RE: [leaf-user] Windows VPN newbie
Esoteric Windows browsing stuff GACK. Windows Network Neighborhood uses Microsoft's NetBuei in a broadcast mode. It uses 'Browse Masters' on each subnet etc. This stuff doesn't travel across a router at all without a lot of specific help from the router (Cisco routers can do this, but it consumes bandwidth - don't think LEAF can). You will need a WINS srver on at least one end and all the workstations on both ends will have to point to this. I believe you can imitate a WINS server with SAMBA, but I don't use SAMBA. As an alternative, if you have an LMHOST file configured on EACH PC's name and ip address on the network, then Network Neighborhood should work across the VPN with no additional network services (SAMBA WINS). -sp -Original Message- From: Neil Schneider [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Windows VPN newbie Importance: Low I have network neighborhood browsing working across subnets, through a VPN tunnel. It required two SAMBA pdcs, one on each subnet. Cross subnet browsing, as has been stated before, requires a pdc on each subnet with wins support turned on, and remote browse sync set up. Once I had two SAMBA servers, it was relatively painless. begin quoting S Mohan : Windows network neighbourhood browsing is based on Netbios. It works fine on a homogenous Windows LAN and Samba. I could not get it working across LANs bridged using TCP/IP. I once (in 1999) had a TCP/IP RAS box for inbound dial up connectivity to a LAN. Browsing did not work. However, using the dial in facility to a modem on the NT server running NT RAS services gave this facility. No change on client or server side. I doubt if you can achieve what you want over IPSEC links. Will stand corrected if any one else had been able to get it working. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Steinkuehler Sent: Saturday, June 21, 2003 10:13 AM To: Jaime Nebrera Herrera Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Windows VPN newbie Jaime Nebrera Herrera wrote: Hi all, I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :( They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites. I want to do this the easiest and cheapest way. Options considering: 1) If possible use only one PC on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity). 2) How bad isfor security adding WINS (samba) in the gateway? 3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no separation in the middle :) A WINS server gets you name resolution, but it does *NOT* provide cross-subnet browsing (the official term for what you describe you're wanting), although it's typically a required piece of most cross-subnet browsing setups. 4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP? FreeS/WAN is better (from a security standpoint). Using PPTP may work easier for browsing, but I've never tried to set this up, so I'm not sure what features/limitations PPTP provides (other than a pretty much guaranteed lack of security from anyone actually interested in reading your data...PPTP will secure you from the idly curious, but not anyone actually wanting to break into your VPN). I know this are very basic questions, is there any good online documentation about this topics? Very thankful in advance. Regards. I'm not a windows networking guru, but have been through enough of trying to link remote windows networks to help out with a few issues. First of all, I suggest trying to setup a subnet-subnet IPSec VPN link between your two firewalls. This reduces the problem to getting windows boxes to talk to each other across a router. There are two aspects of the windows portion of the problem: 1) Sharing network resources across subnets 2) Browsing network resources across subnets Note that these are *VERY* differnet problems. Browsing on MS networks typically works by using broadcast traffic, which won't pass through your router/firewall/VPN appliance. Drive mapping, however, can be done directly using IP addresses, DNS names (if you have entries for the system(s) in a zone
Re: [leaf-user] Windows VPN newbie
I have network neighborhood browsing working across subnets, through a VPN tunnel. It required two SAMBA pdcs, one on each subnet. Cross subnet browsing, as has been stated before, requires a pdc on each subnet with wins support turned on, and remote browse sync set up. Once I had two SAMBA servers, it was relatively painless. begin quoting S Mohan : Windows network neighbourhood browsing is based on Netbios. It works fine on a homogenous Windows LAN and Samba. I could not get it working across LANs bridged using TCP/IP. I once (in 1999) had a TCP/IP RAS box for inbound dial up connectivity to a LAN. Browsing did not work. However, using the dial in facility to a modem on the NT server running NT RAS services gave this facility. No change on client or server side. I doubt if you can achieve what you want over IPSEC links. Will stand corrected if any one else had been able to get it working. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Steinkuehler Sent: Saturday, June 21, 2003 10:13 AM To: Jaime Nebrera Herrera Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Windows VPN newbie Jaime Nebrera Herrera wrote: Hi all, I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :( They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites. I want to do this the easiest and cheapest way. Options considering: 1) If possible use only one PC on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity). 2) How bad isfor security adding WINS (samba) in the gateway? 3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no separation in the middle :) A WINS server gets you name resolution, but it does *NOT* provide cross-subnet browsing (the official term for what you describe you're wanting), although it's typically a required piece of most cross-subnet browsing setups. 