Jump to content
SITM

Adding Clients | Driect | Offsite | via VPN

Recommended Posts

We have around 50 laptops that are either :

 

On site LAN(.122 and .123 subnet) conencted via dock (w/IP), direct Network or Wireless (Lan link)

Offsite via VPN (.122 or .123 subnet)

Or offsite LAN (.3 subnet) connected via PVC to Site

 

If they are local then Retrospect has no issues finding them and allowing me to configure the client and start the first backup.  If they conenct over the VPN and even pick up a .122 or .123 IP address Retrospect won't find them and this is the same if they are conencted off-site on the .3 subnet which has a site to site VPN set up and is where Retrospect is running.

 

If I put in the IP direct for the ones conencted over the wireless to LAN sometimes it will find them.

 

Retrospect is running offsite on interface 192.168.3.20 

 

Gateways

Site : 192.168.123.254

Offsite : 192.168.3.254

 

I'm going through the user guide and searching the forums here but was posting in the hope that somebody would nudge me in the right direction in how I cover all corners and what I should be configuring/checking to make sure this all works.

 

Thanks.

 

 

Share this post


Link to post
Share on other sites

I think you may find it comes down to your VPNs. Most by default do not forward broadcast traffic and the default Piton Client discovery mechanism relies on broadcast. 

You may be able have the VPN configured to allow all or some broadcast traffic, depending on the implementation.

Further your remote devices probably get allocated random addresses from a pool when they connect via the VPN, so when you specify the client manually it will work until the next reconnect when it may then have a different address, There is even the possibility of clients clashing. EG if Client A picks up address .123.123 today and backs up successfully, then tomorrow Client B connects and gets given address .123.123 then Retro is going to get very confused.

You may need to investigate mechanisms to allocate your remote clients fixed addresses, eg Mac Binding in your DHCP Server.

Hope this helps

  • Like 2

Share this post


Link to post
Share on other sites

..eg Mac Binding in your DHCP Server.

 

Thanks for your reply.

 

Yes I will look at static IP's but still this means they will only ever be backed up when on-site over the LAN.

 

The other thing I have read is that a WINS server may resolve the VPN issue as this will act as the route to identify the machines.

Share this post


Link to post
Share on other sites

I think you may find it comes down to your VPNs. Most by default do not forward broadcast traffic and the default Piton Client discovery mechanism relies on broadcast. 

You may be able have the VPN configured to allow all or some broadcast traffic, depending on the implementation.

 

 

Exactly.

Retrospect uses UDP on port 497 for broadcast and TCP on port 497 for backups.

 

This might apply to VPN as well:

https://www.retrospect.com/en/support/kb/opening_your_network_firewall_for_retrospect

Share this post


Link to post
Share on other sites

WINS also relies on Broadcast and on Netbios which most VPNs do not forward by default. Depending on your VPN it may be possible to configure it to allow these broadcast packets (I use a Draytek Vigor Router for my VPNs which has an option to allow BroadCast and Netbios packets to traverse the VPN. )

 

With Fixed Addressing the VPN server allocates the remote device an IP address when setting up the VPN, this is either done by the VPN service itself, which may have a facilitiy to set a fixed IP per devince, or otherwise they pass on the request to the Local DHCP Server, where again it may be possible to allocate a fixed address.

Share this post


Link to post
Share on other sites

WINS also relies on Broadcast and on Netbios which most VPNs do not forward by default. Depending on your VPN...

 

We are using the standard windows client and a TP-Link Router -which as far as I can tell doesn't have any settings that I can see that are specific to this.

 

I did set  up WINS and set the server IP on one test machine.  Although it did appear in WINS on the server I still could ping or see this in Retrospect either via the hostname or direct to the IP.

 

~

 

I added the netbios server address in option 044 in DHCP for the test client, but as it's coming in via the VPN it's not even picking up the reserved IP so this reference will mean nothing?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×