WinGate Forums

[Hoof Hearted]

I Installed Wingate and got it working last week. My clients for now are configured with a proxy server in their internet settings.

However in the Gatekeeper history, the user name is not logged. I read somewhere that I can fix this by installing WGIC on my clients. I opened port 2080 both on the server and and my client pc and then installed WGIC but then I lost internet connectivity. Although in Gatekeeper I can see "WRP Control Session" entries in History and Activity. So I have 2 questions:

1. What might the reason be that I cannot get WGIC working on my pc?

2. Is there an easier way to get the username logged in Gatekeeper Hostory?

Ian

[Nev]

Hello Ian,

Yes without WGIC is probably the best.

One easy way to try this is to enter the client names / host pc's in the 'Users' tab of Gatekeeper's Control panel.

There is an entry for 'Assumed Users' where you can associate their logon user name, or if required on a per machine basis by the IP address of the client LAN pc.

Or, if the users' are all present in the database of the Wingate machine you can synchronise them with Windows too in the 'Database Options' area.

[Hoof Hearted]

Thanks for the reply, but my problem is that I cannot get my clients to connect to the internet by using WGIC. This is an SBS2008 server. All the clients are already there. Before I installed WGIC they could connect to the internet if I entered the wingate server ip as a proxy server, but they cannot connect using WGIC.

When I install WGIC on a client, the setup program always reports that a Wingate Server cannot be found. It tells me to click the back button to reenter the information, but when I do so, there is no opportunity to enter anything. I always configure the server manually afterwards. I know the client is seeing the Wingate server because it will complain if I enter any wrong information in the Control Panel applet.

The Wingate Server is logging Activity and History events, but no web pages are being received by the client. I just get 'Internet Explorer cannot display the web page'. I cannot even get a web page displayed if I type an IP Address.

I hope someone can help please?

[logan]

1. Is the windows firewall enabled on your SBS server? If so, make sure ports 368 and 2080 are opened. 368 is the discovery port that lets clients automatically find the WinGate server on the network. 2080 is the Winsock Redirection port that the WGIC's actually connect through. From your description of the problem, it sounds like these ports are blocked.

2. Does the client have a DNS server set that can resolve Internet domain names? This is a requirement of WGIC, similar to NAT.

[Hoof Hearted]

Christmas got in the way of me sorting this out. I've had some success, but only limited success....

Port 368 wasn't open on the firewalls. I've opened it both on the clients and on the server. 2080 was opened right from the start.

When I install WGIC it always says that it cannot detect any Wingate Servers, but afterwards when I manually configure the IP address, I get a pop-up dialog saying that it connected.

I found a couple of annoyances in the Gatekeeper -> History. Sometimes it lists the username correctly. Sometimes when I browse the internet, the username is logged as 'System', and if another user logs in, the previous username is logged in the history.

On another client, the connectivity seems to be intermittent. It's really strange. I can ping www.google.com and get replies, but Windows explorer says page not found. I tried the 'Reset Client' button in WGIC without succes. Can you confirm please that when I use WGIC, the client doesn't need any proxy settings?

I decided to disable all firewalls temporarily in order to troubleshoot this. On SBS this is achieved by editing a Group Policy setting. Unfortuantely when I changed this, every client lost network connectivity. So I had to re-enable it again immediately.

[genie]

WGIC relies on a broadcast on port 368 to detect Wingate presence - so if UDP broadcasts are not handled gracefully, WGIC client wouldn't be able to see it automatically - this is why manual override worked for you. WGIC clients do not require proxy to be configured - however, if you can try turning transparent redirection off on Wingate server (HTTP service settings, see Sessions) and try again, it gives us some more information.

[Hoof Hearted]

I hadn't realised that UDP Port 368 needs to be opened. I had been opening the TCP port. Ok so now when I install WGIC, it detects the server.

Turning off the transparent redirection didn't seem to have a noticeble effect.

