Communication between networks

[Quattro Pete]

I've got personal computers in two homes (physically separate locations, not on the same network.)

Clients in home1 are in the 10.0.0.x network.
Clients in home2 are in the 10.0.2.x network.

I've got OpenVPN configured on the two routers and the VPN tunnel is up. However, clients in home2 can only see one client in home1 - this happens to be a network drive which is plugged directly into the router in home1. But I also have a PC in home1 on which I have shared (in Win7) a USB-attached drive. What else do I need to do to make this PC visible/accessible to the clients in home2? Is there some setting in Windows Firewall that I have to enable? Windows Firewall has this entire "Connection Security Rules" section, but I don't really know what needs to be set up there, if anything.


FYI, I've got network sharing options enabled on that PC:
- Network discovery is on
- File and printer sharing is on
- Public folder sharing is on

 

[OVERKILL]

What happens when you try to ping hosts from each of the remote subnets?

 

[Quattro Pete]

From home2, I am able to ping just that NAS that I mentioned is plugged into router in home1, but when I try to ping that PC where I have the USB drive shared, it fails (Packets: 5 transmitted, 0 received, 100% lost).

 

[OVERKILL]

OK, and on that PC, if you disable windows firewall, can you ping it?

 

[Quattro Pete]

Yes.

 

[OVERKILL]

OK, then can you access the network shares at that point?

 

[wwillson]

Pete,

All hosts that need to talk to a remote host will need to have a default gateway (next hop) that has a specific route to the remote subnet. What do the hosts at both sites have for their default gateway? Does that default gateway have a route for the other side of the tunnel?

Wayne

 

[dparm]

I'd bet that RIP isn't enabled, or is set wrong. But yes, Wayne is right -- the gateway is probably misconfigured.

 

[Quattro Pete]

Originally Posted By: OVERKILL
OK, then can you access the network shares at that point?

I believe so, but I don't want to have the Windows Firewall permanently turned off. I was trying to find out what I exception/rule I need to set in Windows Firewall to make it work.

 

[Quattro Pete]

Wayne, Dan,

If that was the case, then I wouldn't have been able to reach any of the hosts on the other side, but as I mentioned above, I can reach some but not the others. The ones which I cannot reach are running Windows. The moment I turn off Windows Firewall on those PCs, those PCs become reachable, so I believe it is strictly Windows Firewall that is blocking access to those PCs from another subnet.

 

[OVERKILL]

Originally Posted By: Quattro Pete
Wayne, Dan,

If that was the case, then I wouldn't have been able to reach any of the hosts on the other side, but as I mentioned above, I can reach some but not the others. The ones which I cannot reach are running Windows. The moment I turn off Windows Firewall on those PCs, those PCs become reachable, so I believe it is strictly Windows Firewall that is blocking access to those PCs from another subnet.


Yup, that's why I had you test the stuff I did. Initially you noted that at least one host was reachable, which led me to conclude that the VPN was probably setup correctly.

Once you were able to ping the Windows host with the Windows Firewall disabled I knew we had found our issue, LOL

Normally I just do a \\hostname on the source PC with the name of the destination PC and don't bother with network discovery. You can't ping it because Windows Firewall is blocking ICMP, however you should be able to still access the share by hostname.

What version of Windows are you running on the remote host we did the testing with? You should be able to go to Network and Sharing Center (assuming Windows 7), Windows Firewall -> Advanced Settings and create permit rules for the VPN subnets (you'll need to make corresponding inbound/outbound rules, like on the router).

 

[Quattro Pete]

Originally Posted By: OVERKILL
You should be able to go to Network and Sharing Center (assuming Windows 7), Windows Firewall -> Advanced Settings and create permit rules for the VPN subnets (you'll need to make corresponding inbound/outbound rules, like on the router).

Thanks. Yeah, well, that's kind of what I was asking about in my original post - I can't figure out how to set these custom rules out to make it work. It's Windows 7.

 

[OVERKILL]

Originally Posted By: Quattro Pete
Originally Posted By: OVERKILL
You should be able to go to Network and Sharing Center (assuming Windows 7), Windows Firewall -> Advanced Settings and create permit rules for the VPN subnets (you'll need to make corresponding inbound/outbound rules, like on the router).

Thanks. Yeah, well, that's kind of what I was asking about in my original post - I can't figure out how to set these custom rules out to make it work. It's Windows 7.




Create "Permit All" rules in both directions for all services, using the subnets you've defined for both sides of the VPN.

Alternatively, unless these are laptops that are going to be visiting other networks, you could just disable Windows Firewall. It is incredibly redundant when the computer is already behind a gateway/firewall device

 

[Quattro Pete]

Originally Posted By: OVERKILL
Create "Permit All" rules in both directions for all services, using the subnets you've defined for both sides of the VPN.

Thanks! Got it working now.

 

[OVERKILL]

Awesome

You are quite welcome