VPN Server behind Wingate

Jun 22 05 7:59 am

We use Wingate pro 6.0.3(not WG VPN!!!)
VPN WIn2003 Server running behind WG.
It doesnot allow to user to be authentificated on VPN server from outside.
How to correctly configure NAT? port? services on WG?
It works fine from inside.

Jun 23 05 2:14 pm

Hi,

Are you hosting the VPN behind WinGate for incoming connections from the internet?

Have you opened the ports and redirected the traffic to the VPN host server on the WinGate firewall? You would do this in Extended Networking--Port Security by adding a new connection from the internet on the appropriate port.

Jun 23 05 5:36 pm

Adding to Matt's post, I believe with Windows 2000 / XP MS VPNs that use PPTP, require TCP port 1723 opened. When it requires a "redirect" to a server behind WinGate, you must also tick the check box "Don't translate Source IP". I can't say I have tested this on 2003 though; let us know how you get on

Jun 23 05 8:25 pm

Hello, thanx for response
I tried to do like jamesc suggested, but client unable to connect message #678 The remote computer doesnot respond...

Also I tried to make WG service on port 1723 for any adapter any IP, and open this port in both way in Extanded networking. In this case client is able to connect, but process stops on Verifying username and password stage.

Jun 23 05 8:32 pm

You don't have to create a sevice to process this - otherwise VPN won't work since Wingate driver provides specific processing for it. All you have to do is to create this port action as James suggested (don't forget to tick "Do not translate source IP" checkbox. Also, make sure that the machine where your VPN server is running, has its default gateway set through Wingate machine.

Jun 23 05 11:05 pm

I did exactly how you suggested
proxy with WG redirect traffic to VPN serv on port 1723(both tcp and udp)
vpn serv has proxy as default gateaway.
But still doesnot work for me(((
Also i tried to telnet VPN server on port 1723, from lan it works, from outside "Connect failed"

Jun 23 05 11:13 pm

Are you use then that your VPN service is active? Can you try netstat -an |more and see if port 1723 is in listening mode?

Jun 23 05 11:31 pm

I think yes
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:53 0.0.0.0:0 LISTENING
//-----------------------------------------------------------------------//
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING

Jun 23 05 11:35 pm

Can you send me routing table from your client machine where VPN server is running?

Jun 23 05 11:58 pm

sent it on your email

Jun 24 05 12:02 am

Thanks, got it.

Jun 24 05 1:22 am

Well, this is where the problem is - you cannot use TCPMapping service for Microsoft VPN handling, because VPN is not only a TCP connection but also other protocols that should be handled (IPSec, for one or PPTP) - you have to remove this mapping and use Extended Networking Port Security action setup as James pointed out.

Jun 24 05 1:26 am

but this service is stopped
i created it during playing around

Jun 24 05 10:46 am

Hi, Dima

Sorry I didn't reply yesterday - yes, I logged in and checked your settings. What kind of license are you using?

Jun 24 05 10:49 am

Wingate pro 50 users, we bought it last may

Jun 24 05 11:00 am

Yeap, I'll try it again in a second - when I tried it a couple of hours ago I might have a problem with Gatekeeper protocol - hold on a sec...

Jun 24 05 11:08 am

Just sent you an email - can you send me your IP address again, please?

Jun 24 05 9:24 pm

Thanx a lot!
Now it seems to be working!!!

Jun 24 05 10:40 pm

No worries