Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'WHY IT DOESNT WORK OVER VPN' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
WHY IT DOESNT WORK OVER VPN
Authored by: rustin on Mar 19, '08 10:56:07PM

I looked over the comments and noticed that no one seemed to catch this, so I thought it my duty to point out what is likely going on.
WHY HE DOES NOT AUTOMATICALLY SEE SMB/CIFS SHARES WHEN VPN'ED IN:
Windows computers associated in a simple workgroup or without proper ActiveDirecty/Domain configuration, use NetBIOS to notify other workstations of available network hosts. NetBIOS operates on a local network through the use of layer 2 broadcasts (i.e. ethernet broadcasts) and limits automatic service discovery to nodes that exist on the same broadcast domain (i.e. same switch vlan, same hub, same physical network basically). NetBIOS can be encapsulated in IP packets (called NBT or NetBIOS over TCP/IP) and routed across the internet; however, that doesn't allow automatic host discovery. If you know the IP address of a suspected host, you can probe it to see if any SMB shares exist (Command-K in the finder--obviously this extends to knowing the valid DNS name as that's just a shortcut to the IP address) but if you are not on the same physical network (technically, the same broadcast domain) as a workstation, you will not see it automatically pop up in the Finder--even if you can ping it's IP address and have connectivity.
While I don't know his specific set up, its not very likely that when he connects via VPN, that the VPN router/server will forward L2 broadcast traffic toward him--effectively blocking the NetBIOS notifications. The only way to remedy this problem would be to create a Layer 2 VPN (via L2TP or similar) and specifically configure it not to block NetBIOS broadcasts, or explicitly allow them and nothing else. Another way would we through the use of a Windows AD domain controller and a good mac supported VPN implementation like a regular Cisco Router/ASA/PIX to terminate to with the Mac Cisco VPN client.

Everyone commenting seems to be caught up on DNS, which isn't the issue as he was able to refer to the machines by their DNS names to connect to them - When VPNed in, he has DNS connectivity to the server at his work that is apparently doing dynamic DNS updates via DHCP (or WINS or whatever...). Otherwise, the cause for his initial problem, prompting his hint, had nothing to do with DNS. The use of a hosts file also is no good because, as he explained, IPs change because of DHCP. Even still a hosts file is redundant because it appears that they have a Dynamic DNS server.

I can explain more of this, but I doubt anyone cares beyond this point--or even up to this point for that matter :) heh.

Sorry.. I couldn't help not see anyone point this out.



[ Reply to This | # ]