DNS , NetBIOS , CIFS and PPTP



  • Hey everyone ,

    I would like to first state I understand PPTP is not secure and should not be used is almost all cases. Without going into details it should be known that security is not an issue at all. If everything on this network was completely open to the public It would not be important . Also the network I connect from is the same way.

    I need some help. How would I go about resolving hostnames over PPTP using pfSense. I have read around the forums but I am finding it difficult to get a direct answer. Some people say that you need a WINS server so I setup a Ubuntu WINS ; no change.

    The clients are all Windows 7. I am unsure if Windows 7 has LMhost files or if that is only windows XP , regardless this is not a solution for me.

    I can ping machines on the local network over PPTP but I cannot resolve host names .

    Sorry if this has been covered already and I missed it , any help is much appreciated .

    Thanks


  • LAYER 8 Global Moderator

    So you setup wins – did you point all your machines to it, so they register their names?  Are you running dns, do you have all the host names n there?  In your vpn setup are you handing to your vpn clients this info, be it wins or dns?

    why can you not use openvpn?  It has better support for netbios over tcp to vpn clients if you ask me.  I vpn into my home from work and have no issues resolving host names at my home location via dns

    As to this
    "If everything on this network was completely open to the public It would not be important "  BS -- since if it was it would be a complete and utter mess, you would be hosting warez, sending out spam, all your bandwidth would be tied up for other purposes, ddos in a botnet, etc etc..

    I love it when people mention nonsense like that - they clearly have not thought it through ;)



  • Well I could have elaborated a bit….

    I don't care because I will be using this for something that only needs to be running for one day. I know everyone here jumps to say " PPTP is worthless , never use it" . Maybe my disclaimer was a little bit ambiguous.

    Thanks for your help but I cannot use openVPN . It is a requirement.

    Is there anything else I could try? I don't seem to have any options and wish I could just use openVPN.


  • LAYER 8 Global Moderator

    Here is the thing dns or wins work over pptp - so either you don't have them setup, or your firewall rules for your vpn connection are blocking them.  Its that simple.

    Look on your vpn client.  Does it get the settings?  Keep in mind these settings are if endpoint is actual client - those settings are not going to do anything if its site to site and clients on remote site do point to your wins or dns on the other side.  You would have to configure the clients to use your dns or wins.



  • Thanks for the reply,

    My setup right now is that I have a Ubuntu 12.04 machine running as a WINS server. It has all the local machines registered and I can see them in the /var/log/samba as this:

    log.192.168.10.33  log.john          log.jack
    log.192.168.10.22  log.jim-pc      log.smbd
    log.192.168.10.31  log.nmbd        log.workstation

    On the pfSense side I have enabled the PPTP VPN server and set the Ubuntu 12.04 WINS server as the WINS server to be used.

    Now when I connect via PPTP do I have change any configuration on the client side for this to work or does pfSense handle this ..given I have connections using the WINS server.

    Thanks for taking the time to reply ,


  • LAYER 8 Global Moderator

    So is a client like a desktop connecting, or some other router like pfsense connecting as a client.

    You mention all windows 7 machines - so are they directly connecting to the pptp server (pfsense) or something in front of them connecting.  If you do an ipconfig /all on the windows 7 machines - do they show your ubuntu wins server as their wins server for the pptp connection?  Do you allow wins ports on your firewall for the openvpn clients?  Does the firewall on ubuntu allow queries from remote networks?



  • Yes they are desktops connecting . They are all Windows 7 and when I use the command ipconfig /all the WINS does show up . I did add the WINS to each Windows computer manually. I will look at the remote queries . Do i need to port forward WINS over the lan? Is this traffic not travelling over the PPTP connection?



  • Also , as far as the wins server is concerned I am on the local network .. correct? Do I need to tell it to respond to remote IP's?


  • LAYER 8 Global Moderator

    What node is the windows clients in.. if say in b-node I don't believe they would use a wins server if one was set.

    But yes I would check the wins server to see if its firewall wall would block wins queries from remote networks.

    I would prob sniff on your lan interface of pfsense and make sure your seeing the queries being sent to the wins server..  If you not seeing them and or answer then troubleshoot from there.  What are your firewall rules on your pfsense vpn interface?




  • Ok so I checked the Windows machines and I cannot seem to find the broadcast node label.

    This is all testing for something that I plan to implement in a secure environment so maybe I should explain my requirements needed in the end.

    I work for a company that uses special software to conduct research . The company employs people from locations across North America. The employees use VNC to connect to 1 of 10 desktop computers running this software and it has been working this way for 2 years.

    Obviously this is sub-optimal and has no scaleability. We have since upgraded and now use a completely different network.

