VPN: Can ping machine but can't browse shared folders

[nogoodatcoding]

Hi,

I'm trying to setup a VPN connection between two Windows XP Pro machines over the internet and it's almost working except for browsing shared folders. I've got two laptops and my friend can ping both of them once the VPN is connected. I can ping my friends machine also. By modifying the LMHOSTS file used by the VPN client connection, the client is able to ping by name. I can also VNC and Remote Desktop to the VPN client machine and that machine can VNC and Remote Desktop to all my machines, using the local IPs that the VPN connection is using. But when we try to do Run > \\192.168.1.x or \\machine-name, we get error dialogs and can't browse the machines which should be on the LAN.

I'd like to point out right at the beginning that this isn't about trying to access shares using the machine name, even with the IP addresses, I'm just not able to access the shares.

Here are the details -

We've both got Zone Alarm firewall running and the Windows firewall is disabled. I've got a DSL connection and my friend's got an internet connection via LAN, behind some sort of NAT (Sify Broadband if that helps). All machines on the network are only running Win XP and there is no domain controller/ WINS/ DNS server. On both sides, we've got simple file sharing enabled.

He's got an internal IP of 10.30.186.96 on his network and my home LAN has addresses in the series 192.168.1.x with my server getting the IP 192.168.1.11. On VPN connection, my server gets assigned an IP of 192.168.1.20/255.255.255.255 and the client gets 192.168.1.21/255.255.255.255.

I've forwarded port 1723 to my server (192.168.1.11) on my DSL router.

- I've setup my machine to be the server, I created a new connection to accept incoming VPN connections.

- For the TCP/IP properties for this connection,

- I've checked the 'Allow callers to access my local area network' option.

- I've specified the TCP/IP addresses to be assigned from 192.168.1.20 to 192.168.1.21

- All the items that the connection uses - TCP/IP, QoS Packet Scheduler, File and Printer Sharing for Microsoft Networks, Client for Microsoft Networks are checked.

- I've added expert rules to my instance of Zone Alarm to allow

- Any communication from addresses in the range of 192.168.1.1 to 192.168.1.255 over any protocol to any destination

- Opened TCP port 1723 for any source to any destination

- Opened GRE port 47 for any source to any destination

- I've also added the entire subnet of 192.168.1.0/255.255.255.255 to the trusted zone.

- My workgroup is 'WORKGROUP'

- On the client, we created a new connection to dial into a VPN and gave it the proper external IP address that my router gets assigned.

- All the items that the connection uses - TCP/IP, QoS Packet Scheduler, File and Printer Sharing for Microsoft Networks, Client for Microsoft Networks are checked.

- The TCP/IP properties are set to obtain an IP and DNS servers automatically

- It is also set to 'Use default gateway on remote network' in the Advanced Settings

- I've selected 'Disable NetBIOS over TCP/IP

- Enable LMSHOSTS lookup is checked and we imported a file with entries for my machines

- In Zone Alarm on the client we added expert rules to allow

- TCP port 1723 from any source to any destination

- We've added the entire 192.168.1.0/255.255.255.255 subnet into the trusted zone

- We changed this machine's workgroup from 'MSHOME' to 'WORKGROUP' to match mine.

The results for ipconfig /all for the server:

Windows IP Configuration

Host Name . . . . . . . . . . . . : vpn-server

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-00-00-00-00-00

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Internal RAS Server interface for dial in clients

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.20

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

The results for ipconfig /all for the client:

Windows IP Configuration

Host Name . . . . . . . . . . . . : vpn-client

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Sify Broadband:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.30.186.96

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.30.186.1

DNS Servers . . . . . . . . . . . : 202.144.115.4

202.144.10.50

PPP adapter VPN Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.21

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 192.168.1.21

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

NetBIOS over Tcpip. . . . . . . . : Disabled

Error messages seen when trying to Run > \\ip-address or trying out net view ip-address on the command prompt:

VPN Client

-\\192.168.1.20 The network path was not found

Oddly enough, when we try to open \\192.168.1.21 which is the client's IP address on the VPN, on the client machine, the first time we get an error - '\\192.168.1.21 is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found.' but it opens up on the second attempt.

- net view 192.168.1.20

System error 53 has occurred.

The network path was not found.

VPN Server

- \\192.168.1.21 The specified network name was not found.

- net view 192.168.1.21

System error 64 has occurred.

The specified network name is no longer available.

I've been searching for a few days now and I've come across some useful information but nothing that specifically addresses this problem. So could someone help me out with this or point me towards information that might help? How do I get access to shared folders and machines on this network?

Thanks

[tain]

You have obviously done lots of work and reesarch so I hesitate to give you this simple suggestion. But I think it will make your life much easier:

Have you tried Hamachi?

[nogoodatcoding]

Thank you tain, I did come across this application. But the warnings about security and load handling capabilities etc kinda stopped me from trying it out.

Also, this whole thing started out just as an exploratory foray into trying out this free built-in feature so it's not a matter of life or death for me, but I was just frustrated by the fact that this one simple thing would not work!

Everything else seems to be working great over our VPN LAN so I do have an alternative to file sharing in mind, an FTP server running on my machine that lets us share stuff over the VPN.

Thanks again for the suggestion. For now, I've given up on getting this to work but if I do ever get it working, I'll make sure to post back!

Edited May 23, 2008 by nogoodatcoding