wingate requirement

Dec 06 04 4:35 pm

what are the requirements to install wingate?

do i need 2 nic?
what os should i have, winxp? or server based?

Dec 06 04 5:29 pm

It depends on what you are going to use Wingate for. 2 NICs are required if you need to route between them - say, you have a DSL router (1 NIC - external) and the second NIC for LAN - that's where your clients will be located. You can use just 1 NIC and a modem or just 1 modem - to use Wingate as a VPN client. In short - the actual requirements in terms of connectivty points depend on your use of Wingate.

Wingate supports OSs from 95 upwards.

Dec 08 04 4:51 pm

will the below config work?

- install wingate on a nt server with only one nic
- nt server ip is 10.0.0.2, subnet 255.255.255.0, default gw 10.0.0.1
- all other workstation ip are 10.0.0.100 to 10.0.0.200
- all subnet mask is 255.255.255.0
- all workstations default gateway is 10.0.0.2
- there is a router that route traffic to internet 10.0.0.1

i know i can point all workstation to my router for internet access, but i want to do an authentication for users before they access to internet.

will wingate able to work in this manner and configure to do authentication?

Please advise, many thanks

Dec 08 04 4:56 pm

What would happen if your users then just pointed their default gateways to 10.0.0.1?

Dec 08 04 4:58 pm

It won't work - the clients will learn that the 10.0.0.1 router has its way outside.

Dec 08 04 5:10 pm

Pascal wrote:What would happen if your users then just pointed their default gateways to 10.0.0.1?

lets assume users will not change any ip settings

Dec 08 04 5:22 pm

If you want to NAT (Default gateway route) you need two interfaces. Otherwise, WinGate can't determine what the interface is - Internal vs External / Private vs Public ? So, your local machines connecting through the WinGate machines will be firewalled, etc.

Your setup can work, but then you need to use Proxy configuration or the WinGate Internet Client.

WinGate is available on a 30 day trial - so that gives you the opportunity to install it and see how it will work in your scenario.

Dec 08 04 7:54 pm

what if i don't want to use Proxy configuration nor WinGate Internet Client?
i don't want to do any client side installation nor configuration
everything will be set on my dhcp server

will it be better if i install another nic?

all workstation on 172.100.100.x network
nic1 is 172.100.100.1
nic2 is 10.0.0.2 and connect to Router (10.0.0.1)

next is how can i setup the authentication part?
want each workstation to key in a password or id or both before can gain access to internet web, pop3 & smtp

possible?

Dec 08 04 9:17 pm

Possible and a lot better. The dual NIC configuration is significantly better. Authentication depends on how your users 'use' their computers.

Personally, I think NTLM is the best and easiest choice. It's supported through the browser, etc. and is reasonably transparent. Your login to the OS then effectively becomes your login to the Internet as well.

http://www.wingate.com/download.php

You can download the WinGate helpfile there to read more about different authentication methods, etc.

Dec 09 04 4:03 pm

i'd downloaded and install wingate6 onto a xphome machine with 2 nic
i also did an enable ip route in registry.

from 172.100.100.3 i cannot ping to 10.0.0.1 but i can ping to 10.0.0.2 and 172.100.100.1

did i missed out some setting in wingate or others?

please advise

Dec 09 04 4:10 pm

Can you ping anything beyond your router? (Outside of the internet)
Can you ping the router from the WinGate Server?
Is your router normally pingable?

Have you double checked the adapter useage in WinGate? Make sure that the NIC connected to your router is marked as "External" and the NIC connected to your LAN is marked as "Internal".

Then, what type (Make and Model - if possible chipset) of network card do you have? Are any of them based on the Realtek 8029 chipset?

Dec 09 04 4:16 pm

i cannot even ping my router, i can only ping my wingate server
router is ping enabled

yup, internal and external was set correctly

i'm using a SIS 900 PCI and a USB smartNIC

Dec 09 04 4:20 pm

Can you ping anything beyond your router? Try something like wingate.com.

Can you ping the router from the WinGate Server? This helps us narrow down where the problem is.

Dec 09 04 4:31 pm

i think is my other router issue, now i added a route in my 10.0.0.1 router and its quite ok.

Dec 09 04 9:37 pm

sosibor wrote:...
next is how can i setup the authentication part?
...

Just some info:
If you are using Win2k3 DHCP server authentication won't work :(.
You have to use Wingate DHCP server for authentication to work.
Info is posted here:
http://forums.qbik.com/viewtopic.php?t= ... entication

Hope Wingate will do something about this...

Dec 09 04 9:40 pm

Slight correction on that statement. Authentication will work. The only thing that will not work is username assumption by machine; rather than by IP. This has been the case since the first release of Wingate to include DHCP - for it to assume that it has to actually serve the information to the client. (So it knows everything about the client)

Dec 10 04 2:30 pm

for authentication, is it a must to set browser to use my wingate server as proxy? can i don't set any proxy for client's browser?

Dec 10 04 2:40 pm

Depends on how you want to authenticate. There's a distinct difference between the two concepts here. So, to hopefully explain things clearly:

Authentication is when the server and the client exchanges some form of knowledge about the identity of the user and provides a means of validating that that knowledge is correct.

In WinGate, assumptions mean that the WinGate server assumes the user is somebody by identifying where the connection is coming from. An assumption is not as strong as authentication (Because it could be anyone using that computer)

So - if you are using NAT on it's own you are limited in what you can do. As this is essentially a stream of traffic going through the WinGate Server you can basically only use assumptions as there is no way to know what higher level protocol is in operation. (And thus inject a form of authentication into the stream)

With proxies, WinGate knows and understands the higher level protocol. It is then able to provide authentication mechanisms for the user. The same with using the WinGate Internet Client - because it must make a WRP connection to the server first, they can exchange authentication information.

If you are using NAT however, you can enable Intercepts. (On the sessions page of the WWW Proxy Server in WinGate 6). Once you do that, all NAT traffic on the specified ports (Usually port 80) will be redirected through the proxy - allowing you to authenticate it.