[pptp-server] Browsing Woes

Andrew Kohlsmith akohlsmith at benshaw.com
Mon Jan 21 10:23:44 CST 2002 

The Problem:
VPN clients cannot see browse lists, but I can call up a computer with 
\\computername or \\ip.ip.ip.ip.

The Configuration:
The Firewall/VPN server:
- kernel 2.4.17
- samba 2.2.20
- ppp 2.4.1 with MSCHAPv2 and openssl-0.9.6-mppe patches
- pptpd 1.0.1
many network cards and modems:
eth0 - LAN
eth1 - DMZ
eth2 - WAN
eth3 - wireless
pppx+ - either dialup or VPN, depending on order

relevant bits of samba config:
======================================================
[global]
   workgroup = MYDOMAIN
   server string = gateway 

   interfaces = 192.168.1.0/24 192.168.3.0/24 
   hosts allow = 192.168.1. 127. 192.168.3.
   socket options = TCP_NODELAY
   getwd cache = Yes

   wins support = yes
   wins proxy = yes 

   security = domain
   password server = server1
   guest account = samba

   os level = 60
   local master = yes 
   domain master = no 
   preferred master = yes 
   domain logons = no 

   name resolve order = lmhosts wins bcast host
   dns proxy = no 
   locking = yes

  guest account = nobody 
  encrypt passwords = yes
======================================================

pptpd.conf:
======================================================
speed 115200
localip 192.168.1.234-238
remoteip 192.168.1.240-244
option /etc/ppp/options.pptp
======================================================

options.pptp:
======================================================
auth
asyncmap 0
nodetach
name vpn-ppp
ms-dns 192.168.1.1
ms-wins 192.168.1.1
proxyarp
require-chapms-v2
#chapms-strip-domain
refuse-chapms
refuse-chap
mppe-128
mppe-stateless
mtu 1000
mru 1000
======================================================

All LAN workstations use WINS, including PDC and BDC (both winnt4).  The main 
fileserver (bigmama) runs Samba 2.2.20 and works fine with LAN and VPN 
clients (barring this browse problem).

VPN users (from either wireless or modem, but I haven't begun testing modem 
yet) can log in to the domain just fine.  I'm doing my testing on a Win2k VPN 
client right now (the only one I have available at this time).  They can 
reach a SMB-sharing computer by name or by IP, but browsing gives timeouts 
("MYDOMAIN is not accessible. / The network path was not found") -- when 
browsing in a single window, the error comes up once each time I try to get 
into MYDOMAIN; when browsing in tree view the error comes up three times in a 
row for every computer/share/file you try to access (something to do with 
reading the tree).

These computers (dialup and wireless) are primarily used by sales staff and 
otherwise non-techies and I loathe mapping drives, but that *does* work.

I know those os level lines and such don't need to be there; I've been 
experimenting without much luck.  I'm 99.9% sure that nothing is being 
blocked by the firewall because I can get the data back and forth, and 
tcpdump'ing the pppx interface that the VPN is using seems to indicate that 
the traffic is flowing.  I can provide dumps if desired.

Can anyone see what I'm doing wrong?  This is *almost* working 100%.  It's 
that last little bit that's giving me trouble.  What's that they say about 
80% taking 20% of the time, and the last 20% taking 80% of the time?  :-)

Regards,
Andrew

More information about the pptp-server mailing list