Hi Henno,
Henno Täht wrote:
Hi
2010/6/22 Jan Just Keijser <janj...@nikhef.nl <mailto:janj...@nikhef.nl>>
Henno Täht wrote:
The only thing I can think of is that Windows XP explicitly
forbids access to port 445 as a countersecurity measure unless
it's coming from an "official" network card.
That crossed my mind also.
It seems like OpenVPN is working as it should, it's just that
Windows XP (and Vista/7?) does not regard the tap-win32 adapter as
an official network card and hence does not allow access.
I think it has something to do with the way OpenVPN configures the TAP
adapter while first connecting after boot. Because when I uncheck and
recheck OpenVPN adapter's "File and Printer Sharing service", port 445
starts operating normally also on this adapter. But unfortunately that
fortune only lasts until next computer restart.
Your best bet is to continue using netbios-over-tcpip for the time
being (I always disable port 445 anyways) until a Windows kernel
guru can tell us just what the heck is happening here (where would
this be logged? my XP firewall is turned off
I cannot do that because my W2003 servers stubbornly refuse to use
netbios-over-tcpip. I have triple checked that Enable NetBIOS over
TCP/IP is checked and even restarted the servers but they still only
try to connect to port 445. :(
I think I got it:
- change the media status on the tap-win32 adapter from 'Application
Controller' to 'Always Connected'
- add the lines
dhcp-pre-release
dhcp-renew
dhcp-release
to the openvpn client config file.
- Restart windows, connect to the VPN and try the share.
This worked for my WinXP SP3 installation.
The downside is that the system takes a bit longer to come up, as
windows tries to get a DHCP lease for the tap-win32 adapter and finally
assigns a 169.254 address. If this works for you as well then maybe the
tap-win32 developers can dive deeper into this and find out why windows
treats the 'always connected' adapter differently from an 'application
controlled' adapter .
And now that I think of it: this *might* also affect the windows
2003/2008 server problem that some people have reported here...
HTH,
JJK
