Re: VPN: Can connect but not browse or do anything

On 6 Apr 2007 09:06:35 -0700, "Marc" <newmexicoguacamole@xxxxxxxxx> wrote:

Thanks for your informative response, Chuck....

Do you have a domain, or a workgroup? With a domain on a segmented LAN (a VPN
link segments your LAN), the domain controller will act as a domain master
browser. With a workgroup, you have 2 master browser on 2 segments, and no way
for them to see each other.

I am using workgroups. Unfortunately I'm totally clueless about
domains. Is there a place I could learn about them, and compare the
features of using domains instead of workgroups? In the end result,
we've got several distant LANs that need to be connected -- one in
Barcelona, sharing its printers/files, one in South Carolina, sharing
its printer/files... It seems like things could get very ugly if I
don't configure it correctly.

If you have a workgroup, you'll have to setup fixed links, for each cross-VPN
share. And if you can't setup a DNS or WINS server, you'll have to use IP
addresses, as name resolution broadcasts are another casualty of segmented LANs.

I have to admit ignorance on fixed links -- what are they, or could
you point me to some documentation somewhere? I googled it but didn't
find anything at all when I had "fixed links" in quotes. Is this like
the lmhosts file that is alluded to in Al Jarvi's post? I think I
wouldn't want to use a solution like that because the VPN is not
always connected, so with dynamically assigned client IP's I don't
think I can use a hardcoded lmhosts file.

The link you gave explains that "Routers drop broadcasted datagrams",
or as you said, "resolution broadcasts are a casualty of segmented
LANs". But if there was a way to forward UDP packets would this still
be an issue?

I might be interested in setting up a WINS server -- this is built in
to XP, yes? I'm totally a newbie (I am the web programmer/database
guy for my company, and exclusively know OSX/Linux, so while I am
generally familiar with abstract networking concepts I am very new to
Windows networking)

Thanks again,
Marc

Marc,

Networking computers is a lot of fun, and networking computers on separate
networks even more fun. The issue here with multiple segments is broadcast
SMBs, which both local name resolution and browsing uses. Broadcast SMBs are
sent to each computer in the subnet; by definition, broadcast SMBs don't pass
thru routers. They are broadcast only within the subnet, by default

If your VPN can forward broadcast SMBs then try that. Obviously, you have to
know where you are forwarding them; you don't want to forward them everywhere.
Certainly not to the Internet.

Let me give you my article about domains, which will give you an overview of the
issues.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html>
http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html

Are you really sharing files between multiple geographical locations, with
servers at each location? Are you referencing those servers by IP address right
now? Give us a rough overview of your population please:
1) How many different locations?
2) How many "servers" in each location?
3) How many "clients" in each location?

If you setup a domain, I'd recommend a DNS server, as WINS is legacy technique.
<http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html>
http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html

By "fixed links" I meant use an IP address in a share reference, rather than a
computer name. That takes care of the name resolution issue. That's a popular
recommendation here, for name resolution issues.

Now you say that the VPN isn't always connected. If that's the case, you won't
be using the links anyway, if the links refer to a computer in another location.
You can use name references to local computers (in this geographical location),
and IP references to computers in remote geographical locations.

That's the simple solution. If you want to use a domain structure for multiple
locations, and the locations aren't always connected, I would recommend having a
domain controller in each location. So let's look at making this work with a
workgroup, by using IP address references rather than name references.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.

Relevant Pages

  • Re: Single domain two IP subnets
    ... domain" (area in which a broadcast will freely propagate). ... Not if they're on the same wire. ... Get a switch, plug 4 computers ... true understanding of switches yet do not wish to learn. ...
    (microsoft.public.win2000.dns)
  • Re: New to Windows Media, Want some suggestions.
    ... All the computers are divided in the group of 5. ... I have created simple playlist for each broadcast points. ... Now my problem is how do I switch from the running broadcast to a commercial ...
    (microsoft.public.windowsmedia)
  • Re: Fame and television (was: Lavatory lids)
    ... I had gone to an affair at MIT that was a sort of toy Turing test. ... Judges & guests could step to ... judges were journalists not specializing in computers, ... I was not aware that the interview was broadcast, ...
    (alt.usage.english)
  • JAVA PERMISSIONS and webcam - question
    ... Can anyone tell me if I possibly, inadvertently, might have broadcast my webcam ... For some reason, I recall ... changing the java permissions to "Custom" and "I/O Access to all network ... Could the other computers have just picked it up just ...
    (comp.lang.java.programmer)
  • Re: New to Media SDK, Want some suggestions.
    ... Answered in other newsgroup. ... All the computers are divided in the group of 5. ... I have created simple playlist for each broadcast points. ... Now my problem is how do I switch from the running broadcast to a commercial ...
    (microsoft.public.windowsmedia.sdk)