[Vpn-help] Browsing Windows Network Shares

Tue Mar 4 15:16:18 CST 2008

>Markus Stockhausen wrote:
>> Hallo everybody.
>>
>> I'm very happy to have finished a VPN Setup with the (fabulous)
>> Shrew VPN Client and a Juniper Netscreen SSG-140 using Certificates
>> and XAuth. Everything runs like a charm on my Windows PC (DNS,
>> Routing, ...). But there is one thing left I cannot get to work:
>> Browsing of Network Shares. At the moment I end up with getting
>> the Logon Screen displayed and I enter my username and password and
>> afterwards the system hangs.
>>
>> I tried to supply the DNS/WINS IP addresses in the client
>> directly and everything I suspect to be not provided by the
>> Firewall device. I'm quite stuck and do not know what type of
>> debug output I could provide to narrow down the reaseon of this
>> problem.
>>
>> Any help is appreciated. Thanks in advance.
>>
>
>Markus,
>
>I'm not sure how feasible this is, but have you tried accessing the
>windows network share from within the same network ( not over the VPN )?
>The reason I ask is that I sometimes have problems doing this myself
>depending on the difference between the OS versions and computer ID
>settings ( workgroup names, domain memberships, etc ... ). I assume you
>can resolve the remote host via WINS or you wouldn't be getting the
>authentication dialog popup. Seeing this dialog mostly proves the WINS
>resolution and IPsec communications is working as intended.
>
>One of the tools you can use is nbtstat -c to list the WINS resolver
>cache. If you see the host you are attempting to connect with, then the
>host name was resolved correctly via WINS.  I just ran some regression
>tests with the Shrew Soft client and was able to successfully browse a
>windows share between 2 XP hosts across a VPN connection. I am using
>samba as the WINS server though so this may not be a complete apples to
>apples comparison. Sorry I can't be more help.
>
>Thanks,
>
>-Matthew

Hi,

im getting more and more confused. As you can see from the following
output (directly after connect) everything seems to work perfect.
Colnt05 is our Domain Controller, WINS & Fileserver.

C:\Dokumente und Einstellungen\markus>nbtstat -c

Intel WLAN:
Knoten-IP-Adresse: [0.0.0.0] Bereichskennung: []

    Keine Namen im Cache

LAN-Verbindung:
Knoten-IP-Adresse: [192.168.2.203] Bereichskennung: []

    Keine Namen im Cache

\Device\NetBT_Tcpip_{1E316282-D34C-4CB6-AB5C-7D4B73D95333}:
Knoten-IP-Adresse: [10.150.1.12] Bereichskennung: []

                  NetBIOS-Remotecache-Namentabelle

        Name              Typ        Hostadresse     Dauer [Sek.]
    -------------------------------------------------------------
    COLNT05        <20>  EINDEUTIG       192.168.10.15       490
    COLNT05        <00>  EINDEUTIG       192.168.10.15       495

C:\Dokumente und Einstellungen\markus>nbtstat -a colnt05

Intel WLAN:
Knoten-IP-Adresse: [0.0.0.0] Bereichskennung: []

    Host nicht gefunden.

LAN-Verbindung:
Knoten-IP-Adresse: [192.168.2.203] Bereichskennung: []

    Host nicht gefunden.

\Device\NetBT_Tcpip_{1E316282-D34C-4CB6-AB5C-7D4B73D95333}:
Knoten-IP-Adresse: [10.150.1.12] Bereichskennung: []

      NetBIOS-Namentabelle des Remotecomputers

       Name               Typ          Status
    ---------------------------------------------
    COLNT05        <00>  EINDEUTIG   Registriert
    COLLOGIA       <00>  GRUPPE      Registriert
    COLLOGIA       <1C>  GRUPPE      Registriert
    COLNT05        <20>  EINDEUTIG   Registriert
    COLLOGIA       <1B>  EINDEUTIG   Registriert
    COLLOGIA       <1E>  GRUPPE      Registriert
    COLLOGIA       <1D>  EINDEUTIG   Registriert
    ..__MSBROWSE__.<01>  GRUPPE      Registriert

    MAC Adresse = 00-E0-81-32-EB-E0

The Server colnt05 I want to connect to is in our companies Domain
while my Laptop is only set up as workgroup operation. To confirm
that it has nothing todo with the Laptop setup I configured our
firewall to accept L2TP-IPSEC connections with the Windows standard
client. The laptop is assigned the same IP in both szenarios and works
perfect with the standard client while the Shrew client only fails with
the network shares.

In my tests I encountered a second issue that makes it all more and
more misterious. I cannot make an RDP connection to the all in one
Domain/WINS/Fileserver colnt05. Every other host works without
problems.

... hm, have to sleep over it ...

Bye

Markus

****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

Über das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

Vorstand:
Kadir Akin
Prof. Gerd M. Henselmann
Dr. Michael Höhnerbach

Vorsitzender des Aufsichtsrates:
Hans Kristian Langva

Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

executive board:
Kadir Akin
Prof. Gerd M. Henselmann
Dr. Michael Höhnerbach

President of the supervisory board:
Hans Kristian Langva

Registry office: district court Cologne
Register number: HRB 52 497

****************************************************************************