[ previous ] [ next ] [ threads ]
 From:  "Mark Rinaudo" <mark at preferreddatasolutions dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] SMB over IPSEC...
 Date:  Wed, 23 Jul 2008 09:45:45 -0500

I had a similar issue a couple of years ago with an ipsec tunnel between my 
m0n0wall and a netgear router.  The tunnel would come and I could browse a 
windows 2003 server's folders but dealing at the file level was slow and 
writing files was impossible.  Finally tracked it down to the MTU size of 
packets being sent from the windows machines.  Try adjusting the MTU size of 
your packets and see if that helps.

Preferred Data Solutions

----- Original Message ----- 
From: "Tim Nelson" <tnelson at rockbochs dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, July 23, 2008 9:07 AM
Subject: [m0n0wall] SMB over IPSEC...

Hello fellow monowallers... I know the issue of SMB/Samba/Netbios over IPSEC 
has come up many times. However, the issue always seems to be related to the 
fact that broadcasts are not being passed over the IPSEC tunnel. I'm 
currently trying to use Samba over IPSEC(one site has monowall 1.3b11 and 
the other has pfSense 1.2-RELEASE) but instead of relying on broadcasting 
and using 'Network Neighborhood' to find the Samba boxes, we're accessing 
them directly via IP address by entering "\\" in the address 
bar of the clients which are primarily WinXP machines. They are able to find 
the server and access it's shares but opening a file... even small ones like 
20k... takes FOREVER. I'm wondering if there isn't a different issue such as 
fragmentation happening. Both sides of the tunnel have completely open 
"Allow any to any from any" rules so firewalling should not be the issue. 
Has anyone seen this type of behavior before? I can make my logs available 
but after looking through them, I'm not seeing anything of consequence. All 
help is welcome and appreciated. Thank you!

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch