[pptp-server] Shouldn't I be able to see WIndows servers in N etwork Neighborhood?

[Cowles, Steve]

> -----Original Message-----
> From: Jeff Wiegley, Ph.D. [mailto:jeff at inetb.com]
> Sent: Tuesday, January 08, 2002 6:10 PM
> To: PoPToP list
> Subject: [pptp-server] Shouldn't I be able to see WIndows servers in
> Network Neighborhood?
> 
> 
> I *finally* got PPTP/VPN working.  Some suggestions...
> 
>   1) The kernel people need to add the MPPE stuff into at least
>      the 2.5 kernels. I would also suggest incorporating the
>      FreeSwan items as well. Having a kernel that does not
>      provide for VPN services at this point in time only
>      prevents linux from being accepted in enterprise environments.
>      This is of particular concern because this is the exact market
>      that linux should be dominating.

I believe the encryption part of MPPE is the sticky point in terms of
licensing.

> 
>   2) PPP maintainers should include the openssl and MPPE 
> support items.

See above...

>      
>   3) PoPToP documentation needs to focus more on troubleshooting
>      procedures and general configuration. All of this per 
>      distribution hints/tricks/traps/howtos and FAQs makes this
>      project look incredibly disorganized and unfocused.
>      Though I will say that a lot of this is due to the lack of 1) and
>      2).
> 

Agreed!!!

>      Assuming 1) and 2) existed the documentation would only have to
>      be limited to discussing /etc/pptp.conf and /etc/ppp/options.pptp.
> 
>      A very helpful documentation toppic would be examples of various
>      network topologies, how VPN connections relate to the topologies
>      and what the VPN offers (or what you can expect from a VPN
>      connection) that the topologies cannot provide without the VPN.
> 
> It took me all week to get PoPToP to a point where a Windows Me VPN
> dial-up connection could connect to the server and get established.
> 
> Now I'm stuck. I guess I figured the VPN connection would provide
> me some functionality that it doesn't seem to.
> 
> I have an office of 10 windows workstations, 1 WindowsNT server
> (for file sharing) and 1 linux server with two NICs for providing
> NATted internet connections to all the windows machines through a DSL
> line. (The internet side IP for the linux box is static.) For
> illustration lets say that all of these machines are on the
> SOMEWORKGROUP as far as Microsoft Clients are concerned.
> 
> I would think this to be an incredibly ubiquitous topology.
> 
> The whole reason I embarked on this project is that I have machines
> at external locations that need access to files on the WindowsNT
> box back at the main office. These remote computers are in other
> offices, on other physical networks and already belong to some
> OTHERWORKGROUP.

Fairly typical starting point. Although is the NT Server configured as a
Domain Controller? -or- are have you configured MS Networking as
peer-to-peer with a common WORKGROUP name?

> 
> I assumed that by establishing PoPToP VPN connection from one of
> these remote servers to the main office linux box I would be able
> to accomplish this.
> 
> However it doesn't work and I was hoping somebody has some insight
> as to why.
> 
> After Connecting the VPN I only see OTHERWORKGROUPS under network
> neighborhood and I do not see SOMEWORKGROUP at all. The PPTP
> connection specifies a ms-wins server but as far as can tell no
> WINS resolution is happening because I can't even manually type
> into network neighborhood an machinename such as
> \\goofy which is the name of the windows NT machine.

1) Do you have a WINS server running on your NT server?

2) Have you configured the 10 client workstations on your LAN to register
their netbios name/workgroup affiliation with that WINS server.

> 
> further more, I can't even type in the direct ip to network
> neightborhood.  \\192.168.0.2 doesn't show goofy's shares either.

Exactly what error are you getting? Is it network related or permissions
related?

If your PPTP tunnel is working properly along with your firewall rules, you
should at least be able to view shares using the IP address regardless of
WINS.

> 
> but the VPN is connected and working. ping 192.168.0.2 works fine.
> The linux box is a firewall but forwarding is on and all packets
> between machines on the 192.168.0.6 network are allowed. 

192.168.0.6 network???? I hope the remote office has a different network
address than the local office. i.e.

local office = 192.168.0.0/24
remote office = 192.168.1.0/24


> The firewall also logs all dropped packets but nothing is logged
> from the time I connect and test my setups.
> 
> I mean if this doesn't work then I'd consider Microsoft VPN
> connections to be a useless waste of time.

MS VPN tunnels work fine. Your problem seems related to improperly
configuring Microsoft networking to span separate networks across a router.
i.e. WINS

> 
> Does anybody have any ideas about this? Am I off base about this
> whole topic and VPNs are used for some other, completely different,
> task?

Your going through the standard learning curve with reagrds to MS
Networking. Up until now, your MS Networking has built the Master Browser
list (Network Neighborhood) by using broadcast packets (default). But now
you have introduced a new requirement into the picture by adding VPN
tunnels. Because a tunnel is "routed", the netbios broadcast packets from
your PPTP client are not seen on your local network. Thus the reason
Microsoft developed WINS. But the precursor is -- all systems on your local
network MUST now be configured to register with a WINS server. Even your NT
server.

Steve Cowles