I had an interesting problem today, of which I saw this forum post but no solution.

I've managed to make this work as I desired, so I felt that it would be nice to share!

Scenario:

There's a LAN with multiple computers in WORKGROUP configuration.
This LAN uses a Mikrotik router for the Gateway (NAT).
The Gateway Mikrotik provides PPTP termination for work-from-home staff.
The work-from-home staff want to browse network shares & printers by name i.e. \\computername\sharename\

To resolve this situation it's important to understand that "windows file sharing" name resolution in a workgroup setting works by UDP broadcasts, and these broadcasts can't transit over the PPTP connection.

The solution is a WINS server. However, Mikrotik doesn't nativly provide a WINS server and in this context you probably don't want to install a "Windows Server" for its' WINS function (non-server versions of windows don't have a WINS server).

To resolve this, I:

• Installed a version of Mikrotik with MetaROUTER support (v3.21 minimum)
• Uploaded the OpenWRT image provided by Mikrotik
• Followed the Wiki instructions for setting up the MetaROUTER
• Created a bridge group, adding ether1 to the group
• Added one interface to the MetaROUTER as a 'dynamic' interface, setting its' bridge to 'bridge1'
• Set 'bridge1' and 'ether1' to PROXY-ARP (will not work without it!)
• Connect to the MetaROUTER console and install the samba packages by doing:
  Code: Select all

  root@OpenWRT:/# opkg install http://downloads.openwrt.org/kamikaze/8.09.1/ifxmips/packages/samba-common_2.0.10-4.1_mips.ipk http://downloads.openwrt.org/kamikaze/8.09.1/ifxmips/packages/samba-server_2.0.10-4.1_mips.ipk
  

• Update the ethernet configuration by editing /etc/config/network (on the OpenWRT) to read:
  Code: Select all

  # Copyright (C) 2006 OpenWrt.org
  
  config interface loopback
          option ifname   lo
          option proto    static
          option ipaddr   127.0.0.1
          option netmask  255.0.0.0
  
  config interface lan
          option ifname   eth0
          option proto    static
          option ipaddr   192.168.0.2
          option netmask  255.255.255.0
          option gateway  192.168.0.1
  

  Note the removal of the "bridge" option. Set the IP addressing to whatever you want it to be.
• Edit the Samba configuration and add:
  Code: Select all

  wins support = yes

  I also removed the /tmp share.
• Start samba
  Code: Select all

  root@OpenWRT:/# /etc/init.d/samba start

• Change my PPTP and DHCP profiles to supply the WINS server
  
  Code: Select all

  /ip dhcp-server network set 0 wins-server=192.168.0.2
  /ppp profile set 1 wins-server=192.168.0.2
  

Where the numbers are set appropriately i.e. the correct dhcp server and correct PPTP profile.

This should be everything!

I would like to say Thanks to the Mikrotik staff for providing an OpenWRT patch and download image!

I just heard back from my customer. This configuration is allowing navigation but not browsing.

i.e. from a VPN client you can type in \\machinename but cannot browse it through "My Network Places".

for browsing, broadcast packets are being used. no broadcasting = no browsing

Simply put, file sharing and print sharing over a PPTP VPN is perfectly fine. THe fact that the admin don't know how to make it work shows this. RouterOS transports the IP network over, no prob. The rest is windows software and systems to make it work right. I have businesses that have 20 sites with no windows servers at them, and guess what they can browse, its not a function on broadcast. It is simply a function of the network and domain with the windows systems! If it is setup right, it will work with no prob.

I would suggest that you hire a Microsoft consultant to get the job done once you create the tunnel, cause that is all RouterOS is concerned with.

Simply put, file sharing and print sharing over a PPTP VPN is perfectly fine. THe fact that the admin don't know how to make it work shows this. RouterOS transports the IP network over, no prob. The rest is windows software and systems to make it work right. I have businesses that have 20 sites with no windows servers at them, and guess what they can browse, its not a function on broadcast. It is simply a function of the network and domain with the windows systems! If it is setup right, it will work with no prob.

