Filesharing over windows VPN

[Axel]

Hi all,

I've create a new incoming connection which allows a friend to connect to my pc by using the new VPN connection from his side. He can log in just fine and it shows he's connected on my side. Next step: How on earth do I get filesharing working over this connection?

Many thanks,

Alex

[i11usive]

Hi all,

I've create a new incoming connection which allows a friend to connect to my pc by using the new VPN connection from his side. He can log in just fine and it shows he's connected on my side. Next step: How on earth do I get filesharing working over this connection?

Many thanks,

Alex

What O/S either side?

[Axel]

Both windows 7 home premium

[i11usive]

Just setup a Windows share on the target computer and have the other computer join your Homegroup - should do it.

[+BudMan MVC]

You would do file sharing the same way you would if he was local on your network. A VPN is just a connection into your network. Not you might have some issues with name resolution, and are you wanting to allow him to access shares on other boxes on your network?

And you could have issues with same network on both ends, what is his local network compared to yours, ie if your both say on a 192.168.1.0/24 then you could have problems.

EDIT: NO you do not need to do anything with homegroups, and I would not suggest that at all!

[Axel]

We are both indeed setup on 192.168.0.1 etc. He seems to have been assigned the IP 192.168.0.8 on my network but he still can't see any of my shared items appear in his network places. Should he theoretically just be able to type in \\computer-name and access it? I also ensured we were both on the same workgroup incase that was an issue.

[+BudMan MVC]

your going to want to change one of your networks for starters.. Because he has an interface on the 192.168.0.0/24 network - so why should traffic go down the tunnel to talk to something on 192.168.0.0/24??

And yes in theory you can do \\computername -- but how is he going to resolve that, do you have wins running? It can broadcast for it, but normally broadcasts do not go down a vpn tunnel. So no you would not be able to resolve it.

What I would suggest is have him change his network to say 192.168.1.0/24 vs the 192.168.0.0/24 -- and then have him ping your boxes IP once he gets logged into your vpn. Then he could try \\ipaddress of your machine to access shares.

So for example I am connected to my home network currently via openvpn

Windows IP Configuration

Ethernet adapter Local:

Connection-specific DNS Suffix . : snipped

IP Address. . . . . . . . . . . . : 10.56.41.89

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.56.41.1

Ethernet adapter Wireless:

Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter ovpn:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.0.200.6

Subnet Mask . . . . . . . . . . . : 255.255.255.252

Default Gateway . . . . . . . . . :

See that 10.0.200.6 -- that is my IP for the vpn tunnel

then look at my route table

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.56.41.1     10.56.41.89       10
       10.0.200.1  255.255.255.255       10.0.200.5      10.0.200.6       1
       10.0.200.4  255.255.255.252       10.0.200.6      10.0.200.6       30
       10.0.200.6  255.255.255.255        127.0.0.1       127.0.0.1       30
       10.56.41.0    255.255.255.0      10.56.41.89     10.56.41.89       10
      10.56.41.89  255.255.255.255        127.0.0.1       127.0.0.1       10
   10.255.255.255  255.255.255.255       10.0.200.6      10.0.200.6       30
   10.255.255.255  255.255.255.255      10.56.41.89     10.56.41.89       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0       10.0.200.5      10.0.200.6       1
        224.0.0.0        240.0.0.0       10.0.200.6      10.0.200.6       30
        224.0.0.0        240.0.0.0      10.56.41.89     10.56.41.89       10
  255.255.255.255  255.255.255.255       10.0.200.6               8       1
  255.255.255.255  255.255.255.255       10.0.200.6               6       1
  255.255.255.255  255.255.255.255       10.0.200.6               7       1
  255.255.255.255  255.255.255.255       10.0.200.6               4       1
  255.255.255.255  255.255.255.255       10.0.200.6      10.0.200.6       1
  255.255.255.255  255.255.255.255       10.0.200.6               2       1
  255.255.255.255  255.255.255.255      10.56.41.89     10.56.41.89       1
Default Gateway:        10.56.41.1

