1. Home
  2. Virtual Private Networks
  3. 2 x Linksys BEFSX41 VPN -- Partial Functionality

2 x Linksys BEFSX41 VPN -- Partial Functionality

I have a tunnel established between a pair of BEFSX41s (version 2, latest firmware (1.59.2?)). Some communications through the tunnel works, and some doesn't and I don't see any pattern. I'm using different subnets for the internal addresses of the two LANs.

I can use VNC to connect to one of the remote computers using its LAN address. That's good.

I can ping some, but not all, of the computers on the remote side. That's bad. I can ping several Windows workstations (WinXP), but not a Linux server. I know it responds to pings, because I tested it from a computer on the remote side when I was connected with VNC. I'm not sure that Windows vs. Linux has anything to do with it.

I can't make any Windows connections, such as connecting to a shared folder. That's bad. I can't browse for any computers by name, and I can't see them even if I use their IP address (e.g. \\\\192.168.123.100). I have the "Broadcast NetBIOS" flag checked on both routers, but regardless I would think specifying the IP address would work.

This firmware is only about a month old, and seems MUCH better than previous versions in all respects. I'm hesitant to blame it for any VPN problems -- there are lots of other reasons why VPN can fail.

Does anybody else have experience with a similar setup?

-- Gerry

Reply to
Gerry Wheeler
Loading thread data ...

Here is a simple question. Did you look at the firewall settings on the Windows machines? In Windows XP sp2 the default rules when you enable file and print sharing still restrict connections to the scope of the local subnet. Since VNC is not one of the built in application rules it would be enabled with full internet wide permissions if you created it with the default scope. If you have all the computers on an active directory domain you should be able to globally modify the firewall settings with group policy. The details of this are clearly beyond the scope of this newsgroup but it's really easy to find the documentation for the sp2 firewall on the Microsoft technet site in the sp2 deployment section.

formatting link
more specifically the firewall deployment document:
formatting link
I'm guessing that your Linux server may have similar protection. Many distributions have a firewall enabled by default these days. Since the remote side is not one of the local subnets on the box you will likely need to add exceptions to the firewall rules manually.

As for the broadcast netbios thing. It's very hit or miss. You may be able to get it to work if you have a Windows domain controller server with WINS (Or the Linux box emulating a domain controller with WINS). The computers on the remote network would want to use that server as their WINS server so they can build a local browse list. The trick is that only a domain controller will function to collect, merge, and distribute a domain master browse list. I don't find the broadcast netbios application layer gateway built into most routers to be very reliable. You tunnels will need to be up and running for 46 minutes before I would expect anything to work when it comes to "network neighborhood" netbios broadcasting functionality. It's just one of those things. And no amount of lmhosts editing will make things work unless you have the domain master browser functionality in either a Linux server or Active directory server running WINS. If you can point all the clients to the WINS server you don't need to mess with lmhosts anyhow unless you happen to be trying to get win95 clients working for some reason. Last you should setup any DHCP server giving out the address for the WINS server to also specify the Netbios option 46 node type of 0x8, H, or Hybrid depending on the servers terminology. For more info I suggest reading some of the information gathered together here:

formatting link

Reply to
Mike Drechsler - SPAM PROTECTE

Well, it turns out I had a couple of problems, and the XP firewall software was one of them. Thanks for the tip.

(Another was not having the correct name of the shared folder. D'oh!)

-- Gerry

Reply to
Gerry Wheeler

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.