You are not logged in.

#1 2021-02-11 13:46:42

Jphillips
Member
Registered: 2019-08-23
Posts: 20

Only able to print when connected through VPN

I'm on a university network, and I have to be behind the firewall to print to a printer in the building. My work machine is directly connected to the LAN via ethernet connection, and IT has verified that it is indeed within the network firewall.

Yet if I try to print to our office printer, I get "Unable to connect to CIFS host: NT_STATUS_UNSUCCESSFUL." What's so weird about this though is that if I first connect to the university network through CISCO VPN, and then print to the same printer, everything is fine.

This is a weird problem and I can't even figure out where to begin to troubleshoot. IT is adamant that this is not a problem with the network firewall and much be with my machine  (which is very likely), but I can't wrap my head around why whether or not my machine is connected to the VPN fixes the printing issue, when I'm behind the firewall to being with. Is it a DNS issue or something similar?

Any thoughts would be much appreciated!

Last edited by Jphillips (2021-02-11 13:47:05)

Offline

#2 2021-02-11 14:11:26

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 6,620
Website

Re: Only able to print when connected through VPN

Can you ping the printer by its IP address without the vpn? If yes, then it should be a DNS configuration error, otherwise it's a network configuration error.
Can you access other machines on the network without the vpn?
Is your local IP address in the same subnet with and without the vpn?

Regardless of whether this is a DNS or connection issue, we'll need to know more about how you've configured your system. Are you using systemd-resolvd, netctl, network manager or something else?
Have you added entries to /etc/resolv.conf?  Are you using openresolv?
Etc.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#3 2021-02-11 14:48:12

Jphillips
Member
Registered: 2019-08-23
Posts: 20

Re: Only able to print when connected through VPN

Unfortunately I don't know the printer IP, just the smb name. I've already requested the IP from IT, but let me know if there's a way to ping it just based on the samba network name.

I'm using NetworkManager, and I do have openresolv installed, but I've never configured it so I'm not sure if it's actively running. Right now there are no entries in resolv.conf, just a header line "# Generated by NetworkManager". I have a static IP assigned to my computer, which is configured through NetworkManager. When I connect through my VPN it's a completely different subnet mask.



If I use smbclient to try to list other print shares, I get:

$ smbclient -L //<printer_name>
do_connect: Connection to <printer_name> failed (Error NT_STATUS_UNSUCCESSFUL)

If I think connect to my VPN and rerun this command, it works:

$ smbclient -L //<printer_name>
Enter D\jphil's password:

And interestingly, if I turn off the VPN, it still works, and prompts me to enter my password.

Offline

#4 2021-02-11 15:27:37

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 6,620
Website

Re: Only able to print when connected through VPN

If it works after disconnecting from the VPN then the printer is accessible so it's a DNS issue. It seems that the initial lookup is cached so subsequent queries can re-use the resolved address.

I find it strange that resolv.conf is empty. If you have configured a static IP address in NetworkManager then you should have configured a DNS server address as well. If you haven't, try that. If you have, then maybe it's a matter of conflicting updates to resolv.conf. You can test that by adding the DNS server's IP directly to that file. If that works, you'll have to check with NetworkManager and whatever else you're using (e.g. your VPN client) to see what is overwriting or failing to update resolv.conf.

I'm assuming that NetworkManager uses resolv.conf but I don't actually use it so I may be wrong.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#5 2021-02-11 15:41:25

progandy
Member
Registered: 2012-05-17
Posts: 4,131

Re: Only able to print when connected through VPN

I'm assuming that NetworkManager uses resolv.conf but I don't actually use it so I may be wrong.

I do not use it either, but it can be configured for either systemd-resolved, openresolv/resolvconf, direct /etc/resolv.conf or no dns at all. By default it chooses based on the permissions and symlink status of /etc/resolv.conf.

https://wiki.archlinux.org/index.php/Ne … esolv.conf
https://wiki.archlinux.org/index.php/Ne … management

Last edited by progandy (2021-02-11 15:43:40)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#6 2021-02-11 15:53:49

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 6,620
Website

Re: Only able to print when connected through VPN

@progandy
Thanks for the confirmation.

@jphillips
If you don't know the DNS server, try to get it via the VPN (e.g. connect to the vpn and check /etc/resolv.conf, or check the server in the output of "nslookup archlinux.org")


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

Board footer

Powered by FluxBB