Notice the route to the 192.168.1.0/24 network, says to use the 10.0.200 connection.

now see I can ping a box on my home network, but notice name resolution for its name quad-w7 fails for net view, but works with IP

D:\>ping 192.168.1.100

Pinging 192.168.1.100 with 32 bytes of data:

Reply from 192.168.1.100: bytes=32 time=141ms TTL=63
Reply from 192.168.1.100: bytes=32 time=134ms TTL=63
Reply from 192.168.1.100: bytes=32 time=138ms TTL=63
Reply from 192.168.1.100: bytes=32 time=136ms TTL=63

Ping statistics for 192.168.1.100:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 134ms, Maximum = 141ms, Average = 137ms

D:\>tracert 192.168.1.100

Tracing route to quad-w7.local.lan [192.168.1.100]
over a maximum of 30 hops:

  1   162 ms   160 ms   189 ms  10.0.200.1
  2   185 ms   177 ms   201 ms  quad-w7.local.lan [192.168.1.100]

Trace complete.

D:\>net view \\quad-w7
System error 53 has occurred.

The network path was not found.

D:\>net view \\192.168.1.100
Shared resources at \\192.168.1.100

Share name  Type   Used as  Comment
-------------------------------------------------------------------------------
HPDeskjet   Print           HP Deskjet 6500 Series
pchshare    Disk
The command completed successfully.

Or I can use dns, because I have that setup

D:\>net view \\quad-w7.local.lan
Shared resources at \\quad-w7.local.lan

Share name  Type   Used as  Comment
-------------------------------------------------------------------------------
HPDeskjet   Print           HP Deskjet 6500 Series
pchshare    Disk
The command completed successfully.

See where dns is setup to talk to my home dns

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TAP-Win32 Adapter V9

Physical Address. . . . . . . . . : 00-FF-79-1A-85-63

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.200.6

Subnet Mask . . . . . . . . . . . : 255.255.255.252

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 10.0.200.5

DNS Servers . . . . . . . . . . . : 192.168.1.253

Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2011 10:10:15 AM

Lease Expires . . . . . . . . . . : Wednesday, September 05, 2012 10:10:15 AM

File sharing works just fine over a vpn connection, once you understand how it works and some of the limitations, etc.

[Axel]

Thanks budman. Okay I can now access his files after changing the addresses but he can't access mine. He also can't seem to access the internet whilst connected to my VPN!

I can access his pc by typing \\192.168.0.8 but if he types my network IP (192.168.1.2) he cannot.

[+BudMan MVC]

on your vpn settings did you allow for access to other machines on your network, or just the vpn machine. Also your prob not going to want to connect through your network for internet from his network, so you would want to turn off default gateway on the vpn setting.

I believe its here to allow him full access when you create the incoming

Then on his vpn connection, he is most likely going to want to uncheck using your connection as his default gateway (internet)

As to file sharing for him and pinging your network.. Your firewalls would have to be setup to allow access - so that could be a problem?

Can he ping you? What is the output of his route print when he is connected to you.

[Axel]

Thanks for all your help budman! I'll report back tomorrow when we've tried this as my partner in crime has had to slip off.

Actually, one more query whilst I get the opportunity. I assume that once we've got this set up we'll be able to access each others computers, but the his files a broadly shared through his internal network. If I wanted to access more of his network computers we'd need to set up a router to router VPN?

[+BudMan MVC]

yeah your computer should be able to talk to his, and his should be able to talk to computers on your network. But sure if you want full network to network access it would be better to do via routers.

[LexL]

Hello,

I am the other half in this attempt at trying to bridge our networks from both our houses... Given Up using a Client based software becuase lets be honest we know windows can do this...

This is making me feel like an idiot...

I be honest i dont understand fully your route table above..

We have:

- Made incomming and outgoing connections on the respective computers.

- The computer with the incomming connection has: The Tickbox enabled for Sharing Network

- The Outgoing computer: The tickboxes for the Default Gateway has been removed.

At this time we have solved the rerouted internet issue..

We have Changed our Network IP's so that they are not the same.

He can access my PC and other computers and NAS on my Network.

