Connecting to Windows Network via VPN

[Tom Rivers]

On Sat, 2006-06-10 at 11:59 -0500, Bill Polhemus wrote:
> Tom Rivers wrote: 
> > Hi Bill,
> > 
> > The UNC notation assumes that your client system knows the shares you
> > are trying to access by their Microsoft names.  If I am not mistaken,
> > that requires that your client receives and processes NetBIOS
> > information.  My experience with VPN's is that NetBIOS isn't normally
> > passed through the tunnel unless it is specifically configured to do so.
> > Perhaps this is part of your problem.
> > 
> > 
> > Tom
> > 
> >   
> Well, this DOES work when I access via the plain-jane (i.e. NOT the
> Cisco client) VPN connection from Windows. So I am assuming it will
> work with Linux. FWIW, when I make the VPN connection through this
> PPTP client, it tells me the following:
> 
> Using interface ppp0
> pptpconfig: monitoring interface ppp0
> Connect: ppp0 <--> /dev/pts/2
> MPPE 128-bit stateless compression enabled
> local  IP address 10.1.8.82
> remote IP address 69.8.148.12
> primary   DNS address 10.1.2.1
> secondary DNS address 10.1.2.3
> pptpconfig: pppd process exit status 0 (started)
> ip route replace 69.8.148.12 via 192.168.1.5 dev eth0  src
> 192.168.1.105
> pptpconfig: routes added to remote networks
> pptpconfig: DNS changes made to /etc/resolv.conf
> pptpconfig: connected
> pptpconfig: restoring routing and DNS configuration
> ip route del 69.8.148.12 via 192.168.1.5 dev eth0  src 192.168.1.105
> mv /etc/resolv.conf.orig.WJE /etc/resolv.conf
> pptpconfig: routing and DNS configuration restored
> 
> This tells me that 1) a secure connection is made and 2) there is DNS
> in the 10/8 address space.
> 
> So where do I go from here? Ultimately I want to connect to the remote
> desktop, but can't figure out the syntax for that.
> 
> (BTW, on my Windows laptop, I have to FIRST make the VNC connection,
> and THEN fire up the remote desktop client).

Hi Bill,

DNS is completely different than NetBIOS.  NetBIOS is a Microsoft-
specific protocol used to identify servers, printers and other resources
on a LAN.  DNS is a universally accepted way of translating domain names
into IP addresses.  Having one configured doesn't necessarily imply that
the other is configured as well.

The only reason I made reference to NetBIOS not necessarily being passed
over a VPN tunnel is that most of the appliances I have worked with have
a setting that can be used to propagate NetBIOS over a VPN tunnel.  I am
certainly not trying to assert anything other than I have seen
situations where it is not automatically configured by default.

Before you go any further, you may want to ensure that the NetBIOS
packets are not getting dropped somewhere along the way.  Check your
firewall logs for any dropped packets using ports 137-139.  If they are
being filtered, then you aren't going to get very far.

One thing you could try that may indicate if NetBIOS is working over
your VPN is to ping the IP address of the system whose network share you
are trying to reach from your Linux client.  If you get a result, that
means that ICMP packets aren't being dropped.  Next, try pinging the
Microsoft name of the system, assuming you haven't added it to your
Linux client's hosts file.  If you don't get replies then the NetBIOS
name of the system is not known by your Linux client and that may mean
that NetBIOS functionality is being blocked somehow.

With respect to the PPTP package you are using, I am not really familiar
with it so I defer to the others on this list who are infinitely more
knowledgeable in this area.  I just wanted to throw in my $0.02 worth
because I have been bit by NetBIOS not being propagated over a VPN link
before myself.



Tom