VPN and Network Browsing Problem

[MikeS]

Hi everyone,

I have a small peer-to-peer network of Windows XP machines connected to a D-Link DFL-200 firewall/router. I'm trying to get a remote PC to connect to the network, using D-Link's VPN client software.

After some grief, I've managed to get a VPN tunnel established and, on the remote PC, I can ping devices on the network and I can map a shared drive from a PC on the network, but only by specifying its IP address. I cannot browse the network, nor can I add a printer attached to a PC on the network, both of which I need to do.

It has been suggested to me that I need a WINS server (about which I know nothing) running somewhere at the network end, but I have not been able to find any information about WINS server for Windows XP. The few references I have found seem to indicate it’s available only in Windows Server. Is this the only way to achive what I want, or are there any other methods?

If anyone is knowledgable in this area, I'd be most grateful for any help you could offer.

[-pops-]

Hello and welcome to WF.

Most of our networking experts are in the USA/Canada and are thus still in bed. If you can wait a little while, I'm sure someone will be able to help out :)

[homecomputeraid]

Windows Internet Naming Service (WINS) is a system that allows Windows Me, 98, and 95 to communicate with other Windows computers on a LAN. If you're interested in an overview of what it does, it allows Windows Me, 98, and 95 computers to discover each other and find out what services they have available to share. Is the computer that's VPN'ing using one of those Operating Systems?

WINS is a Server based service to the best of my knowledge.

One thing you could try is enabling NetBIOS Extended User Interface (NetBEUI) Protocol on the PC that's VPN'ing in, and on any computer you would like it to browse through. NetBEUI allows much of the communication that would be handled on a WINS Server. Be aware that NetBEUI is not a very secure protocol. You'll want to do a port scan of the outside of your firewall after enabling it.

Enable NetBEUI on Windows 98 as follows:

Right click on Netowrk Neighborhood, then click Properties from the menu that appears:

Network_Properties.bmp

In Network Properties, click Add:

Add_Protocol.bmp

In the Select Network Component Type window, click Protocol, then click Add:

Select_Protocol.bmp

In the Select Network Protocol window, click Microsoft, then scroll down to NetBEUI. Click Ok, then Ok again. You may need the cabinet (CAB) files which are usually in c:\windows\options\cabs to do this. (Windows will ask you for your Windows CD. When it does, click Browse, and browse to the directory c:\windows\options\cabs). If the CAB files are not installed, you will need the Windows 98 CD.

I'll post the XP Procedures as soon as I can. No access to an XP machine right now.

Sincerely,

[MikeS]

Thanks for your suggestions, homecomputeraid.

All of the computers involved are running Windows XP. According to Microsoft (articles Q301041 & Q306059 refer), NETBeui is no longer supported, although it does seem possible to install it on Windows XP & instructions are provided.

However, the articles also state that NETBeui will not work for remote access, so I'm not sure whether this will provide the answer.

I'd be delighted if you could demonstrate otherwise, or if you had any alternative suggestions.

Thanks once again,

MikeS

[spikeychris]

NETBeui is an outdated protocol, if you can only connect via an IP then enable NETBios over TCP/IP.

[homecomputeraid]

I thought the one coming in on the VPN was a legacy OS, that's why I recommended NetBEUI since you don't have a WINS Server. The XP machines should be able to communicate without NetBEUI and without a WINS Server.

Have you enabled File or Printer sharing on all PC's? Do you have at least one shared resource on each PC? Are they all members of the same workgroup?

If you don't know how to check any of those things, I'll post procedures when I get home in a couple of hours.

[MikeS]

Thanks for your suggestion, spikeychris.

I have enabled NetBIOS on all machines, but I am still unable to browse the network from the remote PC, or vice-versa. Do you think it could be the settings on the firewall/router? It is currently set to pass all VPN-related traffic between the LAN and the VPN tunnel (there is a single checkbox for this on the DFL200), so I hoped this would be sufficient.

Something else I've noticed - I can ping devices on the network from the remote PC, but I cannot ping the remote PC from a computer on the network. Does this provide any clues?

