I have setup a Site-to-Site VPN using Sophos UTM at each end. I set up an Ubuntu VM as a WINS Server using Samba.
So far so good. VPN Works.
My problem is with the WINS Server. I have taken two Windows 10 computers and for both of them added the IP of the WINS server under Advanced TCP/IP Settings and changed NetBIOS to Enable NetBIOS over TCP/IP.
The results are close but not quite right. The two computers with the modified settings can now ping each other using computer name rather than IP. Other computers on each end of the VPN can not do that.
That said neither computer shows up in the Networks of the other. This is what I am trying to fix.
It appears that name resolution is working for the computers that check in with the WINS server but that the Windows 10 browsing service is not adding those computers to the network.
The LANs are 192.168.2.0/24 and 10.1.1.0/24 the WINS server is on 192.168.2.0/24 and it comes back as __MSBROWSE__ for that network. For 10.1.1.0/24 the computer that connects to the WINS server is showing __MSBROWSE__ when I check with nbtstat.
When I check services Computer Browser is running.
Can someone help me or at least point me in the right direction? This really shouldn't be this hard so I feel like I'm missing something obvious.
VPN will only work for outside the network, not meant for connections inside the network.
Either you didn't understand the question or that response makes no sense. This is a site-to-site VPN connecting two networks. The issue of cross-subnet browsing is a well known problem.
Anyway in case anyone comes looking changing the WINS node type to H-Node fixed the problem on subnet that does not have the WINS server.
For the subnet that has the WINS server the browsing service has not yet added the other subnets computers but I am making progress.
I think a more elegant solution would be to have another machine running at the other end and I might go that way yet as I found a couple of tutorials on that method but for now I'm trying to do it with every computer reporting to just the one WINS server on one subnet.
Nothing to state differently. See my post above. If the networks are outside of your house, you need to use a standard VPN like Open VPN. What you are trying to do is set up a Domain and use it in the wrong way. If the networks are behind the same modem, it still will not work, because VPN's are meant for outside across the Intranet.
My post says I have a site-to-site VPN setup that works and that even name resolving works -- my problem is just getting the browsing service to work across subnets.
Site to Site will not work with using Ubuntu or any distro as a VM. Use a Headless server running Open VPN. Browsing Services is going to be a little harder if there is a firewall on either side that is blocking.
If you want to work in fixing the SAMBA problem, download Webmin and use it to make the changes. You are also using a Domain setup, so that means that you may want to look at using an alternative like NethServer or Zentyal, that gives you the proper backend for handling Domain and VPN. The easier is going to be NethServer. The stronger one if you are going to be sharing Windows mail, etc, would be Zentyal.
I'm not using Ubuntu -- I'm using two Sophos UTMs with IPsec.
The Ubuntu VM is for a local webserver but I figured it could take on the extra duties of being a WINS server.
The cross-subnet browsing is now working sporadically on one subnet which confirms it is possible I'm just trying to figure out why it is sporadic and why only on one of the subnets.
As it currently stands the WINS server is on 192.168.2.0 and when browsing 10.1.1.0 can see all the computers on 10.1.1.0 and 192.168.2.0 but computers on 192.168.2.0 can only see computers on 192.168.2.0. Name resolution works for all computers on both subnets including across subnets which means that WINS is working but browsing is not.
What are the logs showing, along with the Firewall? Is it showing that the Keep Alive is being dropped on the main side, or remote location? Also is the firewall for Sophos and for the other machine handling the VPN properly? IPSec in itself has had some issues for a long time. Going from a 10.x.x.x/8 to a 192.x.x.x/32 can cause problems if the VPN is not set up properly. You may want to check the Sophos blog to see if anyone else is having this same problem.
Wins is mainly used for Domains, should not be a problem with a VPN.