Is Wingate VPN necessary for inbound traffic?

[Waterregister]

Hello, I have been unable to work out if Wingate VPN is required for managing inbound requests from the internet.

I would like to allow an internet user (on http port 80) to access an internal host to consume a webservice on that host. The host currently successfully consumes webservices on internet hosts via Wingate. I am trying to achieve the reverse now.

If the VPN is necessary then so be it, otherwise any advice on how to go about allowing the inbound traffic would be greatly appreciated.

thank you

[adrien]

Hi

for that, you use a feature normally called reverse proxy. So VPN is not required.

Reverse proxy is a function of the WWW proxy server. It's found in the "web server" tab in the WWW proxy. That is where you define what happens when a client treats WinGate like a server rather than a proxy (which is the case when the clients are on the internet and you're reverse-proxying to an internal server).

You will need to do several things:

1. Bind a WWW proxy to the external interface.
2. Lock it down so people can't use it for forward proxying - else they will bounce off your proxy to send spam. This basically involves using policy to deny all proxy and CONNECT requests. This in turn comes down to using flow-chart policy on the ProxyRequest and ConnectRequests events, where the event is hooked straight to a reject result.
3. Use the web server settings to determine which internal server to connect to for which sites / hostname requested by external clients.
4. We normally recommend disabling plugins on the reverse proxy WWW proxy as well (general tab, disable caching, web activity).

Regards

Adrien de Croy

[stobby256]

I never used WinGate for my VPN at all...
Just set server 2012 to be a VPN host, and it all 'just worked' from there.

Regards incoming traffic, I used port forwarding on my router for RD access... I left Wingate alone and all is well.

Steve

[Waterregister]

Thanks for the tip Adrien.
I now have functioning inbound path to an internal test web server on Port 80 and it works well.

However, I now want to use port 443 for an SSL connection on that link to the same destination server but I cannot get it to work.

I have made the changes to the Reverse Proxy service I configured for port 80:
- in the General Tab - I set the service port to 443
- in the Bindings Tab - the adapter address is now assigned port 443
- in the Web Server tab
- the default site is a Reverse proxy to <destination ip address>
the Settings in that site are:
- Action = Reverse Proxy
- Server = <destination ip address>
- port = 443
- Use SSL/TLS = True

The SSL connection should just return an XML page

A network sniffer shows the packets not making it past the reverse proxy interface

Is there a parameter I am missing or some advice you can provide.

Thank you very much for your help so far

Julian

[adrien]

Hi Julian

when using the WWW proxy to reverse proxy https traffic, you need to have your certificate installed in WinGate, and in the binding policy that sets the WWW proxy to listen on port 80, select also to use SSL, and choose the certificate.

Alternatively, if you only ever pipe SSL to one internal server, you could use a Extended Networking port redirection to redirect port 443 to the internal server, or use a TCP mapping proxy to do the same.

Regards

Adrien de Croy