I have network neighborhood browsing working across subnets, through a VPN tunnel. It required two SAMBA pdcs, one on each subnet. Cross subnet browsing, as has been stated before, requires a pdc on each subnet with wins support turned on, and remote browse sync set up. Once I had two SAMBA servers, it was relatively painless.
begin quoting S Mohan : > Windows network neighbourhood browsing is based on Netbios. It works > fine on a homogenous Windows LAN and Samba. I could not get it working > across LANs bridged using TCP/IP. I once (in 1999) had a TCP/IP RAS box > for inbound dial up connectivity to a LAN. Browsing did not work. > However, using the dial in facility to a modem on the NT server running > NT RAS services gave this facility. No change on client or server side. > > I doubt if you can achieve what you want over IPSEC links. Will stand > corrected if any one else had been able to get it working. > > Mohan > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Charles > Steinkuehler > Sent: Saturday, June 21, 2003 10:13 AM > To: Jaime Nebrera Herrera > Cc: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Windows VPN newbie > > > Jaime Nebrera Herrera wrote: > > Hi all, > > > > I want to stablish a net to net VPN using Bering as a gateway. On > > both ends > > will have windows machines :( > > > > They want to see both nets as a whole, with all computers (remember > > windows) > > showing in the explorer, so they can access a shared hard disk from > both > > sites. > > > > I want to do this the easiest and cheapest way. Options considering: > > > > 1) If possible use only one "PC" on each end. I dont know if they > > have a WNT > > or W200 server that could act as a WINS server, but adding a linux (or > a > > couple of) just for WINS is not desirable unless there is no other way > > > (higher price and complexity). > > > > 2) How bad isfor security adding WINS (samba) in the gateway? > > > > 3) Even better, is really necesary to have a WINS service? I know > > that for > > IP services (http, ftp) there is no need for it, but the user just > want to > > see the whole as if there was no "separation in the middle :)" > > A WINS server gets you name resolution, but it does *NOT* provide > cross-subnet browsing (the "official" term for what you describe you're > wanting), although it's typically a required piece of most cross-subnet > browsing setups. > > > 4) What option is better, PPTP or FreeSWAN? Remember, both in the > > gateway/firewall. Do I need WINS if I use PPTP? > > FreeS/WAN is better (from a security standpoint). Using PPTP may work > easier for browsing, but I've never tried to set this up, so I'm not > sure what features/limitations PPTP provides (other than a pretty much > guaranteed lack of security from anyone actually interested in reading > your data...PPTP will secure you from the idly curious, but not anyone > actually wanting to break into your VPN). > > > I know this are very basic questions, is there any good online > > documentation > > about this topics? > > > > Very thankful in advance. Regards. > > I'm not a windows networking guru, but have been through enough of > trying to link remote windows networks to help out with a few issues. > > First of all, I suggest trying to setup a subnet-subnet IPSec VPN link > between your two firewalls. This reduces the problem to getting windows > > boxes to talk to each other across a router. There are two aspects of > the windows portion of the problem: > > 1) Sharing network resources across subnets > > 2) Browsing network resources across subnets > > Note that these are *VERY* differnet problems. Browsing on MS networks > typically works by using broadcast traffic, which won't pass through > your router/firewall/VPN appliance. Drive mapping, however, can be done > > directly using IP addresses, DNS names (if you have entries for the > system(s) in a zone file or in your hosts file), WINS name, etc. > > If you can get by with manually mapping drives instead of browsing (ie > manually typing in an IP or computer name rather than clicking the > proper computer from a tree view with the mouse), what you want is very > simple...just get the VPN link running, and type \\192.168.1.44 (or > whatever the appropriate far-end IP is) when you're trying to map a > network drive or printer. > > If, however, you want to "browse" to the remote resouce, you have a much > > bigger problem. The official microsoft way to do this is to run 2K > server (probably .net server by now) on *EACH* subnet. You eliminate > the server install on one side of the network if you have all systems > log into the same domain controller (requires a WINS server for name > resolution, and proper configuration of the remote systems so they know > how to find the WINS server on the far subnet...this can be setup via > dhcp, so it's really not too bad). The Microsoft site has a lot more > info on what's required to implement this in the "approved" way...a > search for "cross subnet browsing" should turn up lots of info. > > Samba servers can help mitigate a lot of the problems incurred due to > the artificial limitations of Microsoft's software (you'd think they > want to sell tons of copies of their server software or something), but > I wouldn't suggest running Samba on your firewalls, and it doesn't sound > > like you have extra boxes lying around to turn into server systems. > > All of the above reflects what I've picked up trying to get my windows > box to gracefully talk to the home office network across a subnet-subnet > > VPN, but does not necessarily represent the best, or necessarily even > appropriate way to do this in the microsoft world...I'm a linux > networking guy, and know just enough microsoft networking to keep my > 2KPro desktop linked to the internet and the home office. > > -- > Charles Steinkuehler > [EMAIL PROTECTED] > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: INetU > Attention Web Developers & Consultants: Become An INetU Hosting Partner. > Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! > INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: INetU > Attention Web Developers & Consultants: Become An INetU Hosting Partner. > Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! > INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Neil Schneider pacneil_at_linuxgeek_dot_net http://www.paccomp.com Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D Never look a gift horse in the mouth. -- Saint Jerome ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
