT and proxy server 2.0, I had PPTP vpn tunnels between sites.  Using WINS replication between sites/BDCs, all systems could view all other systems in network places.  Try setting up microsoft WINS servers at every site that replicate with all other WINS servers....OR....use a single WINS server at a 'central' or 'primary' site.  

Note:  SME can be your single WINS server.  Using a single WINS server will increase network traffic of course. I don't believe you can replicate WINS when using samba....but samba servers can be configured to query a different WINS server (like a proxy).

ryan