IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Two things.
I strongly suspect that there is still a culture inside the writers of the Windows networking stack of wilfully ignoring as much of the non-Windows world as they can. My Win7 box simply cannot be seen by anything else on my LAN until it initiates a connection first. I've turned off the local firewall, removed rules that seem to involve blocking connection requests... nothing works. I have to try to make a connection from the Win7 box first. Very annoying.

Secondly, I don't understand how VPNs work from Windows, either. I have the same problem when I connect to work, which is mildly annoying. But bizarrely, if I have a connection already open from another PC on my LAN when I connect, the connection stays up! Took me only a few minutes to discover this because I'd already discovered the above problem. It did mean I could connect to my Linux desktop at work from another Linux PC at home. Using the VPN client on my Win7 box.

Seriously, the network coders for Windows must be on something illegal to think this all makes sense.

Wade.
Just Add Story http://justaddstory.wordpress.com/
New 1) I think you're right. 2) Thanks for the tip!
New On VPNs and things
To be honest, the VPN fickleness is not just Windows' fault. That falls largely on the VPN vendors. If you think one is a problem, see what happens if you need access to networks behind different vendor's VPNs... (I'm not talking about needing simultaneous access, just trying to keep the things from killing each other and Windows.)

Most VPNs I've encountered are configured to cut the client off all networks except the work net. That is normally a gateway policy and the client has no control over it. Usually to prevent exactly what Static is doing ;-)

I haven't used Cisco's yet, but it is possible that flipping the LAN access checkbox causes the gateway to lock the client out at that time.

For the share access issue: there is a big fork in the road. Prior to OSX Lion. Apple used Samba. With Lion, they switched to a proprietary reimplementation of SMB. Behavior and possible fixes depend on exactly what is on the Mac Mini.
New Interesting.
The Mini has Snow Leopard Server. I toyed with putting Lion and now Mountain Lion on it, but read things here and there that said various things were removed and other things broken, so I've not bothered. It sound like there are even more reasons not to "upgrade"...

I have figured there must be ways to get this stuff working in a more transparent and automated way, but I haven't taken the time to find out how. It's usually not a major issue for getting stuff done, it's just every few months I spend a few hours trying to get past some hurdle... :-(

I'm tempted to just buy a stand-alone networked PostScript printer to at least do away with that source of networking aggravation.

Thanks for the VPN info - I've wondered how it was "smart enough" to know what to encrypt and what to leave alone - I guess it doesn't bother to distinguish. It just shuts the unencrypted stuff off (unless the checkbox acts as you expect).

This does seem to me to be something that should have been resolved long ago. Of course people are going to want to use a printer while they're connected to their work machines! <sigh>

Thanks.

Cheers,
Scott.
(Who appreciates it can always be worse!)
New Client networking.
Actually, I suspect the proclivity of VPN client software to "hide" the rest of the LAN is more likely descended from assumptions made years ago that users-at-home have One (1) PC And It Connects Directly To The Internet. :-/

"Never attribute to malice what can be explained by ignorance."

Wade.
Just Add Story http://justaddstory.wordpress.com/
New Close
This is not BAD (ie, Broken As Designed), this is really on purpose and with a bit of thought.

When you are on the VPN, it has the choice of handling all packets or just packets out a particular interface (physical or virtual). If it neglected to handle ALL packets, then it would allow the possibility for someone actively hacking into you WHILE you are connected to the corp LAN, which in turn would be the gateway into hacking the corp lan side.

So, instead they will turn off all possible packets except those that are routed through the VPN connection, and in some cases, route everything (including your internet traffic) for a pass through the VPN gateway and firewall, and then out THEIR internet connection, and back again. Adds a bit of lag.
New I... think that makes sense...
Y'know I might talk to the helpdesk about that, out of curiosity.

I can see a case for it to catch all non-local traffic (i.e. basically override the default gateway) which would leave the local LAN working. But I can see why it'd need to scotch incoming traffic that wants to return out the "normal" gateway (i.e. the real ISP link). Hmm.

(And I remembered exactly how I circumvented that with my remote desktop trick: I'd SSHed from the Win7 box to the Linux box, then I started the VPN, then I initiated an SSH tunnel between the Linux box here and the Linux box at work. :-)

Wade.
Just Add Story http://justaddstory.wordpress.com/
     I hate networking... - (Another Scott) - (11)
         Two things. - (static) - (6)
             1) I think you're right. 2) Thanks for the tip! -NT - (Another Scott)
             On VPNs and things - (scoenye) - (4)
                 Interesting. - (Another Scott)
                 Client networking. - (static) - (2)
                     Close - (crazy) - (1)
                         I... think that makes sense... - (static)
         Oh, and 64-bit Win7 Home doesn't have secpol.msc - (Another Scott) - (3)
             Workaround - (scoenye) - (2)
                 Ah. Excellent. Thanks very much. -NT - (Another Scott)
                 Works. I can print to OSX from Win7 Home 64-bit. Thanks! -NT - (Another Scott)

The third one burned down, fell over, and then sank into the swamp.
50 ms