4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP? FreeS/WAN is better (from a security standpoint). Using PPTP may work easier for browsing, but I've never tried to set this up, so I'm not sure what features/limitations PPTP provides (other than a pretty much guaranteed lack of security from anyone actually interested in reading your data...PPTP will secure you from the idly curious, but not anyone actually wanting to break into your VPN). I know this are very basic questions, is there any good online documentation about this topics? Very thankful in advance. Regards. I'm not a windows networking guru, but have been through enough of trying to link remote windows networks to help out with a few issues. First of all, I suggest trying to setup a subnet-subnet IPSec VPN link between your two firewalls. This reduces the problem to getting windows boxes to talk to each other across a router. There are two aspects of the windows portion of the problem: 1) Sharing network resources across subnets 2) Browsing network resources across subnets Note that these are *VERY* differnet problems. Browsing on MS networks typically works by using broadcast traffic, which won't pass through your router/firewall/VPN appliance. Drive mapping, however, can be done directly using IP addresses, DNS names (if you have entries for the system(s) in a zone file or in your hosts file), WINS name, etc. If you can get by with manually mapping drives instead of browsing (ie manually typing in an IP or computer name rather than clicking the proper computer from a tree view with the mouse), what you want is very simple...just get the VPN link running, and type \\192.168.1.44 (or whatever the appropriate far-end IP is) when you're trying to map a network drive or printer. If, however, you want to browse to the remote resouce, you have a much bigger problem. The official microsoft way to do this is to run 2K server (probably .net server by now) on *EACH* subnet. You eliminate the server install on one side of the network if you have all systems log into the same domain controller (requires a WINS server for name resolution, and proper configuration of the remote systems so they know how to find the WINS server on the far subnet...this can be setup via dhcp, so it's really not too bad). The Microsoft site has a lot more info on what's required to implement this in the approved way...a search for cross subnet browsing
RE: [leaf-user] Windows VPN newbie
Windows network neighbourhood browsing is based on Netbios. It works fine on a homogenous Windows LAN and Samba. I could not get it working across LANs bridged using TCP/IP. I once (in 1999) had a TCP/IP RAS box for inbound dial up connectivity to a LAN. Browsing did not work. However, using the dial in facility to a modem on the NT server running NT RAS services gave this facility. No change on client or server side. I doubt if you can achieve what you want over IPSEC links. Will stand corrected if any one else had been able to get it working. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charles Steinkuehler Sent: Saturday, June 21, 2003 10:13 AM To: Jaime Nebrera Herrera Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Windows VPN newbie Jaime Nebrera Herrera wrote: Hi all, I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :( They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites. I want to do this the easiest and cheapest way. Options considering: 1) If possible use only one PC on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity). 2) How bad isfor security adding WINS (samba) in the gateway? 3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no separation in the middle :) A WINS server gets you name resolution, but it does *NOT* provide cross-subnet browsing (the official term for what you describe you're wanting), although it's typically a required piece of most cross-subnet browsing setups. 4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP? FreeS/WAN is better (from a security standpoint). Using PPTP may work easier for browsing, but I've never tried to set this up, so I'm not sure what features/limitations PPTP provides (other than a pretty much guaranteed lack of security from anyone actually interested in reading your data...PPTP will secure you from the idly curious, but not anyone actually wanting to break into your VPN). I know this are very basic questions, is there any good online documentation about this topics? Very thankful in advance. Regards. I'm not a windows networking guru, but have been through enough of trying to link remote windows networks to help out with a few issues. First of all, I suggest trying to setup a subnet-subnet IPSec VPN link between your two firewalls. This reduces the problem to getting windows boxes to talk to each other across a router. There are two aspects of the windows portion of the problem: 1) Sharing network resources across subnets 2) Browsing network resources across subnets Note that these are *VERY* differnet problems. Browsing on MS networks typically works by using broadcast traffic, which won't pass through your router/firewall/VPN appliance. Drive mapping, however, can be done directly using IP addresses, DNS names (if you have entries for the system(s) in a zone file or in your hosts file), WINS name, etc. If you can get by with manually mapping drives instead of browsing (ie manually typing in an IP or computer name rather than clicking the proper computer from a tree view with the mouse), what you want is very simple...just get the VPN link running, and type \\192.168.1.44 (or whatever the appropriate far-end IP is) when you're trying to map a network drive or printer. If, however, you want to browse to the remote resouce, you have a much bigger problem. The official microsoft way to do this is to run 2K server (probably .net server by now) on *EACH* subnet. You eliminate the server install on one side of the network if you have all systems log into the same domain controller (requires a WINS server for name resolution, and proper configuration of the remote systems so they know how to find the WINS server on the far subnet...this can be setup via dhcp, so it's really not too bad). The Microsoft site has a lot more info on what's required to implement this in the approved way...a search for cross subnet browsing should turn up lots of info. Samba servers can help mitigate a lot of the problems incurred due to the artificial limitations of Microsoft's software (you'd think they want to sell tons of copies of their server software or something), but I wouldn't suggest running Samba on your firewalls, and it doesn't sound like you have extra boxes lying around to turn into server systems. All of the above reflects what I've picked up trying to get my windows box