1/ I cant see or access him, is a VPN only one way?

2/

The attachment above is my system try - This all seems to be working at his end but i get a big ugly Red X. - I am connected to the internet and can access my own network

What we have worked out that on my local network i am (192.168.0.2)

and when the VPN is connected i am also 192.168.0.24

The outgoing pc is 192.168.0.23 - but i cant access that...(on the outgoing pc it shows itself as 192.168.0.23

Any ideas, going out of my mind...

[TurboTuna]

From that you're both still on the 192.160.0.1/24 which won't work, as you're seeing. If he is 192.168.0.1/24 change your ip range to 192.168.1.1/24 - which budman suggested...

What I would suggest is have him change his network to say 192.168.1.0/24 vs the 192.168.0.0/24 -- and then have him ping your boxes IP once he gets logged into your vpn. Then he could try \\ipaddress of your machine to access shares.

[Axel]

From that you're both still on the 192.160.0.1/24 which won't work, as you're seeing. If he is 192.168.0.1/24 change your ip range to 192.168.1.1/24 - which budman suggested...

[/color]

My network IP range from my router is set to dish out 192.168.1.X whereas his is set to dish out 192.168.0.X so we've done this unless I am misunderstanding.

It's the Server side of the VPN that is giving my the IP address 192.168.0.23 (according to ipconfig).

[TurboTuna]

Hello,

Any ideas, going out of my mind...

that shows your ip as being 192.168.0.x not .1.x

[Axel]

Could this even be a firewall issue?

that shows your ip as being 192.168.0.x not .1.x

Unless you're getting confused with the command prompt names as the we're both called Alex! (Users\Alex in cmd prompt title)

It's showing me IP as 0.x on his network and 1.x on my local network. Is that not the IP that his network has just assigned me?

[Axel]

FYI: My route table (As the client)

[LexL]

My route table as the Host:

[Axel]

Okay we've somehow managed to make this work by putting a HOST and CLIENT connection on both machines. I didn't think this would be necessary. It appears that we couldn't achieve a single two-way connection (which is what we would like) but we can achieve two one-way connections!

EDIT: OOPS I LIED! Apparently we can only have one connection running at a time rather than two simultaneously as initially thought. i.e. he can access my side but I cannot access his, or vice versa on the respective machines. This solution is not ideal as we were expecting two-way access.

[+BudMan MVC]

For you to share access both ways your going to need to setup a site to site vpn on your routers. Your box server (host) has no router to the 192.168.1.0/24 network (client side) You could try adding it by hand, but I don't think his box will act as actual gateway.

The incoming built in vpn is more of a road warrior setup, I do not believe it was ever meant to go both ways. Or that for the client connecting to it.

What routers do you have? And you can setup a site to site. Or I seem someone is running hamachi -- do believe you could use that for your site to site setup.

Site to site with machines on each network is a pain because no other boxes on the other networks will have routes for those other networks, which is why its better to do on the router, because all the clients on each network use that as their gateway anyway and talk to the router whenever they want to go to any network other than local, be it neowin.net or some other private network -- if the routers have connections between them then they will both route the traffic to the other networks.

[Axel]

Ah right I see, so in essentially we've been successful based on the limitations of the inbuilt windows vpn. We both have a 'BT Homehub 3' router which works fine but is fairly limited in functionality. Have been considering getting a dd-wrt buffalo router but will have to do more research into that.

We also did try hamachi but that would only allow me to access each machine hamachi was installed on and would not just give me full access to his network, unless we could somehow bridge them together. Reason I'd need full access would be due to filestorage his end on a Netgear ReadyNas Duo and there is not hamachi addon for that device.

[+BudMan MVC]

hamachi can be used as full blown site to site if you want.

http://community.spiceworks.com/how_to/show/2299

All you need is devices that can get to each others network, and then the correct routing between them. Must easier if done at the gateway, but can be done on boxes inside - just need to let your other boxes know how to get to that network, can be done on your router if yours supports adding routes. If not you would have to put the routes on each box you wanted to be able to get to the other network, be it as a server or a client.