Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Mount shares by name over VPN Network
I telecommute four days a week and need to get to various servers at work over a VPN connection. I don't like routing all my traffic through the VPN connection, because I do a lot of internet work as part of my job. I don't want to pull all that through the company connection and down a VPN pipe, so I have my VPN connection set to only route traffic through the VPN that goes to my company's resources.

The problem is this: when I am on site, I can browse the various Windows workgroups and shares without a problem and connect easily (thank you, Leopard!). But when I VPN in, I lose this ability. I can access shares by typing in their IP addresses, and this works fine for those servers that have static IPs. However, some of the servers (developer boxes, etc.) will have IPs that roll over every week, making this method impossible.

This has been a major annoyance of mine for quite some time, and I have looked extensively for some way to make it work, but haven't been able to discover anything. Then, one day, on a whim, I decided to do a traceroute on the IP address of one of the servers over the VPN connection. In the output, I saw "mycompany.com" appended to one of the jumps in the route. The thought then struck me, "what if I connected using smb://server.mycompany.com?" It worked beautifully. My life is now complete.

I suspect that the network wise among you will say something like "well, duh," but the fact is, I searched OS X hints and every other place I could think of for a simple tip like this and couldn't find it anywhere. So I thought this might be useful to someone else as well. Enjoy!
    •    
  • Currently 2.17 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (6 votes cast)
 
[21,134 views]  

Mount shares by name over VPN | 14 comments | Create New Account
Click here to return to the 'Mount shares by name over VPN' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Mount shares by name over VPN
Authored by: mmnw on Mar 12, '08 08:15:46AM

I had a similar problem some time ago. This is actually a problem of DNS resolving. I guess if you are on site at your company your computer itself is part of the mycompany.com domain, so your computer would be computer.mycompany.com. It is a usual setting in dns resolving to have a search domain applied, which is the upper domain part of your own dns (so in this case mycompany.com). This is often automatically set by DHCP or manually by your network configuration.
If you are outside your company this setting is probably not applied (especially if you route only company traffic through your VPN connection), then your default domain context would be the one of your ISP, or if you're behind a NAT your local home network domain (default is .local).
There is however a solution to this: you can manually add search domains to your dns resolving. Open Network preferences, select the advanced options of your network device, go to the DNS tab. You will find a search-domain list on the right side, where you can manually add additional search domains. Just add "mycompany.com" to that list. From now on you should be fine. You could also add other domains, like "mysecondcompany.com" or even subdomains like "division.mycompany.com". Also bear in mind that if several computers with the same name exist in several search domains the first found will be used.



[ Reply to This | # ]
Very nice.
Authored by: frgough on Mar 12, '08 11:23:59AM

Thanks. Works beautifully.



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: skrawcke on Mar 12, '08 08:18:06AM

FYI this will only work if the remote computer has a static IP and DNS is up to date, if the remote computer gets it's IP from a DHCP server and doesn't have a dedicated DNS name this might not work.



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: ashevin on Mar 12, '08 09:31:40AM

This will work as long as DNS is up-to-date. It doesn't matter how the server gets it's IP address. It only matters that the DNS server knows what it is.



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: leamanc on Mar 12, '08 01:16:57PM

Yeah, exactly. If properly configured, dhcpd will update dns with the new IP.

Sorry if this comes across a bit snarky, but this hint doesn't take an advanced network guru to figure out. It's kind of the whole point of having hostnames and DNS. :-)



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: rpaege on Mar 12, '08 11:09:41AM

You can also accomplish this using a Hosts file.



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: leamanc on Mar 12, '08 01:18:37PM

Only if you want to update that hosts file manually every week when the IPs roll over.

Seriously people, don't re-invent the wheel here. Let dhcp and dns do their jobs for you!



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: Armen52 on Mar 12, '08 12:00:00PM
"so I have my VPN connection set to only route traffic through the VPN that goes to my company's resources."
Can anyone point me to a hint, article, or resource on how to accomplish that? I would love to be able to do that when I am working remotely. Thanks.