Thanks once again,

MikeS

[homecomputeraid]

Just a thought (I've had this present a problem on my home network), are you using a 192.168.1.x, or 192.168.0.x network with a 255.255.255.0 mask on your home netowork? If so, do you know what IP Addresses are being used ont he remote PC? If its the same as the one it receives from the VPN connection, it will cause problems. Let me try to clarify:

Foreign LAN Host IP: 192.168.1.5 (IP of the PC trying to get to you)

IP for VPN Tunnel: 192.168.1.10 (IP given to the PC tunneling in to allow communication on your LAN)

IP for your LAN: 192.168.1.6 (IP of one of the Windows XP machines on your network)

Gateway for all PC's, 192.168.1.1.

If your topology resembles the above, the person VPN'ing into your network may have to change his or her IP address scheme so it's not the same as yours. I can help you with that if you need it. I changed my internal LAN subnet to 192.168.31.0 with a 255.255.255.0 mask, and made my Router's internal (Gateway) IP 192.168.31.1.

Sincerley,

[MikeS]

File & Printer sharing is enabled, the workgroup is the same & there are shared resources at both ends. In fact, the computer I am using as the 'remote' testbed used to be plugged into the network & everything worked fine. Although I have unplugged it from the network for this project, I have not changed anything & if I plug it back into the network, everything still works OK.

[homecomputeraid]

You're doing great troubleshooting Mike. Please let me know about the IP schemes as outlined above. :)

Let me know if you need any help finding the info.

Sincerely,

[spikeychris]

I have never run the setup MikeS desires but I would now say that for name

resolution issues he will need to install a DNS or Wins server. I had a similar problem with XP on a 2k3 network that needed a RAS server...XP doesn't have RAS as an option but running a DNS server and pointing it at the local server worked.

Configuring TCP/IP to use a WINS is simple. click here

[homecomputeraid]

SpikeyChris,

Do you know of any free or low cost DNS Servers MikeS could set up?

I found this page http://www.dns.net/dnsrd/servers/windows.html with some potential software, but haven't tested any of it.

I would like to start with the IP scheme before going too far into other things though. Pinging by IP should not be affected by DNS, and Ping isn't working in both directions through the tunnel yet.

MikeS,

When you tried to ping the remote computer (the one that was VPN'ed in), what IP Address did you ping? You will want to ping the address of the PPP or VPN adapter, not the regular Network Adapter.

[spikeychris]

You're right, its only passing one way.What about opening opened port 1723 (PPTP)

[MikeS]

homecomputeraid,

As you rightly guessed, my network is 192.168.1.x and the router is set to 192.168.1.1.

On the remote PC, the network connection associated with the network card is configured for DHCP, but it is disconnected from the network & has been disabled, so there is no IP address allocated to it. The network connection associated with the VPN client software is also configured for DHCP, but when the VPN link is established, it acquires a value of 192.168.254.2 (I've no idea where from).

spikeychris,

I have already looked at configuring TCP/IP to use WINS & this seems relatively straightforward. The problem is, I do not have a WINS server to point it at. All machines on the network are Windows XP, & I have not been able to find any references to WINS server software for XP.

[spikeychris]

Think we might have it. I was sure it was a NETBios issue and if you configure the Windows XP Professional client to use Lmhosts for NetBIOS name resolution it should fix it.

M$ knowledge base

If you edit the LMHOSTS.SAM with Notepad, adding each of the PCS in the LAN and its IP address then enable LMHOSTS (on the WINS tab in the Advanced properties of the Local Area Connection) then Import LMHOSTS

Actually rather than editing the LMHOSTS.SAM file create a file called "LMOST" with notepad on each computer and save it in {Windows Directory}\System32\Drivers\Etc) You will find that "%SystemRoot%\System32\Drivers\Etc\" will get you there from the run command. place the IP and name of each and every computer that you want to see in this file and reboot.

[MikeS]

Activating LMHOSTS seems to have no effect at all.

In "My Network Places", I can "Add a network place" by specifying the host's IP address & a shared folder name (eg. \\192.168.1.7\C). This folder then appears under My Network Places in Windows Explorer & also appears in the browse list when I map a network drive. This is a marginal improvement in user friendliness!

It still means the remote PC can access only known shared folders on known machines with static IP addresses. And despite much trying, I cannot find a way to access a shared printer on the network.

Any further ideas anyone?

[spikeychris]

Run "ipconfig /all" on XP and look at the "Node Type" at the beginning of the output. Does it say "Peer-to-Peer"

[MikeS]

On the remote PC and the network PCs, the Node Type is shown as Unknown.

