• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1481
  • Last Modified:

Samba over vpn ipsec tunnel

I have a firebox all set up and its working great but the vpn refuses to route samba shares. i can connect to mail active diectory dns like outlook and exchange 2007 works. even apple talk works. but samba refuses to even work. i've tried to add smb.in and smb.out for the vpn tunnel but still nothing. is there something i have overlooked or something i have to set.
0
martin69
Asked:
martin69
  • 8
  • 8
1 Solution
 
dpk_walCommented:
>> vpn refuses to route samba shares

I think you are using NetBIOS, if yes, then by default NetBIOS cannot be routed on a VPN tunnel; you should configure NetBIOS to run over TCP/IP; if it does then yes it can be routed over a VPN tunnel.

On a single machine you can go to Network card properties and TCP/IP properties, WINS. enable NetBIOS over TCP/IP [http://www.practicallynetworked.com/sharing/troubleshoot/netbt.htm]

I am not sure how to configure the same at the network level; there is no specific settings on WG by which we can configure NetBIOS over TCP/IP on WG.

Please let me know if I missed anything.

Thank you.
0
 
martin69Author Commented:
hi, that got wins working. now just the weird issue of no windows file sharing working.

if i goto \\192.168.0.100 for the server it does not list the shares it just tells me it cant be found but if i go to a mac and goto afp:\\192.168.0.100 i see the shares.

but now wins will let me ping names and sql sees the name but no file sharing.

frustrating, so far even WG cant answer it. got them logging into the box to check at mo.

worked great on the old Firebox III's now dead. sods law.

any ideas would be great

Cheers
0
 
dpk_walCommented:
Which version of software is the device running, further what policies have you configured for the VPN traffic.

If you have not configured ANY service I would suggest you to first configure ANY service and then check if the traffic is flowing; if yes, then we can note the specific ports utilized and then narrow down the ports.

Please advice.

Thank you.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
martin69Author Commented:
yeah its fireware 9.1 its got the any service running. but i have no idea what windows file sharing and wins use. with the other fireboxes i have used before fireware any service did the lot. is that not the case now.
0
 
dpk_walCommented:
ANY service should do the trick; can you advice how is the ANY service configured?

You should have two services like: Any.in and Any.Out; which would take care of all the traffic coming in/going out.

Thank you.
0
 
martin69Author Commented:
yeah the any service was created by the tunnel. so it sayd tunnel name to any and any to tunnel but smb is the only thing plus wins that just refuses to work. but strange thing is the any service for pptp works with everything.
0
 
dpk_walCommented:
Do you have fireware pro installed; or is it WSM without fireware. One simple check is if you have options for WAN failover then you have fireware pro otherwise not. You can look at installed licenses on the device as well.

Please advice.
0
 
martin69Author Commented:
its not fireware pro. just fireware 9.1
0
 
dpk_walCommented:
Try creating ANY service as below and see if this makes any difference:

ANY.out
From: IP-subnet-on-trusted-network; to internal-IP-subnet-of-remote-end

ANY.in
From: internal-IP-subnet-of-remote-end; to IP-subnet-on-trusted-network

Please see if this makes any difference.

Thank you.
0
 
martin69Author Commented:
right done that so there is only a any.in and any.out with 10.249.0.0/24 to 10.254.0.0/24 in out and 10.254.0.0/24 to 10.249.0.0/24 in , in. and strangely the vpn is faster than before but no samba just times out and wins. but i can get dns apple talk rdp vnc ping anything print to network printers. im just baffled really. disheartened as well as maybe watchguard is not as good as it was before.
0
 
dpk_walCommented:
I am sorry but at this I am also not sure what else could be blocking the traffic from getting over the VPN tunnel. I have myself run out of ideas.
May be please contact WG support and check with them if they have changed any specific things with reference to VPN implementation.
0
 
martin69Author Commented:
yeah have done waiting for them to ring back. thanks for trying though.
0
 
dpk_walCommented:
Please update if they have any clue as to what is happening.

Thank you.
0
 
martin69Author Commented:
will do, no problem
0
 
martin69Author Commented:
net gear, has taken out a tick box that says netbios so from 3.01.31 firmware it does not work with vpns for wins or windows file sharing. link sys adsl routers that do gateway vpns work fine.

thought i would let you know.
0
 
dpk_walCommented:
Thank you for the information.
0
 
Vee_ModCommented:
Closed, 250 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 8
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now