Results 1 to 8 of 8
  1. #1
    Untangler swmspam's Avatar
    Join Date
    Mar 2008
    Posts
    71

    Default CIFS/SMB access from Internet

    Off Topic:

    I've been working to access CIFS/SMB shares from the internet. My network has about 5 remote users, located thousands of miles apart. The remote users have Windows XP, some may have Vista. The share process needs to be easy for the users.

    The access needs to be "interactive", such as opening a file directly from the shared drive. FTP (or SFTP or SCP) requires you to download the file locally, do the edits, and then upload the changes to the server. FTP doesn't open the file interactively from the server.

    I tried PPTP VPN, but it tunnels everything from the remote user. All that needs to be tunneled is the share.

    My first attempt was to tunnel SMB through SSH. This required the Windows XP user to disable all other shares. This doesn't work, because the remote users also have their local shares, too. I also found a way to create a dummy network adapter in windows that allows for both a tunneled share and local shares, but the setup and implementation gets complicated. In addition, it's rather unreliable and takes an expert to keep it working.

    I am currently using Hamachi, but it works best if the server operating system is also Windows. I prefer the server to be a headless JEOS box, preferably with a secure operating system such as BSD.

    So, is there a secure way to access a Linux/BSD share over the internet with a Windows XP remote user, without (1) tunneling everything else, and (2) giving up the user's local shares?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    Well the PPTP failed because you forgot the magic checkbox...

    Hit the properties of the pptp connection in XP. Then hit the properties of the TCP/IP protocol in said connection. Then click the advanced button. See that "use default gateway on remote network" box? Kill it!

    Poof only stuff destined for the remote subnet gets tunneled.

    Alternatively you can use UT and setup OpenVPN. Then you can export only the hosts you want, firewall the rest to control access, and access to the remotes is handled in exactly the same way.

    Oh, just in case you go the OpenVPN route, watch your samba configuration. The remotes will be coming from a different subnet.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler swmspam's Avatar
    Join Date
    Mar 2008
    Posts
    71

    Default

    Thanks for the "magic" advice!

    Will stick with PPTP for now, I think it will work great. Is compression possible using PPTP? I dug through some of the windows menus, and didn't see it.
    Last edited by swmspam; 06-17-2008 at 10:45 AM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    Compression/Encryption are technically the same process.. one is just more easily reversed than the other. So I believe by their nature most VPN technologies are compressed.

    Also I really wish Microsoft wouldn't turn that checkbox on by default. It is really lame having to clear it on every single pptp client configuration I make.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler swmspam's Avatar
    Join Date
    Mar 2008
    Posts
    71

    Default

    I found that Hamachi for Linux does not have a GUI, so I made a quick Debian box for testing using Samba and Hamachi. I put the Debian box behind the m0n0wall and enabled PPTP on the m0n0wall. Hamachi takes care of itself, and tunnels out just fine.

    Using one of my remote Windows XP users, they attached to the network using PPTP and performed some file transfers to the Debian box using FC-Test (useful benchmarking program). They then disabled the PPTP and logged onto Hamachi and performed the same benchmark a second time. There was no discernible speed difference between PPTP and Hamachi tunnels for the bi-directional file transfers. So there's no performance advantages either way.

    My network already has a FreeNAS box, so PPTP->m0n0wall->FreeNAS seemed like the best solution. That was, until PPTP got all borked on the remote XP machine and required maintenance to keep the connection stable. Evidentially, the Windows XP has a hard time maintaining a PPTP psudo-permanently.

    So I'm back to the Debian box running Samba and Hamachi, just for this purpose. That means the network will have yet another box to maintain. The best would be if FreeNAS had a tunneling tool. (It's possible to tunnel SMB directly to FreeNAS through SSH, but it's really tricky, especially for an XP user.) Hamachi is really cool, because it uses an outside "mediation" server, so it will attempt to stay connected all the time, and you don't have to poke holes in your firewall!

    Now here's the question of the day: do you know of a good tool the remote user can see how much hard drive space remains on the server? I have installed phpsysinfo for now. The remote XP users don't like it, it's too complicated. I could write my own php script, but that's just more custom work on an already custom solution.
    Last edited by swmspam; 06-18-2008 at 05:53 PM.

  6. #6
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    1,946

    Default

    Quote Originally Posted by swmspam View Post
    Now here's the question of the day: do you know of a good tool the remote user can see how much hard drive space remains on the server? I have installed phpsysinfo for now. The remote XP users don't like it, it's too complicated. I could write my own php script, but that's just more custom work on an already custom solution.
    If you talking about the Untangle server then have a look here.
    http://forums.untangle.com/showthread.php?t=3343

    If you are talking about on one of the other servers then, which one?

  7. #7
    Newbie
    Join Date
    Aug 2008
    Posts
    8

    Unhappy VPN / Windows Shares problems...

    I need some assistance please. I'm still a noob.
    Overview: Trying to view windows network shares over VPN

    Status:
    *- I'm able to connect VPN, no problems. Setup a bypass rule to allow traffice.
    *- Once connected, i'm able to RemoteDesktop others pc's by ip address.
    *- Not able to ping machines, or resolve names.

    vpn defaults where 172.16.16.x and local are 192.168.0.x

    any ideas? please help.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    Name resolution won't happen unless you have a DNS server to do so, broadcasts don't traverse the router. As for the lack of icmp traffic or anything else directed by IP? You need a packet filter rule to pass ICMP on the VPN interface and either more packet filter rules to pass what specific traffic, or a series of firewall rules to do the same.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2