HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   OpenVPN DHCP, DNS problems (http://www.howtoforge.com/forums/showthread.php?t=18156)

DrJohn 7th December 2007 20:12

OpenVPN DHCP, DNS problems
 
<Gutsy, OpenVPN 2.0.9, Shorewall 3.4.4, Samba 3.0.26 as PDC, dhcpd is running>

Shorewall server policy is configured for open access between loc <--> vpn and $FW<--> vpn (vpn is the separate zone established for openVPN). OpenVPN is in a routing configuration. Samba is running as PDC and WINS is enabled.

The WinXP Pro laptop's firewall is on with ports 1024-2096 open, and it reports no blocked packets.

I have no problems establishing a tunnel from the laptop either 1) when connected directly to the Internet (on a spare fixed IP address), or 2) from behind a NATed corporate firewall at work.

Once connected, however, I encounter several problems.

1) I only can connect to the server and the other systems on its local LAN using their IP addresses; network names don't work. This is true for SSH, NetHood shares, Remote Desktop Connections. For the server I can use either its openVNP 10.8.0.1 or its local IP of 192.168.2.254.

The corporate LAN on which the laptop sits uses subnets 192.168.1.0/24 and 10.0.0.0/20, separate from anything on the vpn or the local LAN.

From a WinXP system on the LAN I can use network names internally, but the laptop doesn't appear in the NetHood. From a Gutsy client setup on the LAN I see the server and the WinXP machines, but not the laptop.

It doesn't make any difference if I explicitly enable NetBIOS over TCP/IP in the Tap adapter or not.

So, routing is up but SMB or NetBIOS aren't hitting the vpn.

Here's the relevant part of smb.conf:

Code:

  passdb backend = tdbsam
  security = user
  username map = /etc/samba/smbusers
  name resolve order = bcast wins host lmhosts
  domain logons = yes
  preferred master = yes
  wins support = yes

  #Control net access
  hosts allow = 192.168.2. 192.168.3. 10.8.0. localhost
  interfaces = eth0 eth2 vpn lo
  bind interfaces only = yes


2) I get one DHCP lease renewal error in the WinXP application event log with a timestamp that matches the time that the tunnel was established:
The IP address lease 10.8.0.6 for the Network Card with network address 00FF2B6ED103 has been denied by the DHCP server 10.8.0.5 (The DHCP Server sent a DHCPNACK message).
ipconfig on the laptop reveals that it was given 10.8.0.5 as DHCP server address for the Tap-Win32 adapter (it also has 10.8.0.1 for DNS and WINS servers as pushed from openVPN's server).

This isn't really a problem but may be a symptom of another related issue.


Any comments, hints, suggestions on how to get network browsing to work on OpenVPN are greatly appreciated.

-- Dr John


3)


All times are GMT +2. The time now is 10:31.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.