[NCLUG] VPN from Windows Computer to Samba Server

Mon Jun 17 13:47:32 MDT 2002

Thanks for your response.

Now, I submit a solution given in other LUG that fits my needs using
SSH.

Juan C.
--------

On Mon, 2002-06-17 at 10:05, JVergara at equinox.com wrote:
>
> Hi,
>
> Does somebody have a clue of how  to connect a Windows client (98-
> W2K) from home to a  Samba shared volume in
> a Linux server at work - via VPN?

Yes. Via a full VPN, or some form of a TCP tunnel of port 139 and/or
445.

> Let's state that the Samba Server is connected thru the Internet
with
> DSL connection even though its TCP port is not exposed to the public
> network and the Windows client has a Internet dialup connection.
> what software do I need in both sides ?

Well, if you have sshd running on  "workgateway" (which can be
"sambaserver" machine itself or a firewall in front of it), and you
don't have Microsoft filesharing enabled on your Win98/Win2k client
machine, it's rather easy:
 ssh -L 139:sambaserver:139 workgateway

Then merely map "\\127.0.0.1\sharename" on the "clientmachine".

If you're using Win2k networking, you may wish to redirect 445 for
NetBIOS-less SMB as well:

 ssh -L 139:sambaserver:139 -L 445:sambaserver:445 workgateway

If you're using Win98 clients, you can't map by IP address
("\\127.0.0.1" is right out). To get the tunnel to work for those
machines, you will need to add sambaserver to your lmhosts file:

On Win95, Win98, WinME:

 echo "127.0.0.1 sambaserver #PRE" > C:\Windows\Lmhosts
 nbtstat -R

On WinNT, Win2k, WinXP:

 echo "127.0.0.1 sambaserver #PRE" > \
   C:\Winnt\system32\drivers\etc\lmhosts
 nbtstat -R

Then make sure the NetBIOS name is registered and visible (it will
have
a static -1 timeout):

 nbtstat -c

If you see "127.0.0.1 sambaserver" in there, you are set. Now you can
map to a share using "\\sambaserver\share".

However, my guess is that you will want some form of VPN to make it
"easier". The above solutions are somewhat of a hack.

The above method is what I use. It generally works from anywhere. You
might try "ssh -c blowfish" to get the speedup of avoiding 3des
(Triple
DES is slooooow). YMMV.

SSH is my friend.

- Ian C. Blenke <icblenke at nks.net> <ian at blenke.com>
http://ian.blenke.com

                      "John L. Bass"                                                                       
                      <jbass at dmsd.com>         To:       nclug at nclug.org                                   
                      Sent by:                 cc:                                                         
                      nclug-admin at nclug        Subject:  Re: [NCLUG] VPN from Windows Computer to Samba    
                      .org                      Server                                                     

                      06/17/02 10:26 AM                                                                    
                      Please respond to                                                                    
                      nclug                                                                                

Hi Juan,

You will need to install the pptpd server on the linux firewall and
probably want to also update the pppd server if it's not current or
you need additional support for MSCHAPv2/MPPE.

See:

 http://sourceforge.net/projects/poptop/

and:

 http://www.poptop.org/releases/PoPToP-RedHat-HOWTO.txt

I believe it's also in the Debian tree.

Have fun,
John
_______________________________________________
NCLUG mailing list       NCLUG at nclug.org

To unsubscribe, subscribe, or modify your settings, go to:
http://www.nclug.org/mailman/listinfo/nclug