[ previous ] [ next ] [ threads ]
 
 From:  Tim Nelson <tnelson at rockbochs dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SMB over IPSEC...
 Date:  Wed, 23 Jul 2008 09:24:39 -0500 (CDT) 
Thank you for the quick reply Bill. The issue of using hostnames across the tunnel is secondary to
the speed issue but appreciated nonetheless. When our performance issues have been sorted out, I'll
be sure to look at implementing WINS to make it easier on the "monkeys".  :-)

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

----- Original Message -----
From: "mtnbkr" <waa dash m0n0wall at revpol dot com>
Cc: m0n0wall at lists dot m0n0 dot ch
Sent: Wednesday, July 23, 2008 9:20:57 AM GMT -06:00 US/Canada Central
Subject: Re: [m0n0wall] SMB over IPSEC...

- gpg control packet
Tim Nelson wrote:
| Hello fellow monowallers... I know the issue of SMB/Samba/Netbios over IPSEC
has come up many times. However, the issue always seems to be related to the
fact that broadcasts are not being passed over the IPSEC tunnel. I'm currently
trying to use Samba over IPSEC(one site has monowall 1.3b11 and the other has
pfSense 1.2-RELEASE) but instead of relying on broadcasting and using 'Network
Neighborhood' to find the Samba boxes, we're accessing them directly via IP
address by entering "\\192.168.1.100" in the address bar of the clients which
are primarily WinXP machines. They are able to find the server and access it's
shares but opening a file... even small ones like 20k... takes FOREVER. I'm
wondering if there isn't a different issue such as fragmentation happening.
Both sides of the tunnel have completely open "Allow any to any from any"
rules so firewalling should not be the issue. Has anyone seen this type of
behavior before? I can make my logs available but after looking through them,
I'm not seeing anything of consequence. All help is welcome and appreciated.
Thank you!

Hi Tim,

I can't comment on the speed issues you refer to, but if you give your windows
machines the address(es) of your WINS server(s) in the m0n0wall DHCP setup
page, then they will be able to "browse" the "network neighborhood" and access
machines by name instead of only IP - even across subnets.

--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch