[vpn-help] Require help with troubleshooting samba shares over ipsec
Jean-Michel CALHELHA
jmcalhelha at free.fr
Tue Aug 10 12:58:06 CDT 2010
Require help with troubleshooting samba shares over ipsec
(Brett Morrison)
Do you use Nat to connect at the share resource when you use shrew VPN ?
CALHELHA Jean-Michel
-----Message d'origine-----
De : vpn-help-bounces at lists.shrew.net
[mailto:vpn-help-bounces at lists.shrew.net] De la part de
vpn-help-request at lists.shrew.net
Envoyé : mardi 10 août 2010 19:00
À : vpn-help at lists.shrew.net
Objet : vpn-help Digest, Vol 47, Issue 9
Send vpn-help mailing list submissions to
vpn-help at lists.shrew.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.shrew.net/mailman/listinfo/vpn-help
or, via email, send a message with subject or body 'help' to
vpn-help-request at lists.shrew.net
You can reach the person managing the list at
vpn-help-owner at lists.shrew.net
When replying, please edit your Subject line so it is more specific than
"Re: Contents of vpn-help digest..."
Today's Topics:
1. Require help with troubleshooting samba shares over ipsec
(Brett Morrison)
2. Re: Again: no response vom DHCP server (Fortigate 80C 4.0
MR1) (Matthew Grooms)
3. Problem with security Policies (CALHELHA Jean-Michel)
4. Re: Problem with security Policies (Matthew Grooms)
5. Re: Require help with troubleshooting samba shares over ipsec
(Matthew Grooms)
----------------------------------------------------------------------
Message: 1
Date: Tue, 10 Aug 2010 11:32:40 +1000
From: "Brett Morrison" <bretmorr at hyne.com.au>
Subject: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: <vpn-help at lists.shrew.net>
Message-ID:
<6F3E5D9E8F5E9B499EB75F9D63B729CD02416BD2 at virgo.hyne.com.au>
Content-Type: text/plain; charset="us-ascii"
Hi all
We are having trouble with some Samba shares on one of our servers not being
accessible by one of our guys that works remotely.
He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
32bit. He can ping the server, can use SSH to connect to the terminal
software on the server, but shares do not come up in windows explorer.
This has been tested on my laptop as well with the same setup, which has the
same problem.
Inside the network, there is no problem, all win 7 clients can connect
without a problem.
Any ideas?
regards,
Brett
############################################################################
################################
Attention:
Hyne and Son Pty Limited trading as Hyne Timber reserves the right to
monitor all e-mail communications throughout its corporate network. This
e-mail and any attachments are confidential and may be privileged in which
case neither is intended to be waived.
If you are not the intended recipient (or responsible for delivery of the
message to such person), any use, interference with, disclosure or copy of
this material is unauthorised and prohibited.
If you have received this communication in error, please notify us
immediately by return e-mail, and destroy the original communication.
This communication has been scanned and cleared by Hyne Timber's corporate
virus scanning software, however it remains your responsibility to scan for
viruses and other defects prior to use. Hyne Timber shall not accept any
loss or damage caused directly or indirectly to you or any third party by
this communication.
Any views or opinions presented are solely those of the sender, unless
stated otherwise and the content may not necessarily represent the views of
Hyne Timber.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.shrew.net/pipermail/vpn-help/attachments/20100810/865d1079/att
achment-0001.html>
------------------------------
Message: 2
Date: Tue, 10 Aug 2010 00:13:10 -0500
From: Matthew Grooms <mgrooms at shrew.net>
Subject: Re: [vpn-help] Again: no response vom DHCP server (Fortigate
80C 4.0 MR1)
To: "Weber, Uwe" <uw at rnt.de>
Cc: "vpn-help at lists.shrew.net" <vpn-help at lists.shrew.net>
Message-ID: <4C60DFE6.1030207 at shrew.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/5/2010 4:32 AM, Weber, Uwe wrote:
> Hi Uwe,
>
> This sounds like a different problem from the DHCP over IPsec related
> issue that was reported previously. It pertains to the client not
> using a consistent MAC address for the DHCP discover. Since each
> connection is processed as a different machine, the gateway hands out
> a new DHCP address for each Shrew connection attempt which eventually
> exhausts the DHCP pool. My guess is that the Fortigate client wasn't
> effected by this because it retained the MAC value previously sent and
> gets handed an address which is still reserved. The easiest solution
> will be for the client to offer the same MAC address each time so it
> doesn't cause this problem. I haven't gotten around to this yet, but
> it shouldn't be too difficult to add. I'll keep you posted.
>
> -Matthew
>
> -- Matthew, you exactly hit the nail: In the meantime, I found out,
> that really the FGT went out of DHCP-Leases and wasn't able to had out
> more leases to the Shrew-Clients (which are always the same) but seem
> to come with a different MAC and so requesting a new IP from
> IPSEC-DHCP instead of reclaiming the previous lease. Forticlient alwys
> comes with the same MAC as you said, and subsequently gets the old
> lease. My workaround so far is, that I have set the lease time to one
> hour, which prevents the DHCP pool from getting exhausted. So far this
> worked for me :) But if there is not a specific reason for the Shrew
> client software to use a different MAC for each connection attempt,
> and if you can change this behavior, you should do it, because
> logically seen it would be clear to me, that a connection (or a
> virtual IPSEC interface) always uses the same MAC. As far as I have
> seen it, every IPSEC client does use one and the same MAC address
> (which is even configurable in some cases iirc) for every connection
> butcause the MAC logically belongs to the interface and not to the
> connection imho. Regards Uwe
Hi Uwe,
Please test this build. It should hand out the same IP address to the client
each time ...
http://www.shrew.net/download/vpn/vpn-client-2.1.6-dhcpfix-1.exe
... if you can provide feedback quickly enough, I will roll the change into
2.1.6 for the release.
-Matthew
------------------------------
Message: 3
Date: Tue, 10 Aug 2010 14:17:44 +0200 (CEST)
From: CALHELHA Jean-Michel <jmcalhelha at free.fr>
Subject: [vpn-help] Problem with security Policies
To: vpn-help at lists.shrew.net
Message-ID:
<1718438625.276751281442664878.JavaMail.root at zimbra2-e1.priv.proxad.net>
Content-Type: text/plain; charset=utf-8
Hello all,
I have a problem with shrew. When I connect to my concentrator I have access
to my ressources but sometimes if I disconnect and reconnect, the shrew
doesn't clear the security Policies. After this I can't acces to my
ressources, for resolve this problem I need to restart windows or kill the
processes shew "iked" and "ipsecd".
Thx for your help.
CALHELHA Jean-Michel
------------------------------
Message: 4
Date: Tue, 10 Aug 2010 11:09:04 -0500
From: Matthew Grooms <mgrooms at shrew.net>
Subject: Re: [vpn-help] Problem with security Policies
To: CALHELHA Jean-Michel <jmcalhelha at free.fr>
Cc: vpn-help at lists.shrew.net
Message-ID: <4C6179A0.2050901 at shrew.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/10/2010 7:17 AM, CALHELHA Jean-Michel wrote:
>
> Hello all,
>
> I have a problem with shrew. When I connect to my concentrator I have
access to my ressources but sometimes if I disconnect and reconnect, the
shrew doesn't clear the security Policies. After this I can't acces to my
ressources, for resolve this problem I need to restart windows or kill the
processes shew "iked" and "ipsecd".
>
Hi Jean-Michel,
Have you tested the 2.1.6 release candidate to see if your problem still
exists?
-Matthew
------------------------------
Message: 5
Date: Tue, 10 Aug 2010 11:10:00 -0500
From: Matthew Grooms <mgrooms at shrew.net>
Subject: Re: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: Brett Morrison <bretmorr at hyne.com.au>
Cc: vpn-help at lists.shrew.net
Message-ID: <4C6179D8.4080703 at shrew.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/9/2010 8:32 PM, Brett Morrison wrote:
> Hi all
>
> We are having trouble with some Samba shares on one of our servers not
> being accessible by one of our guys that works remotely.
>
> He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
> 32bit. He can ping the server, can use SSH to connect to the terminal
> software on the server, but shares do not come up in windows explorer.
> This has been tested on my laptop as well with the same setup, which
> has the same problem.
>
> Inside the network, there is no problem, all win 7 clients can connect
> without a problem.
>
> Any ideas?
>
What version of the client are you using? What gateway are you connecting
to?
-Matthew
------------------------------
Message: 5
Date: Tue, 10 Aug 2010 11:10:00 -0500
From: Matthew Grooms <mgrooms at shrew.net>
Subject: Re: [vpn-help] Require help with troubleshooting samba shares
over ipsec
To: Brett Morrison <bretmorr at hyne.com.au>
Cc: vpn-help at lists.shrew.net
Message-ID: <4C6179D8.4080703 at shrew.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 8/9/2010 8:32 PM, Brett Morrison wrote:
> Hi all
>
> We are having trouble with some Samba shares on one of our servers not
> being accessible by one of our guys that works remotely.
>
> He is connecting using Shrewsoft VPN client 2.1.5, OS is Windows 7 pro
> 32bit. He can ping the server, can use SSH to connect to the terminal
> software on the server, but shares do not come up in windows explorer.
> This has been tested on my laptop as well with the same setup, which
> has the same problem.
>
> Inside the network, there is no problem, all win 7 clients can connect
> without a problem.
>
> Any ideas?
>
What version of the client are you using? What gateway are you connecting
to?
-Matthew_
______________________________________________
vpn-help mailing list
vpn-help at lists.shrew.net
http://lists.shrew.net/mailman/listinfo/vpn-help
End of vpn-help Digest, Vol 47, Issue 9
***************************************
More information about the vpn-help
mailing list