WinGate Forums

[jrscs]

I have been using Wingate since Wingate 3.x and have been able to resolve all my issues without help, until lately. It has taken many hours to track down this problem.

The Wingate Server is running on a Windows 98SE with two NIC’s and is connected to the Internet through DSL using a CISCO 675 router from one of the NIC’s.

Everything has worked correctly through 5.0.7, but starting with 5.0.8 and up through 5.1 I have a problem where it changes the outgoing NIC IP address to one of it’s choosing after about 10 to 15 minutes of use. When this happens there is no outbound traffic to the Internet because it cannot find the gateway.

When Wingate is started I have the following IP addresses on my interfaces and looking in the Advanced Options Network tab in Wingate with the following network interface setting:

10.0.0.2 (defined by the CISCO router using Nat) public yes – trusted no
127.0.0.1 (Loop Back) public no – trusted yes
192.168.0.1 (Static IP address for network reasons) public no – trusted yes
169.254.160.132 (Assigned by Wingate???) public yes – trusted no

When the Extended Network Drivers are enabled and after about 10 to 15 minutes all Internet access is lost. The interface 10.0.0.2 has changed to 169.254.xxx.xxx. Stopping and restarting the Wingate engine does not resolve this issue. It requires a total re-boot of the computer to reset the IP address back to 10.0.0.2 and everything will work correctly for a short time.

This problem is occurring from either an upgrade of Wingate to the next version or a clean install.

I would really like to be able to use ENS for the firewall capability, but at the moment this is not possible because of this problem.

Got any ideas?

[ChrisH]

Hello,

It sounds like the firewall is blocking UDP traffic between your router and NIC. If the NIC isn't assigned an IP address it will default to the 169.x.x.x Can you statically set the IP of the NIC to 10.0.0.2? Does it work then? You could also try opening a port range setting in the ENS which allows packets on UDP port 68 from the Internet (and the router). ENS, Port Security, set to Connections from the internet and UDP, select Add, set port 68 to 68, set Protocol to UDP and Connections from Internet computers and OK.

Hopefully it will work. If not, come Monday, someone more knowledgeable than I will help!

[adrien]

Yep, Chris is right .

Those 169.254 addresses are known as "Autonet" addresses. If you look up with whois, you can see that the subnet is owned by Microsoft. They registered the address space, then used it as a default set of addresses to autoconfigure machines to when they cannot get a response from a DHCP server.

It is odd that this behaviour would have changed recently though. And that it would happen so often. I know that some OSes do validate their IP addresses with the DHCP server fairly regularly (much more often than they should based on the release time and the DHCP specification)... Win2k especially.

If the DHCP client cannot find a DHCP server, or is blocked from it, then such an IP address change would happen. Do you see any hits in your firewall log for anything on port 67 or 68?

Adrien

[jrscs]

ChisH and Adrien

I could try setting the IP address to a static 10.0.0.2, but that was not necessary in 5.0.7 and if so then Wingate would be harder to work with for a novice and require additional help from an ISP to get the connection setup correctly.

Per your suggestion, I changed the Port Security to let port 68 UDP access from the Internet (router). This seemed to work, but in the firewall log a lot of entries about port 67 from 10.0.0.1 sending to 255.255.255.255 UDP port 68. Therefore, in ENS under the firewall tab, I unchecked the box to Log UDP-related messages. It is now working without the firewall entries and the connection does not drop off or change.

I'm going to continue to work on the logging issue, but at least it is staying up.

67 – UDP – bootps – dhcps – Bootstrap Protocol Server
68 – UDP – bootpc – dhcpc – Bootstrap Protocol Client

Thanks for the help.

[adrien]

what this means is that the machine 10.0.0.1 on your LAN is running a DHCP server. Sounds like for some reason WinGate was blocking your LAN access to that machine on port 68 UDP - this is not a default config, so are you sure you didn't modify the port security settings for UDP for "LAN connections to this machine"?


Adrien

[jrscs]

Yes, the 10.0.0.1 is my CISCO 675 router setup with DHCP per my ISP’s directions.

What is funny was when I tried to roll Wingate from 5.0.7 to 5.0.8, 5.0.9, 5.0.10 and 5.1 the results were the same and it would stop working. Roll it back to 5.0.7 and the problem went away.

Finally, I did a clean install of 5.1 and figured out that it was the result of something in ENS.

I could have changed many things trying to get this to work including changing port 68 UDP.

I’m working now on getting Wingate to not block port 67 UDP so the error log will be clean.

Thanks for the information and adding to my education.

[adrien]

if your 10.0.0.2 NIC is blocking port 67 UDP, even though you have set "LAN connections to WinGate PC" to allow this, then you should check your system interfaces... you may have configured that NIC as an external interface.... I can't think of any other reason why the ENS would seemingly disobey the rules you set.

Adrien

[jrscs]

OK, I was finally able to track down why the spoof attempted was appearing in the firewall log from 10.0.0.1 UDP on port 67. In ENS under the firewall tab there is a selection “Discard Spoofed Packets” checked. The documentation shows it checked. By un-checking this item, the error does not show up in the firewall log.

Now everything is working correctly.