[pptp-server] another browsing problem

Jean-Serge Gagnon jsg at newlix.com
Mon Mar 12 09:43:53 CST 2001


We've researched a lot of this stuff and if I'm not mistaking, the problem
is that Windows browsing will only work in this scenario with a WINS server.
NetBIOS browsing works with broadcast on the local LAN, so the 10.100.100.x
machines broadcast their existence to each other, but the 192.168.1.x
machines can't receive those broadcasts because of the firewall. An other
problem is that machines on the remote end of a ppp connection can not
broadcast between each other so your NetBIOS broadcast looks like this
(resize to view):

                                                 -----
                                                | PC |
                                         -bcast-|  1 |
 ------         ------         ------  /   ok    ----
|vpn   |- no - |vpn   | - no -| fw   |/
|client| bcast |server| bcast |      |\          ----
 ------         ------         ------  \  bcast | PC |
                                        -- ok --| 2  |
                                                 ----

So, PC1, PC2 and fw can all see each other (if fw has NetBIOS), but they
can't see vpn server or vpn client and vise-versa. There are two ways to
solve this:

1- Add a WINS server to the network (can be on vpn server, fw, one of the
PCs or a new machine) and set up all clients to point to the wins server.
Entire network browsing will only work for all machines if they use the same
workgroup, otherwise, you need to use the machine's name directly (\\pc1)

2- Find a way of forwarding broadcast packets across all subnets. We have
not found any public domains tools for this.

Hope this helps a bit...

Jean-Serge Gagnon - Applications Director
Newlix Corporation - jsg at newlix.com
http://www.newlix.com
(613) 225-0516 fax: (613) 225-5625



> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Martin Tettke
> Sent: Monday, March 12, 2001 4:03 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] another browsing problem
>
>
> Hi !
>
> I've got the following setup:
>
> Firewall => VPN-Server => Firewall => internal net
>
> my problem is, that all computers that has to be accessed through the VPN
> have to be natted through the firewall in another subnet:
>
> example:
> VPN-IPs:	192.168.1.50-100/24
> internal-Net:	10.100.100.0/24
> so all internal stations, that should be accessed, are NATted
> from the internal
> net to the VPN-net, a.e.
> 10.100.100.10 => 192.168.1.110
>
> The can only be accessed from a VPN-user using those IPs.
> ping and access using IPs is working, all required ports for
> browsing are allowed,
> nothing needed is blocked through the FW.
>
> But how can I setup windows-browsing ? I can't see any shares
> when I'm connected.
> I'm not really wondering why, cause all windows stations are on
> the 10.100 subnet.
> What can I do to allow browsing ? Setup a samba-server on the
> VPN-server ? But how
> can I map the IPs ?
> Till now I really had'nt anything to do with samba ...
>
> Can anyone help me or does anyone at least understand my problem ?
>
> Excuse my bad english ...
>
> Martin
> --
> software is like sex
> it's better when it's free
>                 --linus torvalds
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>




More information about the pptp-server mailing list