Simple setup - getting at Windows "Shares"?
Newbie: just installed pfSense, and the process went extremely well! Many thanks to all involved.
Road-warrior setup; the pfSense/OpenVPN "LAN", at the Server side, is rather HUGE - just a single Win-XP-Pro PC !! (192.168.32.1/24). No special "Server" box, etc. The pfSense box is at 192.168.32.33. We're running on PPPoE, with an ADSL modem on the pfSense box. The pfSense configs are as per Gino Thomas notes - except, for now, we've inserted an extra WAN Firewall Rule to respond to PINGs (ICMP).
The remote PC connects perfectly. PING on the remote PC, by IP, can locate the internal LAN PC, but cannot find it by Comp-Name, etc. The LAN PC has some Shares which other PCs on the LAN can see (if connected), but we've not managed to see those shares on the road-warrior, nor to see the main PC on "Network-Neighbourhood", etc.
We've scanned through the Posts here, but still cannot determine if shares on our setup should work, and how to do so…
Thank you for any suggestions, or references to any similar issues...
since you have no local DNS- or WINS-Server in your setup, Windows will try the lookup for the computer name via a NetBIOS-Broadcast. The mechanisms used for building the network neighbourhood in a windows network (local/master browser election) as well use broadcast pakets. I don't think that broadcast pakets are routed through the OpenVPN-Tunnel (when i setup such scenarios using ordinary routers, i usually don't let them route broadcasts, but i'm not sure how OpenVPN behaves regarding that matter).
I suggest you try to solve the Comp.-Name issue by creating static name/ip-address mappings in the lmhosts file on both computers. You should restart the computer after creating the mappings, to make the changes take in effect.
But you can also access windows shares by ip, a computername is not needed for that. Entering \192.168.32.1 in your windows explorer should show you all visible shares on the computer with that ip address. With \192.168.32.1\c$ you should be able to access the administrative c share (provided your user is allowed to access this share).
Very many thanks, Daniel.
I think EVERYTHING you've said is right "on-the-button" - including your speculation that the NetBios packets don't get through.
The IP-address is acceptable for these tests. In the proposed "live" site, WINS, etc, is running, so the overall setup should be a little nicer.
Thank you again,