    I am running a VM server (Proxmox) which has 40 Windows machines . This has not been put into production yet but I plan to have it up within the next week. These machines change often , we are constantly installing new copies of software on new machines and as such we require a better way to manage the systems available.

    My choice was this:

    I would have everyone working for the company connect using L2TP/IPSEC or PPTP. I don't like PPTP because it is insecure but is built into Windows. I am not opposed to using OpenVPN , it just means I would have to help everyone to install it.

    If everyone connected to the network using VPN , it would remove the need to port forward 40-50 machines . Also , as I said , these machines are changing often so this would be difficult to manage.

    What I want to do is have people connect using a VPN and once connected have a list of computers on their network to choose from . In Windows you have the option to "Connect Using Remote Desktop" when right mouse clicking on a network computer …. this is perfect.

    Is there a way to set this up using open VPN. I was able to set it up using L2TP/IPSEC using Zentyal but had some minor issues and also would much rather use pfSense.

    Please let me know if you have any ideas on possibly a better setup or how to setup openvpn to resolve hostnames in Windows WITHOUT the need to change settings on the client side.


  • LAYER 8 Global Moderator

    And what node are you in - H or M, you don't want to be in broadcast.

    Post up a ipconfig /all  – what about just plain dns to resolve names?



  • This is the L2TP/IPSEC connection. I presume it is nearly identical in setup as PPTP.

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : JAKETEST-PC
      Primary Dns Suffix  . . . . . . . : zentyal-domain.lan
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : zentyal-domain.lan

    PPP adapter VPN Connection:

    Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : VPN Connection
      Physical Address. . . . . . . . . :
      DHCP Enabled. . . . . . . . . . . : No
      Autoconfiguration Enabled . . . . : Yes
      IPv4 Address. . . . . . . . . . . : 192.168.10.55(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.255
      Default Gateway . . . . . . . . . : 0.0.0.0
      DNS Servers . . . . . . . . . . . : 192.168.10.1
      Primary WINS Server . . . . . . . : 192.168.10.1
      NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
      Physical Address. . . . . . . . . : 00-24-D6-07-FA-9A
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      Link-local IPv6 Address . . . . . : fe80::a1c6:9f6:57e5:265d%11(Preferred)
      IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Lease Obtained. . . . . . . . . . : Saturday, December 21, 2013 6:47:37 PM
      Lease Expires . . . . . . . . . . : Wednesday, December 25, 2013 8:08:45 AM
      Default Gateway . . . . . . . . . : 192.168.2.1
      DHCP Server . . . . . . . . . . . : 192.168.2.1
      DHCPv6 IAID . . . . . . . . . . . : 184558806
      DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-26-28-49-00-25-64-5B-*****

    DNS Servers . . . . . . . . . . . : 192.168.2.1
                                          192.168.2.1
      NetBIOS over Tcpip. . . . . . . . : Enabled

    Keep in mind this is from Zentyal. I do not want to use Zentyal , it is not nearly as good for me as pfsense. Please advise what I can do from here.

    Thanks again for all your help!



  • Also when I am doing this with pfsense using OpenVPN , I select p-node on the config from pfsense.

    Right now I have 3 machines with firewall distros on them ..swapping in and out doing testing..if you need me to setup pfsense I will.

    Is my broadcast network 255.255.255.255 supposed to be /24?

    Also , I am an idiot. I now see my node type is hybrid … How do I change this?

    When I used NET VIEW /MACHINEID it resolves.


  • LAYER 8 Global Moderator

    That is fine, hybrd check if wins sever listed if not or no answer then it broadcast.. That is works for you.

    So again I am going to ask you.. Can the client ping the 192.168.10.1 box that is your wins and your dns.. Can he query it.. do a simple nslookup or dig to it.. For wins here is cmd line tool to verify queries work

    http://support.microsoft.com/Default.aspx?kbid=830578



  • The link you posted does not work.

    I looked up the WINS commands and they dont seem to work in Windows 7. I typed the following:

    1.)netsh>
    2.)wins

    this gave me:

    3.)netsh winsock>

    The syntax for this is : server \ServerName or server \ServerIP

    I tried both and they did not work for me.

    nslookup did resolve every computer on the network….

    I have no idea what the issue is ... There are 10 computers and I used nslookup on all of them and they come back with : COMPUTERNAME.zentyal-domain.lan  . That much is working.

    I also cannot ping the machines , only the server at 192.168.10.1 and machines on the end point side cannot resolve the vpn client via nslookup.


  • LAYER 8 Global Moderator

    they didn't work for you local or remote..  The nblookup tool works just fine on windows 7..

