Hi all,
Would like to ask some help. Have installed two times trial version Wingate 6. If I connect to the server (= wireless behind a router) via a client directly connected to the internet, it works fine and I can see and connect to all my shared files.
However, if I connect to the server via another connection (wireless via a second router) I see all the computers, but cannot go one level down to my shared files.
There must be a conflict in IP’s I guess, but how to solve? Both routers are SMC Barricade routers and DHCP enabled. Firewall disabled. Port 809 enabled.
Would be grateful for help.
routers and VPN
Moderator: Qbik Staff
5 posts
• Page 1 of 1
by jamesc » Mar 02 07 7:11 pm
Usually when you can see shares, but cannot view the files within, it indicates an issue with the MTU. The first thing you need to do is make sure you are using a recent release of WinGate. If you still have problems then you can test it by using the ping command with certain switches.
Different types of internet connections have different MTU's; e.g. PPOE, 56K, Ethernet etc. I don't have a guide to everyone, but this is basically the process.
With Ethernet for example, the MTU is 1500 - so each packet your computer sends has/could have 1500 bytes of data within it. But when we use the ping command, there is an overhead of 28 bytes; 20 for the ip headers of the packet, and 8 bytes for the ICMP Echo request header. So hence the first payload size of the ping command that we can try is 1472 bytes (1500-28=1472)
So testing:
(Windows) Start menu --> run --> cmd --> ping x.x.x.x -l 1472 -f
*Where x.x.x.x is the ip address of the remote VPN, -l is the switch for the packet payload and -f is not to fragment the packet.
If that command returns
"Packets need to be fragmented but DF set" it means you need to try a smaller payload.
(Windows) Start menu --> run --> cmd --> ping x.x.x.x -l 1464 -f
If you start getting replies to that, you can try a slightly bigger payload to find you optimum MTU setting.
Once you know the MTU you need to the VPN server, then you can adjust your MTU on your local machine network card that is having problems; this can be done by double clicking network interface in GateKeeper --> View menu --> Networks --> Network Connections (bottom centre), and then navigate to the advanced tab, and enter the MTU as the optimum payload + 28 bytes to compensate for the headers of the packet. i.e. if the payload is 1464, then you would set 1492 (1464+28) and reboot your computer and then test accessing the file share again.
Different types of internet connections have different MTU's; e.g. PPOE, 56K, Ethernet etc. I don't have a guide to everyone, but this is basically the process.
With Ethernet for example, the MTU is 1500 - so each packet your computer sends has/could have 1500 bytes of data within it. But when we use the ping command, there is an overhead of 28 bytes; 20 for the ip headers of the packet, and 8 bytes for the ICMP Echo request header. So hence the first payload size of the ping command that we can try is 1472 bytes (1500-28=1472)
So testing:
(Windows) Start menu --> run --> cmd --> ping x.x.x.x -l 1472 -f
*Where x.x.x.x is the ip address of the remote VPN, -l is the switch for the packet payload and -f is not to fragment the packet.
If that command returns
"Packets need to be fragmented but DF set" it means you need to try a smaller payload.
(Windows) Start menu --> run --> cmd --> ping x.x.x.x -l 1464 -f
If you start getting replies to that, you can try a slightly bigger payload to find you optimum MTU setting.
Once you know the MTU you need to the VPN server, then you can adjust your MTU on your local machine network card that is having problems; this can be done by double clicking network interface in GateKeeper --> View menu --> Networks --> Network Connections (bottom centre), and then navigate to the advanced tab, and enter the MTU as the optimum payload + 28 bytes to compensate for the headers of the packet. i.e. if the payload is 1464, then you would set 1492 (1464+28) and reboot your computer and then test accessing the file share again.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Lampie » Mar 04 07 5:42 am
Dear Jamesc,
Thanks very much for the answer. However, it did not help me.
I did all the testing, with positive results. The max MTU seemed to be 1500, but was unable to see the flies on my shares.
