IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New I hate networking...
I've got a program on my work laptop computer running Win7 that I'm using at home at the moment. The program has various configuration files in some sort of binary format. The program will let me print some of the configuration files. I want to print those files here at home. The printout is ~ 87 pages.

The laptop is configured for my work Windows workgroup called, say, "Work".

Our home wireless Windows workgroup is called, say, "Castle".

Our home printer is attached to the Mac Mini Server. It has SMB active and the workgroup is called "Castle".

I apparently have to log into the Mac Mini Server from the Win7 laptop to have the Lexmark E234 printer be visible. That makes no sense to me (if Everyone on the LAN can print, why make me log in?), but I do that via "Map Network Drive" - I define a drive "Z" to map to the Mini's Public directory. After do that, I can print the Win7 test page to the printer. And I can print e-mails.

Yay.

But the home network connections are broken when I use VPN to connect to machines at work. So I can't print here then, or see shares on the home network. (There is a setting in the Cisco VPN client - "Allow local LAN access" - that one would think would allow access to my home LAN, but when that is checked I don't have any remote or local shares access.)

And I can't print more than one page of the configuration files (the printer throws an error and starts spewing out a single line of low ASCII glyphs per page).

Grr...

Cheers,
Scott.
(Who just wanted to vent a little.)
New Two things.
I strongly suspect that there is still a culture inside the writers of the Windows networking stack of wilfully ignoring as much of the non-Windows world as they can. My Win7 box simply cannot be seen by anything else on my LAN until it initiates a connection first. I've turned off the local firewall, removed rules that seem to involve blocking connection requests... nothing works. I have to try to make a connection from the Win7 box first. Very annoying.

Secondly, I don't understand how VPNs work from Windows, either. I have the same problem when I connect to work, which is mildly annoying. But bizarrely, if I have a connection already open from another PC on my LAN when I connect, the connection stays up! Took me only a few minutes to discover this because I'd already discovered the above problem. It did mean I could connect to my Linux desktop at work from another Linux PC at home. Using the VPN client on my Win7 box.

Seriously, the network coders for Windows must be on something illegal to think this all makes sense.

Wade.
Just Add Story http://justaddstory.wordpress.com/
New 1) I think you're right. 2) Thanks for the tip!
New On VPNs and things
To be honest, the VPN fickleness is not just Windows' fault. That falls largely on the VPN vendors. If you think one is a problem, see what happens if you need access to networks behind different vendor's VPNs... (I'm not talking about needing simultaneous access, just trying to keep the things from killing each other and Windows.)

Most VPNs I've encountered are configured to cut the client off all networks except the work net. That is normally a gateway policy and the client has no control over it. Usually to prevent exactly what Static is doing ;-)

I haven't used Cisco's yet, but it is possible that flipping the LAN access checkbox causes the gateway to lock the client out at that time.

For the share access issue: there is a big fork in the road. Prior to OSX Lion. Apple used Samba. With Lion, they switched to a proprietary reimplementation of SMB. Behavior and possible fixes depend on exactly what is on the Mac Mini.
New Interesting.
The Mini has Snow Leopard Server. I toyed with putting Lion and now Mountain Lion on it, but read things here and there that said various things were removed and other things broken, so I've not bothered. It sound like there are even more reasons not to "upgrade"...

I have figured there must be ways to get this stuff working in a more transparent and automated way, but I haven't taken the time to find out how. It's usually not a major issue for getting stuff done, it's just every few months I spend a few hours trying to get past some hurdle... :-(

I'm tempted to just buy a stand-alone networked PostScript printer to at least do away with that source of networking aggravation.

Thanks for the VPN info - I've wondered how it was "smart enough" to know what to encrypt and what to leave alone - I guess it doesn't bother to distinguish. It just shuts the unencrypted stuff off (unless the checkbox acts as you expect).

This does seem to me to be something that should have been resolved long ago. Of course people are going to want to use a printer while they're connected to their work machines! <sigh>

Thanks.

Cheers,
Scott.
(Who appreciates it can always be worse!)
New Client networking.
Actually, I suspect the proclivity of VPN client software to "hide" the rest of the LAN is more likely descended from assumptions made years ago that users-at-home have One (1) PC And It Connects Directly To The Internet. :-/

"Never attribute to malice what can be explained by ignorance."

Wade.
Just Add Story http://justaddstory.wordpress.com/
New Close
This is not BAD (ie, Broken As Designed), this is really on purpose and with a bit of thought.

When you are on the VPN, it has the choice of handling all packets or just packets out a particular interface (physical or virtual). If it neglected to handle ALL packets, then it would allow the possibility for someone actively hacking into you WHILE you are connected to the corp LAN, which in turn would be the gateway into hacking the corp lan side.

So, instead they will turn off all possible packets except those that are routed through the VPN connection, and in some cases, route everything (including your internet traffic) for a pass through the VPN gateway and firewall, and then out THEIR internet connection, and back again. Adds a bit of lag.
New I... think that makes sense...
Y'know I might talk to the helpdesk about that, out of curiosity.

I can see a case for it to catch all non-local traffic (i.e. basically override the default gateway) which would leave the local LAN working. But I can see why it'd need to scotch incoming traffic that wants to return out the "normal" gateway (i.e. the real ISP link). Hmm.

(And I remembered exactly how I circumvented that with my remote desktop trick: I'd SSHed from the Win7 box to the Linux box, then I started the VPN, then I initiated an SSH tunnel between the Linux box here and the Linux box at work. :-)

Wade.
Just Add Story http://justaddstory.wordpress.com/
New Oh, and 64-bit Win7 Home doesn't have secpol.msc
One part of the "fixes" for networking and printing from Win7 to OSX involves making sure that that the LAN Manager Authentication Level is changed to "Send LM & NTLM - use NTLMv2 session if negotiated". http://forums.macrum...read.php?t=776672

Of course, Home versions of Winders, like on my new Toshiba R835-P88, don't have that.

So I can't print to our Lexmark printer on the Mini from my Toshiba laptop running Win7 without sending MS $65 to upgrade to Win7 Pro. Naturally XP Home on a Lenovo netbook didn't have these issues.

Grr...

Cheers,
Scott.
(Who thinks he will be spending more time with Linux on the Toshiba...)
New Workaround
http://www.sevenforu...y-workaround.html

The .msc files are just management console snap-ins. I think I may be able to locate one somewhere (or the gpedit superset).
New Ah. Excellent. Thanks very much.
New Works. I can print to OSX from Win7 Home 64-bit. Thanks!
     I hate networking... - (Another Scott) - (11)
         Two things. - (static) - (6)
             1) I think you're right. 2) Thanks for the tip! -NT - (Another Scott)
             On VPNs and things - (scoenye) - (4)
                 Interesting. - (Another Scott)
                 Client networking. - (static) - (2)
                     Close - (crazy) - (1)
                         I... think that makes sense... - (static)
         Oh, and 64-bit Win7 Home doesn't have secpol.msc - (Another Scott) - (3)
             Workaround - (scoenye) - (2)
                 Ah. Excellent. Thanks very much. -NT - (Another Scott)
                 Works. I can print to OSX from Win7 Home 64-bit. Thanks! -NT - (Another Scott)

There are 178 parent languages on our planet, with over 1000 dialects. It's amazing we communicate at all.
112 ms