[leaf-user] Windows VPN newbie
Hi all, I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :( They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites. I want to do this the easiest and cheapest way. Options considering: 1) If possible use only one PC on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity). 2) How bad isfor security adding WINS (samba) in the gateway? 3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no separation in the middle :) 4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP? I know this are very basic questions, is there any good online documentation about this topics? Very thankful in advance. Regards. -- Jaime Nebrera - [EMAIL PROTECTED] --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Windows VPN newbie
Jaime Nebrera Herrera wrote: Hi all, I want to stablish a net to net VPN using Bering as a gateway. On both ends will have windows machines :( They want to see both nets as a whole, with all computers (remember windows) showing in the explorer, so they can access a shared hard disk from both sites. I want to do this the easiest and cheapest way. Options considering: 1) If possible use only one PC on each end. I dont know if they have a WNT or W200 server that could act as a WINS server, but adding a linux (or a couple of) just for WINS is not desirable unless there is no other way (higher price and complexity). 2) How bad isfor security adding WINS (samba) in the gateway? 3) Even better, is really necesary to have a WINS service? I know that for IP services (http, ftp) there is no need for it, but the user just want to see the whole as if there was no separation in the middle :) A WINS server gets you name resolution, but it does *NOT* provide cross-subnet browsing (the official term for what you describe you're wanting), although it's typically a required piece of most cross-subnet browsing setups. 4) What option is better, PPTP or FreeSWAN? Remember, both in the gateway/firewall. Do I need WINS if I use PPTP? FreeS/WAN is better (from a security standpoint). Using PPTP may work easier for browsing, but I've never tried to set this up, so I'm not sure what features/limitations PPTP provides (other than a pretty much guaranteed lack of security from anyone actually interested in reading your data...PPTP will secure you from the idly curious, but not anyone actually wanting to break into your VPN). I know this are very basic questions, is there any good online documentation about this topics? Very thankful in advance. Regards. I'm not a windows networking guru, but have been through enough of trying to link remote windows networks to help out with a few issues. First of all, I suggest trying to setup a subnet-subnet IPSec VPN link between your two firewalls. This reduces the problem to getting windows boxes to talk to each other across a router. There are two aspects of the windows portion of the problem: 1) Sharing network resources across subnets 2) Browsing network resources across subnets Note that these are *VERY* differnet problems. Browsing on MS networks typically works by using broadcast traffic, which won't pass through your router/firewall/VPN appliance. Drive mapping, however, can be done directly using IP addresses, DNS names (if you have entries for the system(s) in a zone file or in your hosts file), WINS name, etc. If you can get by with manually mapping drives instead of browsing (ie manually typing in an IP or computer name rather than clicking the proper computer from a tree view with the mouse), what you want is very simple...just get the VPN link running, and type \\192.168.1.44 (or whatever the appropriate far-end IP is) when you're trying to map a network drive or printer. If, however, you want to browse to the remote resouce, you have a much bigger problem. The official microsoft way to do this is to run 2K server (probably .net server by now) on *EACH* subnet. You eliminate the server install on one side of the network if you have all systems log into the same domain controller (requires a WINS server for name resolution, and proper configuration of the remote systems so they know how to find the WINS server on the far subnet...this can be setup via dhcp, so it's really not too bad). The Microsoft site has a lot more info on what's required to implement this in the approved way...a search for cross subnet browsing should turn up lots of info. Samba servers can help mitigate a lot of the problems incurred due to the artificial limitations of Microsoft's software (you'd think they want to sell tons of copies of their server software or something), but I wouldn't suggest running Samba on your firewalls, and it doesn't sound like you have extra boxes lying around to turn into server systems. All of the above reflects what I've picked up trying to get my windows box to gracefully talk to the home office network across a subnet-subnet VPN, but does not necessarily represent the best, or necessarily even appropriate way to do this in the microsoft world...I'm a linux networking guy, and know just enough microsoft networking to keep my 2KPro desktop linked to the internet and the home office. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED]