Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS , NetBIOS , CIFS and PPTP

    Scheduled Pinned Locked Moved DHCP and DNS
    33 Posts 3 Posters 9.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arduino
      last edited by

      Hey everyone ,

      I would like to first state I understand PPTP is not secure and should not be used is almost all cases. Without going into details it should be known that security is not an issue at all. If everything on this network was completely open to the public It would not be important . Also the network I connect from is the same way.

      I need some help. How would I go about resolving hostnames over PPTP using pfSense. I have read around the forums but I am finding it difficult to get a direct answer. Some people say that you need a WINS server so I setup a Ubuntu WINS ; no change.

      The clients are all Windows 7. I am unsure if Windows 7 has LMhost files or if that is only windows XP , regardless this is not a solution for me.

      I can ping machines on the local network over PPTP but I cannot resolve host names .

      Sorry if this has been covered already and I missed it , any help is much appreciated .

      Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So you setup wins – did you point all your machines to it, so they register their names?  Are you running dns, do you have all the host names n there?  In your vpn setup are you handing to your vpn clients this info, be it wins or dns?

        why can you not use openvpn?  It has better support for netbios over tcp to vpn clients if you ask me.  I vpn into my home from work and have no issues resolving host names at my home location via dns

        As to this
        "If everything on this network was completely open to the public It would not be important "  BS -- since if it was it would be a complete and utter mess, you would be hosting warez, sending out spam, all your bandwidth would be tied up for other purposes, ddos in a botnet, etc etc..

        I love it when people mention nonsense like that - they clearly have not thought it through ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          arduino
          last edited by

          Well I could have elaborated a bit….

          I don't care because I will be using this for something that only needs to be running for one day. I know everyone here jumps to say " PPTP is worthless , never use it" . Maybe my disclaimer was a little bit ambiguous.

          Thanks for your help but I cannot use openVPN . It is a requirement.

          Is there anything else I could try? I don't seem to have any options and wish I could just use openVPN.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Here is the thing dns or wins work over pptp - so either you don't have them setup, or your firewall rules for your vpn connection are blocking them.  Its that simple.

            Look on your vpn client.  Does it get the settings?  Keep in mind these settings are if endpoint is actual client - those settings are not going to do anything if its site to site and clients on remote site do point to your wins or dns on the other side.  You would have to configure the clients to use your dns or wins.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • A
              arduino
              last edited by

              Thanks for the reply,

              My setup right now is that I have a Ubuntu 12.04 machine running as a WINS server. It has all the local machines registered and I can see them in the /var/log/samba as this:

              log.192.168.10.33  log.john          log.jack
              log.192.168.10.22  log.jim-pc      log.smbd
              log.192.168.10.31  log.nmbd        log.workstation

              On the pfSense side I have enabled the PPTP VPN server and set the Ubuntu 12.04 WINS server as the WINS server to be used.

              Now when I connect via PPTP do I have change any configuration on the client side for this to work or does pfSense handle this ..given I have connections using the WINS server.

              Thanks for taking the time to reply ,

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                So is a client like a desktop connecting, or some other router like pfsense connecting as a client.

                You mention all windows 7 machines - so are they directly connecting to the pptp server (pfsense) or something in front of them connecting.  If you do an ipconfig /all on the windows 7 machines - do they show your ubuntu wins server as their wins server for the pptp connection?  Do you allow wins ports on your firewall for the openvpn clients?  Does the firewall on ubuntu allow queries from remote networks?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • A
                  arduino
                  last edited by

                  Yes they are desktops connecting . They are all Windows 7 and when I use the command ipconfig /all the WINS does show up . I did add the WINS to each Windows computer manually. I will look at the remote queries . Do i need to port forward WINS over the lan? Is this traffic not travelling over the PPTP connection?

                  1 Reply Last reply Reply Quote 0
                  • A
                    arduino
                    last edited by

                    Also , as far as the wins server is concerned I am on the local network .. correct? Do I need to tell it to respond to remote IP's?

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      What node is the windows clients in.. if say in b-node I don't believe they would use a wins server if one was set.

                      But yes I would check the wins server to see if its firewall wall would block wins queries from remote networks.

                      I would prob sniff on your lan interface of pfsense and make sure your seeing the queries being sent to the wins server..  If you not seeing them and or answer then troubleshoot from there.  What are your firewall rules on your pfsense vpn interface?

                      nodetype.png
                      nodetype.png_thumb

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      • A
                        arduino
                        last edited by

                        Ok so I checked the Windows machines and I cannot seem to find the broadcast node label.

                        This is all testing for something that I plan to implement in a secure environment so maybe I should explain my requirements needed in the end.

                        I work for a company that uses special software to conduct research . The company employs people from locations across North America. The employees use VNC to connect to 1 of 10 desktop computers running this software and it has been working this way for 2 years.

                        Obviously this is sub-optimal and has no scaleability. We have since upgraded and now use a completely different network.

                        I am running a VM server (Proxmox) which has 40 Windows machines . This has not been put into production yet but I plan to have it up within the next week. These machines change often , we are constantly installing new copies of software on new machines and as such we require a better way to manage the systems available.

                        My choice was this:

                        I would have everyone working for the company connect using L2TP/IPSEC or PPTP. I don't like PPTP because it is insecure but is built into Windows. I am not opposed to using OpenVPN , it just means I would have to help everyone to install it.

                        If everyone connected to the network using VPN , it would remove the need to port forward 40-50 machines . Also , as I said , these machines are changing often so this would be difficult to manage.

                        What I want to do is have people connect using a VPN and once connected have a list of computers on their network to choose from . In Windows you have the option to "Connect Using Remote Desktop" when right mouse clicking on a network computer …. this is perfect.

                        Is there a way to set this up using open VPN. I was able to set it up using L2TP/IPSEC using Zentyal but had some minor issues and also would much rather use pfSense.

                        Please let me know if you have any ideas on possibly a better setup or how to setup openvpn to resolve hostnames in Windows WITHOUT the need to change settings on the client side.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          And what node are you in - H or M, you don't want to be in broadcast.

                          Post up a ipconfig /all  – what about just plain dns to resolve names?

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • A
                            arduino
                            last edited by

                            This is the L2TP/IPSEC connection. I presume it is nearly identical in setup as PPTP.

                            Windows IP Configuration

                            Host Name . . . . . . . . . . . . : JAKETEST-PC
                              Primary Dns Suffix  . . . . . . . : zentyal-domain.lan
                              Node Type . . . . . . . . . . . . : Hybrid
                              IP Routing Enabled. . . . . . . . : No
                              WINS Proxy Enabled. . . . . . . . : No
                              DNS Suffix Search List. . . . . . : zentyal-domain.lan

                            PPP adapter VPN Connection:

                            Connection-specific DNS Suffix  . :
                              Description . . . . . . . . . . . : VPN Connection
                              Physical Address. . . . . . . . . :
                              DHCP Enabled. . . . . . . . . . . : No
                              Autoconfiguration Enabled . . . . : Yes
                              IPv4 Address. . . . . . . . . . . : 192.168.10.55(Preferred)
                              Subnet Mask . . . . . . . . . . . : 255.255.255.255
                              Default Gateway . . . . . . . . . : 0.0.0.0
                              DNS Servers . . . . . . . . . . . : 192.168.10.1
                              Primary WINS Server . . . . . . . : 192.168.10.1
                              NetBIOS over Tcpip. . . . . . . . : Enabled

                            Wireless LAN adapter Wireless Network Connection:

                            Connection-specific DNS Suffix  . :
                              Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
                              Physical Address. . . . . . . . . : 00-24-D6-07-FA-9A
                              DHCP Enabled. . . . . . . . . . . : Yes
                              Autoconfiguration Enabled . . . . : Yes
                              Link-local IPv6 Address . . . . . : fe80::a1c6:9f6:57e5:265d%11(Preferred)
                              IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
                              Subnet Mask . . . . . . . . . . . : 255.255.255.0
                              Lease Obtained. . . . . . . . . . : Saturday, December 21, 2013 6:47:37 PM
                              Lease Expires . . . . . . . . . . : Wednesday, December 25, 2013 8:08:45 AM
                              Default Gateway . . . . . . . . . : 192.168.2.1
                              DHCP Server . . . . . . . . . . . : 192.168.2.1
                              DHCPv6 IAID . . . . . . . . . . . : 184558806
                              DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-26-28-49-00-25-64-5B-*****

