Re: [Openvpn-devel] [Openvpn-users] Is it possible to access Windows XP shares over port 445?

Tue, 22 Jun 2010 15:00:46 +0000 

Hi Henno,

Henno Täht wrote:

Is it possible to share files from Windows XP using port 445 over
OpenVPN tunnel?

Everything works within the LAN but from the other side of OpenVPN
connection I'm getting "No network provider accepted the given network
path." error while trying to access XP's shares.

Sniffing shows this:
(zeus is the machine trying to access XP's shares)

Time        Source        Destination     Proto    Info
1.718123    zeus            xp            TCP      3285 > 445 [SYN]
Seq=0 Win=64240 Len=0 MSS=1460
1.830665    xp              zeus          TCP      445 > 3285 [RST,
ACK] Seq=1 Ack=1 Win=0 Len=0
2.189052    zeus            xp            TCP      3285 > 445 [SYN]
Seq=0 Win=64240 Len=0 MSS=1460
2.219486    xp              zeus          TCP      445 > 3285 [RST,
ACK] Seq=1 Ack=1 Win=0 Len=0
2.735585    zeus            xp            TCP      3285 > 445 [SYN]
Seq=0 Win=64240 Len=0 MSS=1460
2.766907    xp              zeus          TCP      445 > 3285 [RST,
ACK] Seq=1 Ack=1 Win=0 Len=0

So XP is refusing port 445 connections from OpenVPN adapter. Firewall
is off (otherwise no packet would be sent back).

While NetBIOS over TCP/IP works (port 139), it has been disabled on
zeus and as I understand DirectSMB (microsoft-ds or port 445) should
be more efficient.

you're actually not the first person to report this issue...
I can reproduce the behaviour on Windows XP but not on Windows 2000 , using the exact same openvpn version and installation configuration.
similar to what you are seeing , I can see in wireshark is that any access over port 445 to \\<VPN-IP>>\ is dropped immediately by windows XP, yet on windows 2000 this works flawlessly.
The only thing I can think of is that Windows XP explicitly forbids access to port 445 as a countersecurity measure unless it's coming from an "official" network card. It seems like OpenVPN is working as it should, it's just that Windows XP (and Vista/7?) does not regard the tap-win32 adapter as an official network card and hence does not allow access.
Your best bet is to continue using netbios-over-tcpip for the time being (I always disable port 445 anyways) until a Windows kernel guru can tell us just what the heck is happening here (where would this be logged? my XP firewall is turned off
Maybe someone on the -devel list (CC'ed) knows more about the interaction between the tap-win32 adapter and the rest of the windows os? 

cheers,

JJK

Reply via email to