    Here is example - I fired up wins on my 2k8r2 vm, set my box to use it as wins - it registered itself.. See in the picture the records under the wins tool.. Then I can query them via cmd line tool nblookup

    I don't believe windows 7 has wins features in netsh.. server does






  • Recursion is on

    Querying WINS Server: 192.168.10.1
    NetBIOS Name: zentyal
    Suffix: 20

    Name returned: ZENTYAL
    Record type: Unique
    IP Address: 192.168.10.1

    Record type: Unique
    IP Address: 192.168.5.1

    Record type: Unique
    IP Address: 142.176.59.204

    Record type: Unique
    IP Address: 10.0.5.1

    I cant nblookup any computers by name other than my wins server from my remote computer.

    nslookup on the remote side works but cannot find that computer on the local network using the same commands from local machines.



  • Windows 7 machines block pings from computers not on the same subnet as them, try to disable your firewall to see if this is the cause. Also make sure that your firewall is set to home or work. If you have a machine that you can put Windows Server 2003 and up on, you can setup dns and then have the dns server look to WINs for host name resolving. Not sure about the various linux flavors if this is possible.



  • disable my firewall on the Windows machines or disable my physical firewall?



  • I am not having any issues pinging , just netbios . I joined all computers to work network and disabled the firewall. No change.



  • ../source3/nmbd/nmbd_sendannounce.c:170(send_local_master_announcement)
      send_local_master_announcement: type 849b0b for name ZENTYAL on subnet 192.168.10.1 for workgroup ZENTYAL-DOMAIN
    [2013/12/23 02:08:45,  3] ../source3/nmbd/nmbd_sendannounce.c:189(send_workgroup_announcement)
      send_workgroup_announcement: on subnet 192.168.10.1 for workgroup ZENTYAL-DOMAIN
    [2013/12/23 02:08:45,  3] ../source3/nmbd/nmbd_sendannounce.c:170(send_local_master_announcement)
      send_local_master_announcement: type 849b0b for name ZENTYAL on subnet 10.0.5.1 for workgroup ZENTYAL-DOMAIN
    [2013/12/23 02:08:45,  3] ../source3/nmbd/nmbd_sendannounce.c:189(send_workgroup_announcement)
      send_workgroup_announcement: on subnet 10.0.5.1 for workgroup ZENTYAL-DOMAIN
    [2013/12/23 02:08:46,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:47,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:48,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:48,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:49,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:50,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:51,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:51,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:52,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:53,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:08:53,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.3 on subnet 192.168.10.1 for name PROSPERIDENT<1c>
    [2013/12/23 02:08:54,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:08:56,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:08:57,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:08:58,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:08:59,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:01,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:53,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:09:54,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:09:56,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:09:57,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:58,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:09:59,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:01,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
      process_name_refresh_request: unicast name registration request received for name JAKETEST-PC<20> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
      Error - should be sent to WINS server
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
      process_name_refresh_request: unicast name registration request received for name JAKETEST-PC<00> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
      Error - should be sent to WINS server
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
      process_name_refresh_request: unicast name registration request received for name WORKGROUP<00> from IP 192.168.10.55 on subnet UNICAST_SUBNET.
    [2013/12/23 02:10:21,  0] ../source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
      Error - should be sent to WINS server
    [2013/12/23 02:10:53,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:10:54,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:10:56,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet UNICAST_SUBNET for name WOLFDENT<20>
    [2013/12/23 02:10:57,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:58,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:10:59,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:11:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:11:00,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:11:01,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WOLFDENT<20>
    [2013/12/23 02:11:03,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00>
    [2013/12/23 02:11:04,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00>
    [2013/12/23 02:11:05,  3] ../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
      process_name_query_request: Name query from 192.168.10.22 on subnet 192.168.10.1 for name WPAD<00>



  • above is my wins log



  • Let's assume that your WINS server is running correctly. Have you checked PfSense firewall logs? If you don't see anything there, have you tried using a Windows based WINS server to rule out a problem with your Linux setup? If you were using Windows Server I would tell you to check to see if any host had registered themselves on the server. I guess the same concept applies here, I'm assuming that you checked the server to see if any host had registered and they are not.

    disable my firewall on the Windows machines or disable my physical firewall?

    I meant just disable the personal firewall (temporarily) on your PC to see if that was causing the issue. I would never recommend disabling your PfSense Firewall unless it was behind another PfSense Firewall and you just wanted to use it as a router.

    I believe NetBios uses port(s) 137-139 if you just want to allow these ports.



  • I have copies of Windows sever 2003 , 2008 and 2012. I have tried all of them and they work the same way as my samba server.

    I have disabled the firewall on the Windows machines but I dont see anything changing. I have ran wireshark and I see the Windows machine on the remote ( public ) side is broadcasting on /32 netmask and the wins server is not replying to its requests.


  • LAYER 8 Global Moderator

    Why would it be broadcasting anything?  The query should be unicast.  And is the query getting to your server?  You do understand it would be UDP, maybe you only have TCP open on your firewall?

