VPN connection causes unwanted WINS entry and destroys NetBIOS connectivity...

Alright, here's the situation:

I have a hardware VPN server at my house. It is just a Linksys router running DD-WRT, but it works for me as a PPTP VPN. There are 3 subnets in my house and they all have static routes enabled between them and they can all see each other and communicate just fine.

The first subnet is 192.168.1.0 and this contains the Verizon FiOS Router (internet connection), a few printers, and my families computers.

The second subnet is 192.168.2.0 and this is my room, controlled by the VPN router, containing two desktops, a laptop, and a file server (Windows Home Server) that everyone in my house uses for movies and music. When I VPN, obviously I'm connecting to this subnet.

The third subnet is 192.168.3.0 and is mainly a Cisco lab headed up by an 871W router, but somewhere in the mix I have a Server 2003 box running WINS so that I can access computers between all the subnets by NetBIOS names... if the WINS server isn't running I can only resolve connections by IP address and of course its a lot easier for the rest of my family to use the computer names. This WINS server is assigned along with IP addresses by all the DHCP servers in my network.

Everything works FINE, except I just started noticing one thing. When I VPN from my work, a 10.x.x.x subnet, and start accessing things - namely my file server, it creates WINS entries that I don't want. When I check WINS, I now have an entry for my WORK computer as well as the workgroup at my work. It gives BOTH of these entries the IP address 192.168.2.20, which is the address of my file server.

I suppose its using the address of my file server because that's the device I'm trying to connect to. This destroys any ability to connect to this device, even by IP address. Also I want to add that this is via remote desktop... so basically I initiate a VPN, open a remote desktop session to the IP address of my main desktop (on the 192.168.2.0 subnet), then try to access my file server which is also on the same subnet and I can't ping it or access shares or anything.

If I try to remote desktop to the NetBIOS name or to the IP address of my file server, it connects a remote desktop session BACK to my WORK computer.

I have tried deleting AND tombstoning the WINS entries for my work computer and for my workgroup at work, but they come back instantly.

What do I need to do to cut this out? Every time I VPN into work from home, everyone loses the ability to connect to things at my house. When the VPN session is closed, I can delete the WINS entries and my network resumes normal operation, but when I connect again it starts all over.

Please help.
LVL 8
MaestroDTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
You should get rid of WINS entirely and use either AD, or hosts files if needed.

I hope this helps !
0
MaestroDTAuthor Commented:
I'm pretty sure the WINS entries are a SYMPTOM of the problem, not the cause, because when I connect based using the IP Address is still comes back to my work computer. When connecting with IP, it should IGNORE the WINS server entirely.

And that comment doesn't help because I don't want to use hosts or AD. I don't want to add all computers to a domain, nor do I want to go around and edit hosts files on 10 computers in my house, plus I don't have constant access to the rest of my family's computers, but thanks anyway.
0
RGRodgersCommented:
I am no longer running the DD-WRT software on my Linksys routers as I just use the standard load.  But, I do have a very similar VPN between my office 10.0.0.0/24 and my home 192.168.192.0/24.  I happen to use AD/DNS not WINS.
I just checked my VPN configuration and there is a NetBIOS Broadcast entry in it.  Perhaps disabling that would help eliminate the WINS issue?
Just for discussion, I routed my home network at first in your exact same scenario.  I ended up dropping the routing and flattening it into a single subnet.  The Linksys routers run firewalls that I couldn't completely disable and they got in my way.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

MaestroDTAuthor Commented:
I don't see a NetBIOS Broadcast entry...?
0
RGRodgersCommented:
I am running the standard load, but DD-WRT should have the same thing.  On mine, I have to go to edit the VPN entry and then select the Advanced button.  The NetBIOS Broadcast is there, at least on mine.  I am looking at a Linksys RV042 with load 1.3.12.6.
0
RGRodgersCommented:
The help entry says:
NetBIOS broadcast: Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By default, RV042 blocks these broadcasts.

Mine is enabled to allow the broadcast.  Surprises me because I have eliminated all NetBIOS traffice.  
0
MaestroDTAuthor Commented:
There is a broadcast support option on the VPN page, but I looked that up and its supposed to control broadcast in general, not NetBIOS
0
RGRodgersCommented:
Might want to take it up on the DD-WRT support forum.  Are you current on their software?  As I said, I used to run it but it has been a while.  I just never had the use for all the many options.  
I would probably try disabling VPN broadcast.  You probably don't want that happening anyway.  Disclaimer that I don't know if that includes NetBIOS/NetBEUI or not and whether or not it might break something you need.
Just a suggestion to consider DNS in the future, not necessarily AD if you don't need it.  It shouldn't be necessary to solve this problem tho.
0
MaestroDTAuthor Commented:
so run DNS on the server instead of WINS?
0
MaestroDTAuthor Commented:
also, what will disabling Broadcast Support do exactly?
0
RGRodgersCommented:
Yes, you run DNS on the server instead of WINS.  You configure your clients to disable WINS and to enable DNS registration on your DNS server.  This registers their names and IP addresses to DNS dynamically, much the same as WINS but with a domain name, such as mypc.yourdomain.com, for example. It does take some work and planning, but it's very nice once it is up and running.
Networks use broadcasts to transmit information that is not necessarily specific to a client but that other computers on the network may need to know.  This can include non-routable information, such as NetBEUI.  Broadcast can put a lot of load on a slower link, such as a WAN.  It is very common for routers to disable such broadcasts across a VPN.  Check this link to get more information about unicast, broadcast, and multicast messages:
http://www.tcpipguide.com/free/t_MessageAddressingandTransmissionMethodsUnicastBroa.htm
This discussion is interesting because it actually shows how a broadcast would work.  IP uses address 255.255.255.255 for a general broadcast.  Routers typically do not forward thos messages.  In your case, VPN actually is.  You typically have to tell your router you want specific broadcast messages transmitted, like DHCP, ARP, NetBIOS, etc.
http://www.comptechdoc.org/independent/networking/guide/netbroadcasting.html
If you do a run | cmd | route print, you will see the broadcast entries in your routing table.   This is how your system knows where to send them.
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RGRodgersCommented:
Oh, in my case, I have my office and home interconnected through site-to-site VPN with AD/DNS/DHCP servers talking between themselves at both locations.  This keeps everyone happy and in synch.  It also allows me to easily access my home systems from work and vice-versa since they are all on the same network, albeit different subnets.  
The point is, if you use DNS at home and don't connect it to work, you won't have DNS naming for your home at your office to RDP to your server.  Of course, once you are on your home server, it will know all about your home network.
0
MaestroDTAuthor Commented:
wasn't able to fix the issue with the actual configuration, but might as well use DNS, whatever
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.