[spikeychris]

Unknown. mmm I wasn't expecting that one, I was expecting it to say either peer-to-peer or point-to-point.

Peer-to-Peer means that the computer only uses a WINS server, which isn't available on a peer-to-peer network for NetBIOS name resolution. You could try this [*I haven't a clue as to whether it will work though*]

Navigate to HLM\System\CurrentControlSet\Services\Netbt\Parameters and delete these values

NodeType

DhcpNodeType

Reboot.

[scuzzman]

Also - when you try to ping the remotely connected machine - are the pings "Timing out" or getting a "Dest. host unreachable"

The reason I ask is this:

Timing out indicates it found the machine, but the packet got lost along the way

Host unreachable means it doesnt know the machine exists

this command has worked for me when I get timeouts:

netsh int ip reset resetlog.txt

this will reset the TCP/IP stack

[homecomputeraid]

Instead of LMHOSTS, you could try editing the HOSTS file. It's in the following directory:

c:\WINDOWS\system32\drivers\etc (it may be in c:\winnt\system32\drivers\etc).

I recommend copying the file to a different location before editing it, just in case it gets messed up.

In Windows Explorer, browse to the above folder, then right click the HOSTS file. Select Copy from the menu, if you haven't already copied it somewhere, and put it in a location you know (desktop maybe?). After making your copy, right click the original file in the c:\WINDOWS\system32\drivers\etc directory and select Open. From the Open With window that opens, select Notepad and click Ok.

The following will open in Notepad:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

All of the lines preceded by a # symbol are just comments. The only valid line in this file so far is 127.0.0.1 localhost. You can add the two PC's to the one that's VPN'ing in, and add the one that's VPN'ing to the two local PC's as follows:

192.168.1.x PC1 #replace .x with the PC's host address and replace PC1 with the computer's actual network name.

192.168.1.y PC2 #replace .x with the PC's host address and replace PC2 with the computer's actual network name.

These entries go into the HOSTS on the PC VPN'ing in file right after the 127.0.0.1 entry.

On the local PC's, add

192.168.254.2 PC3 #replace PC3 with the actual network name of the VPN'ing PC.

This is kind of manual workaround for a network with no DNS Server.

EDIT: Just making it easier to understand what to put into the hosts file :D -- Scarecrow Man

[spikeychris]

Will this one be sorted by New Years Day GMT. :)

[MikeS]

OK guys, back to this conundrum after a short break.

Oh & BTW .... Happy New Year!

spikeychris,

I'm afraid the registry values NodeType & DhcpNodeType do not exist on either computer.

scuzzman,

Attempting to ping the remote machine gives 'Request Timed Out'. I reset the TCP/IP stack as you suggested, but this made no change.

homecomputeraid,

I edited the HOSTS file as you suggested, but this also appeared to have no effect. I tried mapping a network drive using the hostname instead of the ip address, but this failed with a message about the hostname being duplicated on the network.

As one of the principal functions of VPN is supposed to be to enable remote users to connect into a network & share resources, I'm amazed how difficult this task is proving. Surely I am not breaking new ground here? Surely there must be many people who have trodden this path before me?

Frustrated,

MikeS

[homecomputeraid]

I do it often Mike, but it's either with Windows' PPTP client, or a Cisco or Nortel client going into a Cisco or Nortel VPN Device.

Are you using a client that came with the device, or the Windows PPTP client? It sounded to me like you're using one that came with the device.

Also, a silly question, but are you trying to VPN from 'inside' the Router? Is the PC that's VPN'ing in coming from the Internet, or is it already on your LAN somehow?

I've had great difficulty getting VPN's to work from inside interfaces. If you're VPN'ing from your own LAN, let me know, and I'll explain some problems with that.

[MikeS]

As mentioned in my first posting, I'm trying to use D-Link's VPN client software, because, on the face of it, it seems considerably easier to configure that XP's VPN client. I have at least managed to establish a VPN tunnel & map a drive.

I have also spent quite some time attempting to get an XP client working, but I'm finding it much more complex than the D-Link software & I have not yet managed to establish a VPN tunnel. If I could crack getting an XP client working, then I'd probably go that route. Do you know where I can find any guidance or worked examples on how to configure an XP client?

To answer the last question, the 'remote' PC is unplugged from the network & is connecting via a dial-up link to my ISP.