    Here is query the query and the answer.  You should be able to sniff at your pfsense lan interface and see this for a remote query.

    edit:  You know this would explain issues with dns as well, if your only allowing tcp traffic?  Most dns is udp, sure it can use tcp some times, but its mostly all udp.  If your not allow udp traffic - this explains issues with wins and dns.




  • ahh your right about tcp/udp. I will check that now and see what happens . Thanks again.



  • I was able to resolve one name one time… It was random and I did not change any settings during this . I got rid of my Ubuntu WINS and have Server2003RT2 as WINS now.

    I simply tried to map one of the servers and it worked. I tried again and it failed..

    I have posted my firewall settings , pptp settings , client side settings and wireshark settings . I hope someone can help me solve this.

    Thanks again for all the help you've already provided

    I am able to do nblookup and ping but get no nslookup.


  • LAYER 8 Global Moderator

    Ok – thanks, but none of that is of any use to be honest.

    Your firewall for example -- that 3rd rule is giberish on that tab..  how is lan net a source and pptp clients a dest on the pptp tab?  A firewall interfaces are inbound..  so how is lan net going to be a souce of inbound traffic to your pptp interface?  Your rules above that are wide open any any so even if that rule was correct it would never be needed or used.

    What are you lan rules?  You can ping we see.. So what is the point of a wireshark??  Where did you take that wireshark.  How about a wireshark on your LAN interface do you see your nblookup or dns? going towards your wins or dns?  When created on a pptp client?  If you don't see it there, sniff on pptp internface - do you see it there, etc.

    What are those IP settings that are blank suppose to tell us?  Is this not your pptp connection on the remote client?  So show us what it gets after you connect, since I have to assume your set for dhcp - but failed to show us that.

    ALSO -- the one thing you did show tht is again wrong is handing out 8.8.8.8 to your pptp clients for dns??  How and the hell do you think googledns is going to resolve your local clients names?  So why would you tell you pptp clients hey its ok you use googledns???

    The sniff showing 51 snding smb stuff to .2 -- where was that sniffed at, at the client?  Or somewhere actually useful like interfaces on pfsense so we can track where the packets get to or don't get too.



  • The third rule is garbage and the 8.8.8.8 google dns was used when I was using the default gateway and was having issues resolving FQDN's.

    As for the blank settings , these are the settings that are on the remote side . the PPTP server is telling it where the wins sever is .. do I have to enter it in the WINS setting on the client regardless?

    That wireshark was taken from a desktop . When I did a packet scan on the LAN interface using pfsense every single packet came back as TCP and I know this is not even possible . I dont know what the issue is exactly with it.

    I will show you more relevant information and hopefully I can figure this out.


  • LAYER 8 Global Moderator

    "every single packet came back as TCP "

    It is if that is all your sniffing - did you happen to change your protocol to tcp.

    If you did not see the udp packts for your nblookup and were set to sniff any – then maybe there you go, no wonder server never answers if packets never go out the lan interface the server to get answered.

    as to settings on remote side -- how about what you a ipconfig /all for the pptp connection??  Blank screen is pointless.



  • I got everything working. I have no idea what I did to get it working but I still don't have what I want. I can now connect to computers using the netbios name but what I really wanted here was to have these computer show up in the network browser..is this possible? I don't know how Windows looks for computers on the local network but I presume it will not use a PPP connection to do this .. even if I force all traffic over the VPN.

    Thanks for all your help , I couldn't have done it without.


  • LAYER 8 Global Moderator

    If they are on the same segment they should show up in the browselist, it might just take a while.  Who is the master browser for the segment?

    And what workgroup are they in?  Here is the thing they might have to be connected to the vpn for quite some time until they show up in the browselist.. And if they are not in the same workgroup - whois the master browser for that workgroup and the other workgroup, etc..

    If the machine is online for long enough they should show up in the list, because you not routing segments your on the same segment.



  • The VPN connection has an IP 192.168.10.0 and the network I am connecting to is also 192.168.10.0. The LAN IP on my home network is 192.168.5.0. Wouldn't it cause issues if my Home (192.168.5.0) and my VPN (192.168.10.0) are on the same segment?

    I may have misunderstood and all you are asking is if the VPN has the same as the network I am connecting to. If that is the question , yes.

    I only connected for a few minutes each time , I should let it sit for awhile and see if they show up.

    The setup I am using now is different than before. Pfsense is still the firewall but I was using a virtual Windows server 2003 to control DNS and WINS , now I am just running a physical 2012 server . The reason I switched was because I previously was using a Samba fileserver on Ubuntu 12.04 and it was kind of pointless to have both. I could have setup the Ubuntu server as both DNS and WINS but really when I plan on running 50 or so machines in the virtual server I think server 2012 is better suited.

    Thanks again


Log in to reply