<Gutsy, OpenVPN 2.0.9, Shorewall 3.4.4, Samba 3.0.26 as PDC, dhcpd is running> Shorewall server policy is configured for open access between loc <--> vpn and $FW<--> vpn (vpn is the separate zone established for openVPN). OpenVPN is in a routing configuration. Samba is running as PDC and WINS is enabled. The WinXP Pro laptop's firewall is on with ports 1024-2096 open, and it reports no blocked packets. I have no problems establishing a tunnel from the laptop either 1) when connected directly to the Internet (on a spare fixed IP address), or 2) from behind a NATed corporate firewall at work. Once connected, however, I encounter several problems. 1) I only can connect to the server and the other systems on its local LAN using their IP addresses; network names don't work. This is true for SSH, NetHood shares, Remote Desktop Connections. For the server I can use either its openVNP 10.8.0.1 or its local IP of 192.168.2.254. The corporate LAN on which the laptop sits uses subnets 192.168.1.0/24 and 10.0.0.0/20, separate from anything on the vpn or the local LAN. From a WinXP system on the LAN I can use network names internally, but the laptop doesn't appear in the NetHood. From a Gutsy client setup on the LAN I see the server and the WinXP machines, but not the laptop. It doesn't make any difference if I explicitly enable NetBIOS over TCP/IP in the Tap adapter or not. So, routing is up but SMB or NetBIOS aren't hitting the vpn. Here's the relevant part of smb.conf: Code: passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = bcast wins host lmhosts domain logons = yes preferred master = yes wins support = yes #Control net access hosts allow = 192.168.2. 192.168.3. 10.8.0. localhost interfaces = eth0 eth2 vpn lo bind interfaces only = yes 2) I get one DHCP lease renewal error in the WinXP application event log with a timestamp that matches the time that the tunnel was established: The IP address lease 10.8.0.6 for the Network Card with network address 00FF2B6ED103 has been denied by the DHCP server 10.8.0.5 (The DHCP Server sent a DHCPNACK message). ipconfig on the laptop reveals that it was given 10.8.0.5 as DHCP server address for the Tap-Win32 adapter (it also has 10.8.0.1 for DNS and WINS servers as pushed from openVPN's server). This isn't really a problem but may be a symptom of another related issue. Any comments, hints, suggestions on how to get network browsing to work on OpenVPN are greatly appreciated. -- Dr John 3)