When I connected with another client behind a router (SMC Barricade) I immediately had a connection, showing me the computers on my network. When I tried to see my shares with files, nothing happened. When I looked in “Published Routes” I saw following indicated
- 192.168.2.0 / 255.255.255.0 (Ignored/local conflict)
- 192.168.2.130 / 255.255.255.255 (in conflict)
Here the IP 192.168.2.130 is the IP address of the server.
Once again, both the server and the client are behind a SMC router
With a client directly connected to the Internet (the server still behind a SMC router) and when I saw my shares and the files on the shares, these two lines were as follows:
255.255.255.0 / 192.168.2.0
255.255.255.255/ 192.168.2.130
Hope to get your help to solve this issue. Of course tried to find the solution in the forum, but was unsuccessful to find it.
Thanks in advance
Thanks very much for the answer. However, it did not help me.
I did all the testing, with positive results. The max MTU seemed to be 1500, but was unable to see the flies on my shares.
When I connected with another client behind a router (SMC Barricade) I immediately had a connection, showing me the computers on my network. When I tried to see my shares with files, nothing happened. When I looked in “Published Routes” I saw following indicated
- 192.168.2.0 / 255.255.255.0 (Ignored/local conflict)
- 192.168.2.130 / 255.255.255.255 (in conflict)
Here the IP 192.168.2.130 is the IP address of the server.
Once again, both the server and the client are behind a SMC router
With a client directly connected to the Internet (the server still behind a SMC router) and when I saw my shares and the files on the shares, these two lines were as follows:
255.255.255.0 / 192.168.2.0
255.255.255.255/ 192.168.2.130
Hope to get your help to solve this issue. Of course tried to find the solution in the forum, but was unsuccessful to find it.
Thanks in advance
- Lampie
- Posts: 7
- Joined: Feb 16 07 9:30 am
by jamesc » Mar 05 07 1:41 pm
It sounds like one of your networks subnets are conflicting with the other side of the VPN; try changing the subnet on this clients side and then see if you continue having issues.
e.g. VPN Host 192.168.2.x
VPN Joiner 192.168.3.x
I have added some VPN tips below.
Definitions
VPN Host:
The side of the VPN that acts as the server; runs the WinGate/VPN Only Software
VPN Joiner:
The side of the VPN that acts as the client; runs the WinGate/VPN Only Software
VPN Participants:
LAN Clients behind the WinGate VPN Host or Joiner that do not run WinGate/VPNOnly Software. To participate in the VPN they will either:
1. Have their default gateways pointing to the WinGate VPN Joiner/Host on their respective side.
2. OR they will run the QBIK Rip2 Utility Service to automatically discover the routes. http://downloads.qbik.com/qbiknz2/downl ... client.zip
3. OR they will turn on RIP2 on the router, so the router knows to redirect VPN traffic back to the local WinGateVPN installation (Usually on a scenario that WinGate is not their default gateway and do not want to run Qbik RIP2 Utility).
4. Create static routes.
Key points:
1. TCP / UDP 809 needs to be mapped from the router to WinGate VPN "Host"; for exact instructions there is a guide available from here: http://www.portforward.com/english/appl ... g/WinGateV
PN/WinGateVPNindex.htm
2. You should turn off the Windows firewall and any other security suite for the sake of testing if you deem it safe. The Windows firewall is best turned off in the Windows Services on all computers that are part of the VPN.
3. WinGate VPN is a routing based VPN. Each Joiner will need to be on a different subnet to the HOST, as well as the other Joiners.
E.g.
Host 192.168.0.1 / 255.255.255.0
Joiner 1 192.168.1.1 / 255.255.255.0
Joiner 2 192.168.2.1 / 255.255.255.0
Joiner 3 on Dialup only /
4. Check how your network adapters were detected. The network card/modem
pointing towards the internet should be marked as External, and the network card pointing towards the LAN should be marked as Internal. If you only have one network card and it has a default gateway to a hardware router with a firewall, then you can set it as Internal in most cases. Please ask if you need more assistance with this.
GateKeeper --> View menu --> Networks --> (Bottom center will show your
network cards)
Troubleshooting:
1. If you cannot even connect to the VPN, then you will either have a problem caused by a security suites firewall, or you are connecting to the wrong ip address.
