[pptp-server] Shouldn't I be able to see WIndows servers inNetwork Neighborhood?
Jerry Vonau
jvonau at home.com
Tue Jan 8 18:41:53 CST 2002
Jeff:
>> But even if netbios is all screwed up and regardless of whether the
>> WINS servers are responding I still I thought I should be able to
>> just type in \\192.168.0.2 into the network neighborhood address
>> and get to the machine without having to rely on WINS resolution.
>>
>That only works if the client is WinNT or later, and there is a trust
>relationship between the two domains. I think your main problem is the two
>domains which do not have a trust relationship between them......
This works with my 95 machine.......
Sounds like your firewall has some rules to drop SMB traffic
before the rules
to allow the traffic to/from ppp/lan are read. Check the
order of the rules in
the forward chain with iptables -L
Jerry Vonau
"Jeff Wiegley, Ph.D." wrote:
>
> I don't think this is it.
>
> I didn't copy the rules from the masq howto. I use SNAT instead of
> MASQUERADE anyways since the IP is static. (according to the Netfilter
> howto this is the correct method.)
>
> The line from my script for this is:
>
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $EXTERNALIP
>
> Yes. I can ping all the machines in the office from the remote machine
> ping 192.168.0.2 works as well (the IP of the "goofy" file server)
>
> I don't think I'm dropping any packets at all in anyway regarding
> this. At any point where I have a --jump DROP on my filter rules
> I have preceeded it with a --jump LOG target. I should be seeing
> any and all packets that are dropped regardless of their destination
> or source or other filter criteria.
>
> The only thoughts I have going are:
>
> The remote machine has an ethernet local area network that it is on
> and this network has had a WINS server assigned by DHCP; this WINS
> server is also on the same physical ethernet network as the remote
> VPN client. The VPN service also has assigned a different WINS
> server to the client. Does the client just do the stupid thing
> and only query the first assigned, local WINS server?
>
> I can't tell if its querying goofy for netbios name resolution or
> not. I can't even tell if goofy is properly acting as a WINS server
> either so I don't know if goofy's list is correct and available.
>
> Microsoft really needs to chuck netbios. Its a horrible, horrible
> system mapping computers.
>
> But even if netbios is all screwed up and regardless of whether the
> WINS servers are responding I still I thought I should be able to
> just type in \\192.168.0.2 into the network neighborhood address
> and get to the machine without having to rely on WINS resolution.
>
> - Jeff
>
> On Tue, 2002-01-08 at 16:36, ACEAlex wrote:
> > Hi, i think i know what your problem is. You linux "gw computer" had a nat
> > masqrade setup? Am I right? Whats the firewall rules of that. If you are
> > using iptables and have copied the script from the masq howto all trafic
> > from the ppp0 device that you are using are droped. You need to specify some
> > rules for that.
> >
> > Here is my solotion that i added to the firewall script
> > <snip>
> > IPTABLES=/usr/local/sbin/iptables
> > EXTIF=eth1
> > INTIF=eth0
> > PPPIF=ppp0
> > $IPTABLES -A FORWARD -i $EXTIF -o $PPPIF -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $PPPIF -o $EXTIF -j ACCEPT
> >
> > $IPTABLES -A FORWARD -i $INTIF -o $PPPIF -m state --state
> > ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $PPPIF -o $INTIF -j ACCEPT
> > </snip>
> >
> > I dont know if this is the best way of doing it. But it is worth a try. I
> > dont even know if it solves your problem. By the way. Can you ping the
> > computer.
> >
> > I think you are right about the kernel and ppp merge thing. Wounder what
> > linus tovard thinks of that?
> >
> > /Alexander
> >
> > ----- Original Message -----
> > From: "Jeff Wiegley, Ph.D." <jeff at inetb.com>
> > To: "PoPToP list" <pptp-server at lists.schulte.org>
> > Sent: Wednesday, January 09, 2002 1:09 AM
> > Subject: [pptp-server] Shouldn't I be able to see WIndows servers in Network
> > Neighborhood?
> >
> >
> > > I *finally* got PPTP/VPN working. Some suggestions...
> > >
> > > 1) The kernel people need to add the MPPE stuff into at least
> > > the 2.5 kernels. I would also suggest incorporating the
> > > FreeSwan items as well. Having a kernel that does not
> > > provide for VPN services at this point in time only
> > > prevents linux from being accepted in enterprise environments.
> > > This is of particular concern because this is the exact market
> > > that linux should be dominating.
> > >
> > > 2) PPP maintainers should include the openssl and MPPE support items.
> > >
> > > 3) PoPToP documentation needs to focus more on troubleshooting
> > > procedures and general configuration. All of this per distribution
> > > hints/tricks/traps/howtos and FAQs makes this project look
> > > incredibly disorganized and unfocused.
> > >
> > > Though I will say that a lot of this is due to the lack of 1) and
> > > 2).
> > >
> > > Assuming 1) and 2) existed the documentation would only have to
> > > be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
> > >
> > > A very helpful documentation toppic would be examples of various
> > > network topologies, how VPN connections relate to the topologies
> > > and what the VPN offers (or what you can expect from a VPN
> > > connection) that the topologies cannot provide without the VPN.
> > >
> > > It took me all week to get PoPToP to a point where a Windows Me VPN
> > > dial-up connection could connect to the server and get established.
> > >
> > > Now I'm stuck. I guess I figured the VPN connection would provide
> > > me some functionality that it doesn't seem to.
> > >
> > > I have an office of 10 windows workstations, 1 WindowsNT server
> > > (for file sharing) and 1 linux server with two NICs for providing
> > > NATted internet connections to all the windows machines through a DSL
> > > line. (The internet side IP for the linux box is static.) For
> > > illustration lets say that all of these machines are on the
> > > SOMEWORKGROUP as far as Microsoft Clients are concerned.
> > >
> > > I would think this to be an incredibly ubiquitous topology.
> > >
> > > The whole reason I embarked on this project is that I have machines
> > > at external locations that need access to files on the WindowsNT
> > > box back at the main office. These remote computers are in other
> > > offices, on other physical networks and already belong to some
> > > OTHERWORKGROUP.
> > >
> > > I assumed that by establishing PoPToP VPN connection from one of
> > > these remote servers to the main office linux box I would be able
> > > to accomplish this.
> > >
> > > However it doesn't work and I was hoping somebody has some insight
> > > as to why.
> > >
> > > After Connecting the VPN I only see OTHERWORKGROUPS under network
> > > neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> > > connection specifies a ms-wins server but as far as can tell no
> > > WINS resolution is happening because I can't even manually type
> > > into network neighborhood an machinename such as
> > > \\goofy which is the name of the windows NT machine.
> > >
> > > further more, I can't even type in the direct ip to network
> > > neightborhood. \\192.168.0.2 doesn't show goofy's shares either.
> > >
> > > but the VPN is connected and working. ping 192.168.0.2 works fine.
> > > The linux box is a firewall but forwarding is on and all packets
> > > between machines on the 192.168.0.6 network are allowed. The
> > > firewall also logs all dropped packets but nothing is logged from
> > > the time I connect and test my setups.
> > >
> > > I mean if this doesn't work then I'd consider Microsoft VPN
> > > connections to be a useless waste of time.
> > >
> > > Does anybody have any ideas about this? Am I off base about this
> > > whole topic and VPNs are used for some other, completely different,
> > > task?
> > >
> > > For the purposes of helping to debug this all heres some
> > > configuration information:
> > >
> > > /etc/pptp.copnf
> > > -------------------------------------
> > > option /etc/ppp/options.pptp
> > > debug
> > > localip 192.168.0.1
> > > remoteip 192.168.0.3-9
> > >
> > > /etc/ppp/options.pptp
> > > -------------------------------------
> > > lock
> > > debug
> > > dump
> > > proxyarp
> > > +chap
> > > +chapms
> > > +chapms-v2
> > > mppe-40
> > > mppe-128
> > > mppe-stateless
> > > # Uncomment to use
> > > ms-wins 192.168.10.2
> > >
> > > The VPN connection item properties are as follows:
> > >
> > > General Tab:
> > > VPN Server
> > > Host name or IP address: <static DSL IP of linux server>
> > > Connect using
> > > "Microsoft VPN Adapter" is the only option available.
> > > Networking Tab:
> > > Type of Dial-up Server:
> > > PPP: Internet, Windows 2000/NT, Windows ME
> > > Advanced Option
> > > Enable Software compression is checked
> > > Record a log file for this connection is NOT checked
> > > Allowed Network Protocols
> > > NetBEUI is NOT checked
> > > IPX/SPX compatible is NOT checked
> > > TCP/IP is checked
> > > Anvanced TCP/IP settings:
> > > Sever assigned IP address is selected
> > > Server assigned name server address is selected
> > > use IP header compression is checked
> > > use default gateway on remote network is checked
> > > Security Tab:
> > > Authentication:
> > > Username: <general username>
> > > password: *******
> > > domain: SOMEWORKGROUP
> > > connect automatically is not checked
> > > Advanced Security Options:
> > > log on to network is checked
> > > Require encrypted password is checked
> > > Require data encryption is checked
> > > Dialing Tab:
> > > This is the default Internet connection is not checked
> > > Redial settings:
> > > Try to connect to 10 times
> > > wait 5 seconds between attempts
> > > Disconnect when connection may not be needed is checked
> > >
> > > Anybody have some hints?
> > >
> > > - Jeff
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist - pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > --- To unsubscribe, go to the url just above this line. --
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
More information about the pptp-server
mailing list