                            DNS Servers . . . . . . . . . . . : 192.168.2.1
                                                                  192.168.2.1
                              NetBIOS over Tcpip. . . . . . . . : Enabled

                            Keep in mind this is from Zentyal. I do not want to use Zentyal , it is not nearly as good for me as pfsense. Please advise what I can do from here.

                            Thanks again for all your help!

                            1 Reply Last reply Reply Quote 0
                            • A
                              arduino
                              last edited by

                              Also when I am doing this with pfsense using OpenVPN , I select p-node on the config from pfsense.

                              Right now I have 3 machines with firewall distros on them ..swapping in and out doing testing..if you need me to setup pfsense I will.

                              Is my broadcast network 255.255.255.255 supposed to be /24?

                              Also , I am an idiot. I now see my node type is hybrid … How do I change this?

                              When I used NET VIEW /MACHINEID it resolves.

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                That is fine, hybrd check if wins sever listed if not or no answer then it broadcast.. That is works for you.

                                So again I am going to ask you.. Can the client ping the 192.168.10.1 box that is your wins and your dns.. Can he query it.. do a simple nslookup or dig to it.. For wins here is cmd line tool to verify queries work

                                http://support.microsoft.com/Default.aspx?kbid=830578

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                1 Reply Last reply Reply Quote 0
                                • A
                                  arduino
                                  last edited by

                                  The link you posted does not work.

                                  I looked up the WINS commands and they dont seem to work in Windows 7. I typed the following:

                                  1.)netsh>
                                  2.)wins

                                  this gave me:

                                  3.)netsh winsock>

                                  The syntax for this is : server \ServerName or server \ServerIP

                                  I tried both and they did not work for me.

                                  nslookup did resolve every computer on the network….

                                  I have no idea what the issue is ... There are 10 computers and I used nslookup on all of them and they come back with : COMPUTERNAME.zentyal-domain.lan  . That much is working.

                                  I also cannot ping the machines , only the server at 192.168.10.1 and machines on the end point side cannot resolve the vpn client via nslookup.

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    they didn't work for you local or remote..  The nblookup tool works just fine on windows 7..

                                    Here is example - I fired up wins on my 2k8r2 vm, set my box to use it as wins - it registered itself.. See in the picture the records under the wins tool.. Then I can query them via cmd line tool nblookup

                                    I don't believe windows 7 has wins features in netsh.. server does

                                    nblookup.png
                                    nblookup.png_thumb
                                    netshwins.png
                                    netshwins.png_thumb

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      arduino
                                      last edited by

                                      Recursion is on

                                      Querying WINS Server: 192.168.10.1
                                      NetBIOS Name: zentyal
                                      Suffix: 20

                                      Name returned: ZENTYAL
                                      Record type: Unique
                                      IP Address: 192.168.10.1

                                      Record type: Unique
                                      IP Address: 192.168.5.1

                                      Record type: Unique
                                      IP Address: 142.176.59.204

                                      Record type: Unique
                                      IP Address: 10.0.5.1

                                      I cant nblookup any computers by name other than my wins server from my remote computer.

                                      nslookup on the remote side works but cannot find that computer on the local network using the same commands from local machines.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        mikeisfly
                                        last edited by

                                        Windows 7 machines block pings from computers not on the same subnet as them, try to disable your firewall to see if this is the cause. Also make sure that your firewall is set to home or work. If you have a machine that you can put Windows Server 2003 and up on, you can setup dns and then have the dns server look to WINs for host name resolving. Not sure about the various linux flavors if this is possible.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          arduino
                                          last edited by

                                          disable my firewall on the Windows machines or disable my physical firewall?

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            arduino
                                            last edited by

                                            I am not having any issues pinging , just netbios . I joined all computers to work network and disabled the firewall. No change.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.