Workgroup VPN Name Resolution???

[James Goodman]

Ok, heres the scenario:

We have a Win2K Server behind a firewall router.
The Win2K server is not running a DNS service (seemed no point as clients do
not register with it).
The Win2K server has the RRAS service running.
The router has passthrough enabled on the PPTP port (1723).

I can establish a VPN connection to the server from my laptop using another
connection.
I can then ping the server by name, or other pc's by ip. I cannot, however,
ping other pc's by name.

The LAN computers get their IP's from the router DHCP, in the range of
192.168.1.10 - 192.168.1.100
The server has a static ip of 192.168.1.2
The router has an ip of 192.168.1.1
The router is configured to forward ports 137-139.

I have tried assigning incoming connection ips from a pool in the range of
192.168.1.200 - 192.168.1.250, & also allowing the router to assign them.

No matter what I try no name resolution occurs...

If I search for a computer, I can find it, but I cannot connect to it by
name. I can however connect to it by ip.

However:
The router supports vpn-endpoints, & if I allow this to be the endpoint, it
assigns incoming connections in the range of 192.168.1.200 - 192.168.1.250.
Name resolution from these connections works perfectly. However, it does not
support a VPN from a Pocket PC, so I need to use the Win2K server instead.

Any ideas on the fix?
Am I right in thinking that a workgroup uses NetBios for name resolution by
default?
Why would the router terminated VPN resolve names, when a pass-through VPN
does not?

 

[Robert L [MS-MVP]]

quoted from http://www.ChicagoTech.net
Unable to browse through PPTP/VPN connection
Symptoms: 1. If the WINS server is on the same computer as the PPTP/VPN
server, and you attempt to connect to a computer using a PPTP/VPN client,
you may experience following problem: 1) The NetBIOS name of the computer to
which you are attempting to connect is not resolved. 2) You may receive an
error message similar to the following error message: "System error 53 has
occurred. The network path was not found" when using net view or opening
Network Knighthood.
2. If the WINS server is not on the same computer as the PPTP server and you
attempt to connect to a computer using a PPTP client, you may be able to
connect to computers on your local area network (LAN), but you may be unable
to connect to network shares or resources on the PPTP server.
Resolutions: Inability to browse often means the client can't resolve
NetBIOS names.
1. If this is a workgroup network, enable NetBIOS over TCP/IP on the server
and clients.
2. If this is domain network and the WINS server is on the same computer as
the PPTP/VPN server, move the WINS server to a different computer.
3. Add the NetBEUI protocol for your PPTP tunnel instead of, or in addition
to, TCP/IP.
4. By default, most routers and firewalls prevent the transmission of
NetBIOS names unless you enable UDP ports 137 and 138 and TCP port 139. Try
to enable UDP ports 137 and 138 and TCP port 139 across all routers and
firewalls between the PPTP/VPN client and PPTP/VPN server.
5. Make sure the client has correct DNS, WINS and Master Browser settings.
6. Make sure the default gateway points to the remote network rather than to
the ISP.
7. Some ISP might block ports required for NetBIOS name broadcasts.
8. If WINS address is not distributed upon connection to VPN, LMHOSTS should
be configured to enable Domain to be located.
9. If you try these techniques and the client still can't browse, try to use
UNC to connect to the remote resources by ip, for example, use the net use
h: \\serverip\sharename command.
--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

 

[Bill Grant]

RAS/VPN links don't carry LAN broadcasts, so a remote doesn't work like
a LAN client does. If you are not running DNS or WINS, you will have to fall
back to HOSTS or LMHOSTS files to resolve names of LAN machines.