Re: VPN: Can connect but not browse or do anything
- From: "Marc" <newmexicoguacamole@xxxxxxxxx>
- Date: 9 Apr 2007 09:01:40 -0700
On Apr 7, 11:15 am, Chuck <n...@xxxxxxxxxxx> wrote:
On 6 Apr 2007 09:06:35 -0700, "Marc" <newmexicoguacam...@xxxxxxxxx> wrote:
Thanks for your informative response, Chuck....
Do you have a domain, or a workgroup? With a domain on a segmented LAN (a VPN
link segments your LAN), the domain controller will act as a domain master
browser. With a workgroup, you have 2 master browser on 2 segments, and no way
for them to see each other.
I am using workgroups. Unfortunately I'm totally clueless about
domains. Is there a place I could learn about them, and compare the
features of using domains instead of workgroups? In the end result,
we've got several distant LANs that need to be connected -- one in
Barcelona, sharing its printers/files, one in South Carolina, sharing
its printer/files... It seems like things could get very ugly if I
don't configure it correctly.
If you have a workgroup, you'll have to setup fixed links, for each cross-VPN
share. And if you can't setup a DNS or WINS server, you'll have to use IP
addresses, as name resolution broadcasts are another casualty of segmented LANs.
I have to admit ignorance on fixed links -- what are they, or could
you point me to some documentation somewhere? I googled it but didn't
find anything at all when I had "fixed links" in quotes. Is this like
the lmhosts file that is alluded to in Al Jarvi's post? I think I
wouldn't want to use a solution like that because the VPN is not
always connected, so with dynamically assigned client IP's I don't
think I can use a hardcoded lmhosts file.
The link you gave explains that "Routers drop broadcasted datagrams",
or as you said, "resolution broadcasts are a casualty of segmented
LANs". But if there was a way to forward UDP packets would this still
be an issue?
I might be interested in setting up a WINS server -- this is built in
to XP, yes? I'm totally a newbie (I am the web programmer/database
guy for my company, and exclusively know OSX/Linux, so while I am
generally familiar with abstract networking concepts I am very new to
Windows networking)
Thanks again,
Marc
Marc,
Networking computers is a lot of fun, and networking computers on separate
networks even more fun. The issue here with multiple segments is broadcast
SMBs, which both local name resolution and browsing uses. Broadcast SMBs are
sent to each computer in the subnet; by definition, broadcast SMBs don't pass
thru routers. They are broadcast only within the subnet, by default
If your VPN can forward broadcast SMBs then try that. Obviously, you have to
know where you are forwarding them; you don't want to forward them everywhere.
Certainly not to the Internet.
Let me give you my article about domains, which will give you an overview of the
issues.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-...>http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-...
Are you really sharing files between multiple geographical locations, with
servers at each location? Are you referencing those servers by IP address right
now? Give us a rough overview of your population please:
1) How many different locations?
2) How many "servers" in each location?
3) How many "clients" in each location?
If you setup a domain, I'd recommend a DNS server, as WINS is legacy technique.
<http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html>http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html
By "fixed links" I meant use an IP address in a share reference, rather than a
computer name. That takes care of the name resolution issue. That's a popular
recommendation here, for name resolution issues.
Now you say that the VPN isn't always connected. If that's the case, you won't
be using the links anyway, if the links refer to a computer in another location.
You can use name references to local computers (in this geographical location),
and IP references to computers in remote geographical locations.
That's the simple solution. If you want to use a domain structure for multiple
locations, and the locations aren't always connected, I would recommend having a
domain controller in each location. So let's look at making this work with a
workgroup, by using IP address references rather than name references.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
Our setup is as follows:
We've got a (home-) office in South Carolina. There is a desktop
running XP Pro, which we are using as a server, plus a laptop or two,
all connected in a LAN behind a router. The server is currently set
up for incoming remote access and VPN connections. There are three
printers physically connected to the server and shared with other
computers in the LAN. We need to share these 3 printers with the
outside world (specifically, Barcelona)
Also got a (home-) office in Barcelona. There are 3 printers there,
hooked up to a laptop (though for purposes of permanent print sharing
we are looking into getting a cheap desktop for a print server). We
also need to share those 3 printers with the world, particularly SC
but really anywhere.
I am working from all over the world -- USA, China, and Spain, but
really am just the tech guy so I don't matter once things are set
up.
Ideally, a worker in Barcelona would have 6 printers available at all
times (3 in BCN, 3 in SC). Likewise, a worker in SC would always have
those same 6 printers available.
When someone is working remotely (cafe in Dusseldorf, hotel room in
Chicago, etc.) they need to be able to print to all 6 printers....
that is, once we get a permanent print server solution in BCN. It
appears that a cheap windows xp pro box would be the best way to go
for a server in BCN, since it can handle VPN + print sharing and can
share any windows-compatible printer.
After reading your article on domains, I think it is useful to point
out that everyone trusts each other fully with all resources, so
privacy/access control is not an issue (except for keeping the rest of
the world out!)
Can we make this work using workgroups? Printer sharing is really the
ONLY major concern -- file sharing is nice but unnecessary. I have
heard of some 3rd party solutions like Hamachi but am unsure if that
is the way to go.
Thanks,
Marc
.
- Follow-Ups:
- References:
- VPN: Can connect but not browse or do anything
- From: Marc
- Re: VPN: Can connect but not browse or do anything
- From: Chuck
- Re: VPN: Can connect but not browse or do anything
- From: Marc
- Re: VPN: Can connect but not browse or do anything
- From: Chuck
- VPN: Can connect but not browse or do anything
- Prev by Date: Re: File sharing - why is it so difficult?
- Next by Date: Re: How to change Windows server 2003 Domain User password?
- Previous by thread: Re: VPN: Can connect but not browse or do anything
- Next by thread: Re: VPN: Can connect but not browse or do anything
- Index(es):
Relevant Pages
|
|
