Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to site SMB discovery and sharing [closed]

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 4 Posters 11.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nightflier
      last edited by

      I got far enough to make it work for my particular situation. Somewhat of a dirty hack, but since the machines that need to be reachable have static IP addresses, I just added them to the HOSTS file on the clients.

      As far as getting full fledged samba browsing and sharing, I realize that there is a lot more involved. The keywords to search for seem to be NetBIOS and WINS. To answer my own question about my current setup being a viable starting point, looks like the answer is "maybe not". According to this: https://doc.pfsense.org/index.php/Why_won%27t_OpenVPN_push_routes, there is a difference in how "shared key" and PKI works.

      Edit: This post was really just intended to inform that I had gotten this particular problem solved. I still have more steps to go before done, but will post different threads if I have any more questions.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why does it have to be \COMPUTERNAME

        That is not a good way to do it, even when computers on on the same network you should always use \FQDN

        So for example if your computer is called host vs doing \host you should do \host.domain.tld

        This will use your dns to get the IP.  You just need to make sure that the clients are using DNS that can resolve your computers fqdn that your using.

        Where did you come up with the idea that these sites need to be bridged?  Do they use the same IP space on both sides?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • N Offline
          nightflier
          last edited by

          The proprietary, un-configurable, software in question uses \COMPUTERNAME

          There is no local domain controller. Windows shows "Full computer name" as a single, non-dotted word.

          The idea of a bridge appeared as it seemed to be the easiest solution, with same IP space on both sides.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well that is borked software.. From what the early 90's or something?

            You could create host files as suggested on the machines in question or you could setup wins..  Or yeah you could put both these networks on the same layer 2 with bridge so they can broadcast for names.. That would for sure be the LAST possible choice!!

            Just because you have not given a domain name to your computers does not mean you can not do that, even if you don't have one.  So these windows machines are not in AD??  You say their is no local DC..  But is there one remote that they are a member of?

            You do not need to be member of AD domain to setup fqdn for your machines and point them to a dns that would resolve hosts in that domain.  Once you place the machine in a domain.. Its quite possible it would do a fqdn query for the name, etc.

            Depends on this borked software in question - what is the name of this software, maybe there are docs on the internet can look at, etc.

            While sure it is technically possible to put your sites on an extended broadcast domain so that clients could broadcast for names.. Not a good idea!!!

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • N Offline
              nightflier
              last edited by

              Heh, I also have a few disagreements about how the software is done. However, it is sold as a pre-configured package, using its own wifi router that remains separate from our business network. The peer-to-peer network only has two servers and three clients, all supported remotely by the parent company under a support agreement, and we are not supposed to "mess with it". I do have access to the mobile laptop clients and can make minor tweaks to their configuration. I can also add a computer to the network.

              The system is pretty cutting edge, servers control a material mill, shaping items from 3D scans created on the clients.

              To be fair to the manufacturer, I am trying to extend the usability of the system beyond what they had envisioned. I have spoken to the company and explained what I want to do. They have no objections, but have never had anyone else do it, and offered no help in setting it up. So I'm hacking away at it, learning a few things along the way. :)

              1 Reply Last reply Reply Quote 0
              • PippinP Offline
                Pippin
                last edited by

                Hacking away….:)

                If you have a machine that can do WINS server....
                Or, Samba can do that too, it has a WINS server built-in, look Samba man.
                Then, push "dhcp-option WINS x.x.x.x" in OpenVPN server.

                I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                Halton Arp

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "using its own wifi router that remains separate from our business network."

                  So if its on a different layer 2 then your other networks, devices on this isolated network would never be able to "broadcast" for names..  If your just trying to hit some server that is on this isolated network.  Just create a dns record that points to this IP.

                  How would you bridge this network into your if its behind its own router??  Do you have control over this router?  Is it doing nat?  Would really need more details to try and help you skin this breed of cat.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • N Offline
                    nightflier
                    last edited by

                    I really appreciate the replies, guys. This project is something I get to in between other duties so it's taking me some extra time.

                    To clarify, I no longer consider broadcast/discovery necessary for this particular setup. Using the HOSTS file will suffice for such a narrow case. Should probably change the title of the original post. Before I do that, allow me to answer your questions though.

                    I do not have access to the the router of the small network in question, so next step is to try the pfsense server on its NAT'd LAN side.

                    I have multiple static IPs available, and PfSense WAN will go on one of those. Access will be through this static IP.

                    Any thoughts on this scheme are appreciated, even if it is to instruct me to open a different thread.

                    1 Reply Last reply Reply Quote 0
                    • N Offline
                      nightflier
                      last edited by

                      Let me try to illustrate..

                      VPN-hack.jpg
                      VPN-hack.jpg_thumb

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        Why are you calling the wifi router a router when (apparently) the same subnet is on both sides?

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • N Offline
                          nightflier
                          last edited by

                          In these kinds of setups I usually forego using the WAN side of the wifi router. Disable dhcp and set an IP address which is out of the way. Plug in a cable to LAN side and just let the traffic flow between the ethernet port and the wireless antennas.

                          Hey, I like the diagram in your sig. It would be nice if it was in an editable format, like .odg.

                          1 Reply Last reply Reply Quote 0
                          • DerelictD Offline
                            Derelict LAYER 8 Netgate
                            last edited by

                            In that case it is not a router it is an AP or a bridge. Calling it a router just confuses people.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • N Offline
                              nightflier
                              last edited by

                              Okay, I understand.

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                nightflier
                                last edited by

                                Closing comment: My initial testing was done using Windows 7 clients. However, the laptop clients in use are actually Windows 10. When I tested the W10 clients, everything worked out of the box - browsing and sharing, as if they were on the same physical network.

                                So yes, a Peer to Peer (shared key) connection is a viable setup for me.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.