I would suggest that you hire a Microsoft consultant to get the job done once you create the tunnel, cause that is all RouterOS is concerned with.

Emphesis added. It works perfectly fine if you have a DOMAIN.

My howto covers a WORKGROUP. These are very different animals!

Your post comes across very condescending and rude. I never implied that ROS was not doing something properly - it's doing exactly what it's supposed to do. I'm merely sharing information that could help someone in the future.

I guess it's true what they say - no good deed goes unpunished.

First, I do apologize if I came across the wrong way. That was not my intent, So I do apologize if i did.

However, with or without a domain, you can make that work just fine. A domain is not a requirement.

Then how would you suggest making it work? I did several hours of research trying to figure out a way other than installing a WINS server on to the network, and was unable to locate any information that indicated there was any other way to do it.

You can do it with WINS or DNS. DNS would be better.

I'm really not a windows person, sorry

How would you do this with DNS, assuming that there isn't (and won't) be a Windows server?

I'm really not a windows person, sorry :)

How would you do this with DNS, assuming that there isn't (and won't) be a Windows server?

Basically your problem boils down to not having a master browser service list that your PC can access. The VPN connection won't broadcast netbios packets (port 137). You need to either have a DNS server, or a WINS server, or play with LMHOSTS (in this order).

Basically your problem boils down to not having a master browser service list that your PC can access. The VPN connection won't broadcast netbios packets (port 137). You need to either have a DNS server, or a WINS server, or play with LMHOSTS (in this order).

The Mikrotik gateway is running DNS but as far as I know it doesn't allow registration from the windows clients.

The Mikrotik gateway is running DNS but as far as I know it doesn't allow registration from the windows clients.

Yes it's only a 'resolving' name service. You'll need to run a full blown DNS server to get this to work for you. Or mess with lmhosts.sam or perhaps hosts file.

Just drop in a SME server, won't cost you much in hardware and you get the master browser plus an internal mail server plus a whole bunch of other stuff.

There is a MikroTik script somewhere that will take the hostname from the DHCP leases and then create a DNS entry, kind of a "poor man's" DNS registration.

good day, did you manage to get the browsing to work on this? Or allowed broadcast to be transferred over the pptp

Hi All,

If any one could be so kind as to share a link to the updated version of this, as i have tried to do the install of the openwrt but im getting problems installing samba common etc, seems to be kernal version miss match.

any ways im just trying to make a WINS server on my x86 Mikrotik and andy help would be greatly appreciated.

Regards
Wesley

Hi

I am trying to do same thing. Can you guys tell me if you managed to create cross-subnet browsing with VPN and mikrotik SMB?

Let me know.

Here are some really use full links about samba wins browse list, subnet etc. all you need to make it happen.
http://www.linuxplanet.com/linuxplanet/tutorials/6600/1
http://www.onlamp.com/pub/a/onlamp/exce ... tml?page=3

My advise is:

Create 2 subnet one for the vpn user/s and the other for the main office.
enable SMB on the MT router, so you will have static IP that is allways on if it is possible to to force it local master browser. but if not since it is just one VPN user set him/her up with statick IP subnet and write that down.
for each user

than

sync all the vpn statick ip 1 ip address subnet ex. 192.168.1.1/24 local master browser with Domain master browser. ex: 192.168.2.10 ( can we change option of SMB in mikrotik lik smb os level etc to force the MT box to win the browser list election ) u can you x.x.x.255/MSWORKGOUP to broadcast to whole subnet but router will not alow to pass thru.
so use unicast thats static Domain Master browser ip instead.

Thats all.

Let me know if it worked. You may have few laptops with samba installed on it so you can tweak the SMB conf in there to do what you want to do. U dont need windows in this LAN configuration at all.

Hi there,

Just in case someone else comes across this... I was able to get name resolution across my VPN by adding my remote domain's DNS suffix to my NIC.

http://www.youtube.com/watch?v=CtgDLOjvJB8