2. Check that it is not a NetBIOS issue. So let us say you are trying to access a computer called “JamesPC” on 192.168.0.2; you could test the connectivity and file sharing capabilities as follows.
3. Confirm in the WinGate VPN installation that you have the correct participation set for the connection. It could be either “Local Network”, Local Computer” or “No Participation”. This option is local within the properties of the VPN’s you create.
e.g. VPN Host 192.168.2.x
VPN Joiner 192.168.3.x
I have added some VPN tips below.
Definitions
VPN Host:
The side of the VPN that acts as the server; runs the WinGate/VPN Only Software
VPN Joiner:
The side of the VPN that acts as the client; runs the WinGate/VPN Only Software
VPN Participants:
LAN Clients behind the WinGate VPN Host or Joiner that do not run WinGate/VPNOnly Software. To participate in the VPN they will either:
1. Have their default gateways pointing to the WinGate VPN Joiner/Host on their respective side.
2. OR they will run the QBIK Rip2 Utility Service to automatically discover the routes. http://downloads.qbik.com/qbiknz2/downl ... client.zip
3. OR they will turn on RIP2 on the router, so the router knows to redirect VPN traffic back to the local WinGateVPN installation (Usually on a scenario that WinGate is not their default gateway and do not want to run Qbik RIP2 Utility).
4. Create static routes.
Key points:
1. TCP / UDP 809 needs to be mapped from the router to WinGate VPN "Host"; for exact instructions there is a guide available from here: http://www.portforward.com/english/appl ... g/WinGateV
PN/WinGateVPNindex.htm
2. You should turn off the Windows firewall and any other security suite for the sake of testing if you deem it safe. The Windows firewall is best turned off in the Windows Services on all computers that are part of the VPN.
3. WinGate VPN is a routing based VPN. Each Joiner will need to be on a different subnet to the HOST, as well as the other Joiners.
E.g.
Host 192.168.0.1 / 255.255.255.0
Joiner 1 192.168.1.1 / 255.255.255.0
Joiner 2 192.168.2.1 / 255.255.255.0
Joiner 3 on Dialup only /
4. Check how your network adapters were detected. The network card/modem
pointing towards the internet should be marked as External, and the network card pointing towards the LAN should be marked as Internal. If you only have one network card and it has a default gateway to a hardware router with a firewall, then you can set it as Internal in most cases. Please ask if you need more assistance with this.
GateKeeper --> View menu --> Networks --> (Bottom center will show your
network cards)
Troubleshooting:
1. If you cannot even connect to the VPN, then you will either have a problem caused by a security suites firewall, or you are connecting to the wrong ip address.
2. Check that it is not a NetBIOS issue. So let us say you are trying to access a computer called “JamesPC” on 192.168.0.2; you could test the connectivity and file sharing capabilities as follows.
- Code: Select all
(Windows) Start menu --> Run --> cmd --> ping JamesPC
(Windows) Start menu --> Run --> cmd --> ping 192.168.0.2
(Windows) Start menu --> Run --> \\JamesPC
(Windows) Start menu --> Run --> \\192.168.0.2
3. Confirm in the WinGate VPN installation that you have the correct participation set for the connection. It could be either “Local Network”, Local Computer” or “No Participation”. This option is local within the properties of the VPN’s you create.
Last edited by jamesc on Mar 23 07 10:20 pm, edited 1 time in total.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by Lampie » Mar 07 07 3:22 am
Bingo!!!
Your suggestion JamesC to change the IP settings of the client’s router brought me to the solution. I was not aware of the conflict of having two routers with the same IP range on either site. After changing the IP range of the server to 192.168.1.1 and maintaining the client’s range on 192.168.2.1 I was able to see and use all my shared files.
Thanks a lot for your support JamesC!!!
Your suggestion JamesC to change the IP settings of the client’s router brought me to the solution. I was not aware of the conflict of having two routers with the same IP range on either site. After changing the IP range of the server to 192.168.1.1 and maintaining the client’s range on 192.168.2.1 I was able to see and use all my shared files.
Thanks a lot for your support JamesC!!!
- Lampie
- Posts: 7
- Joined: Feb 16 07 9:30 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests