[ previous ] [ next ] [ threads ]
 
 From:  "Danny Puckett" <dpuckett at comresource dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPsec VPN and M$ Windows Domain
 Date:  Fri, 10 Mar 2006 14:38:58 -0500
> -----Original Message-----
> From: Willem van Dam [mailto:willemv at setnorbyer dot com] 
> Sent: Friday, March 10, 2006 2:22 PM
> To: 'James W. McKeand'; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] IPsec VPN and M$ Windows Domain
> 
> 
> > Willem van Dam wrote:
> ---8<---8<---8<---
> > 
> > Does the remote site have a server? If not consider setting 
> up a DC in 
> > the remote location. This will allow only changes to be 
> synced between 
> > the sites. The new DC can be in the same "SITE" as fare as 
> the Active 
> > Directory is concerned.
> > 
> > I assume that the remote site is a workgroup. You can add the 
> > computers into the domain and have the users use domain logins. But 
> > the login process will be slow due to the network 
> bottleneck of going 
> > across the VPN. This is why a DC in the remote location would help 
> > things.
> > 
> > _________________________________
> > James W. McKeand
> > 
> James,
> 
> I will probably have to setup a DC if the login process is 
> really that slow but initially I would like to keep it simple 
> because for now there will be only 1 person at our remote location.
> 
> > This sounds like a simple DNS problem.  Make sure the primary DNS 
> > server is the one used in your windows environment.
> >
> Danny,
> 
> The prim. DNS is indeed the DNS server at our main location. 
> I have done some more investigation in the mean time and the 
> DNS requests don't seem to go over the VPN.
> Do I have to create a sever rule for this?
> Or am I doing something else wrong?

Is the DNS server in the main office in a different subnet than the one
the IPSEC tunnel is set for?  This is the only thing I can think of, if
you are not specifically blocking something. I had a similar setup as
yours and DNS requests went across the tunnel just fine.


> 
> > It is indeed a name resolution issue.  This is one of those 
> times when 
> > the "lmhosts" file comes into play and can really work 
> magic.  It is 
> > in the same folder as your hosts file (the sample one is named 
> > lmhosts.sam).
> > 
> > Create a "lmhosts" text file with 2 lines like this:
> > pdc-ip-addr    pdc-server-name    #PRE    #DOM:domain-name
> > pdc-ip-addr    "domain-name     \0x1b"    #PRE
> > 
> > It is critical that the second line be exactly 20 
> characters between 
> > the quotes - pad you domain name with spaces if needed.  Replace 
> > "pdc-ip-addr", "pdc-server-name" and "domain-name" with 
> your info and 
> > save that file as "lmhosts"
> > and you will be able to do all the domain stuff (join, logon,
> > etc.) over the VPN.  You will need to copy that file to all the 
> > workstations on the remote side of the VPN.
> > 
> > See: http://support.microsoft.com/?kbid=150800
> > 
> > ~Brian
> > 
> Brian,
> 
> My domain name is 16 characters (DomainName.local) So I have 
> a total of 21.....
> 
> Thanks all for your replies
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>