[ Reply to This | # ]
Mount shares by name over VPN
Authored by: palahala on Mar 12, '08 12:24:07PM

First, be sure to ask your system administrator for security issues -- many companies do not like you to have both "normal" internet access and a VPN connection into their network active simultaniuosly (as this basically implies that any interactive malware/backdoor/trojan could access the company's network).

So: if you cannot browse the internet while the VPN connection is active (thus: if your administrator has disabled outgoing connections from the VPN gateway machine) then this might be on purpose!



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: palahala on Mar 12, '08 12:26:44PM

And after that: go into your VPN settings, button "Advanced", "Session Options": uncheck "Send all traffic over VPN connection".



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: enderai on Mar 13, '08 07:52:26AM

I can't test this but I think you can also add mycompany.com to the DNS Search Domains list in the Network PrefPane. it will automatically try <servername>.mycompany.com if you just enter <servername>



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: eeyoredragon on Mar 13, '08 06:11:28PM

this only works if you select "all traffic over vpn" (in leopard... i think tiger defaults to this).



[ Reply to This | # ]
Mount shares by name over VPN
Authored by: rustin on Mar 19, '08 11:01:02PM

You're mostly correct by that assumption. Be careful however with OSX versions besides Leopard when specifying search domains that end in .local for the search domain--which a lot of Windows admins like to use for setting up small office domains. Because it conflicts with bonjour/rendevouz, there is special way to do this for panther/tiger. I found this out by it completely bringing my powerbook to halt and unusable within ~10 seconds after OSX startup... I think I had to boot single user to fix it.



[ Reply to This | # ]
WHY IT DOESNT WORK OVER VPN
Authored by: rustin on Mar 19, '08 10:56:07PM

I looked over the comments and noticed that no one seemed to catch this, so I thought it my duty to point out what is likely going on.
WHY HE DOES NOT AUTOMATICALLY SEE SMB/CIFS SHARES WHEN VPN'ED IN:
Windows computers associated in a simple workgroup or without proper ActiveDirecty/Domain configuration, use NetBIOS to notify other workstations of available network hosts. NetBIOS operates on a local network through the use of layer 2 broadcasts (i.e. ethernet broadcasts) and limits automatic service discovery to nodes that exist on the same broadcast domain (i.e. same switch vlan, same hub, same physical network basically). NetBIOS can be encapsulated in IP packets (called NBT or NetBIOS over TCP/IP) and routed across the internet; however, that doesn't allow automatic host discovery. If you know the IP address of a suspected host, you can probe it to see if any SMB shares exist (Command-K in the finder--obviously this extends to knowing the valid DNS name as that's just a shortcut to the IP address) but if you are not on the same physical network (technically, the same broadcast domain) as a workstation, you will not see it automatically pop up in the Finder--even if you can ping it's IP address and have connectivity.
While I don't know his specific set up, its not very likely that when he connects via VPN, that the VPN router/server will forward L2 broadcast traffic toward him--effectively blocking the NetBIOS notifications. The only way to remedy this problem would be to create a Layer 2 VPN (via L2TP or similar) and specifically configure it not to block NetBIOS broadcasts, or explicitly allow them and nothing else. Another way would we through the use of a Windows AD domain controller and a good mac supported VPN implementation like a regular Cisco Router/ASA/PIX to terminate to with the Mac Cisco VPN client.

Everyone commenting seems to be caught up on DNS, which isn't the issue as he was able to refer to the machines by their DNS names to connect to them - When VPNed in, he has DNS connectivity to the server at his work that is apparently doing dynamic DNS updates via DHCP (or WINS or whatever...). Otherwise, the cause for his initial problem, prompting his hint, had nothing to do with DNS. The use of a hosts file also is no good because, as he explained, IPs change because of DHCP. Even still a hosts file is redundant because it appears that they have a Dynamic DNS server.

I can explain more of this, but I doubt anyone cares beyond this point--or even up to this point for that matter :) heh.

Sorry.. I couldn't help not see anyone point this out.



[ Reply to This | # ]