I found out now that the antivirus seems to be part of this problem.... I'm using Trend Micro 'Worry Free' on the server. This has a client application which runs on all the client pc's.

So my situation now is that I can get internet connectivity on the client only if the antivirus client is unloaded and if I have proxy settings configured.

I'm wondering perhaps if the antivirus program on the server is having an effect. I cannot get connectivity through WGIC at all.

I went to a client that has never had the antivirus client installed. The internet router is on the internal network. So this client alread had internet access. I opened UDP port 368 and installed WGIC. The pc no longer had any internet connectivity. Then I configured proxy settings to the wingate server and then it could connect again.

Interestingly, after I installed WGIC, although IE could not display web pages, I could go to the command prompt and succesfully ping those sites. Like I said previously, configuring proxy settings fixed IE.

[genie]

Hi,
TrendMicro uses LSP client while checking for internet-related issues - and it can interfere with WGIC.

[Hoof Hearted]

Like I said on my previous post, I installed WGIC on a client that has never had Trend Micro installed. WGIC does not work. So Trend Micro cannot be the culprit.

My gut feeling is that the problem is on the Wingate Server. Is there something that may be mis-configured on the Winsock Redirector Service for instance?. My clients can get a proxy connection, but not WGIC.

I just tried again on that client which doesn't have AV installed. When I open IE, I see a wingate dialog which says 'Bytes received 1' and 'Bytes sent 1'. This stays on the screen for 5 seconds and then disapears. IE then sits there with a blank screen for a while before eventually saying 'Page cannot be displayed'. However, in the status bar IE shows the IP address of the site it is attempting to reach. So the Site address is being resolved somehow.

Ian

[genie]

Is there anything installed on the server side then? Do you see a session initiated from the client when you open Gatekeeper?

[Hoof Hearted]

Sorry this thread is dragging on. I only work for this client 2 days a week.

Yes I do see a session initiated in the Gatekeeper history. This occurs when I open IE on the client. At the same time, the client displays the dialog saying 1 byte received and 1 byte sent.

I'm not sure what you mean when you ask if anything is installed on the server side. This is a normal SBS2008 server which has got Trend Micro Worry Free antivirus on it. I can't think of anything else which has been installed.

Ian

[Hoof Hearted]

So the more I think about this, it sounds to me like WGIC is correctly installed, but the server is unable to to supply data to it.

I'm getting put under pressure to sort this now. We purchased Wingate a month ago and i've not been able to make it function correctly yet. Any suggestions gratefully accepted.

Ian

[Hoof Hearted]

I found something today, and i'm not sure of the relevence.....

Firstly, i've completely unloaded all the antivirus services on the server. So neither the client nor the server are running any anti virus software.

Wingate has installed itself with 2 bindings for each service. One is the Software loopback adapter and the other is the network connection on the server. I was experimenting with the bindings on the Winsock Redirector Server. I found that if I deleted the binding to the network connection, the client pc got internet connectivity. But when I looked in the Gatekeeper history, it was logged as NAT traffic. I need it to be WGC.

Anyway I think this proves that the client is connecting with the server ok. So I think I am looking at a configuration issue on the server.

This server has a single network card and links to the internal network the same as all the clients do. The router is also on the internal network. Can anyone tell me how the bindings should be set up for the Winsock Redirector please?

[Hoof Hearted]

I noticed 2 things in the help file which I need to ask about in here......

1. I noticed this paragraph relating to Bindings Configuration:

'Once the request has been received on the an internal (LAN) interface from a WinGate client on the LAN, then WinGate will automatically use any network interface that has it's usage marked as External to access the Internet to fulfil the client request'

The Wingate server only has 1 network adapter, and this is marked as Internal in the Networks Tab. How does this fit in with the above paragraph in the help file?

2. In Help -> Wingate Services -> Wingate System Services -> Wingate Redirector Service -> Central Configuration, there is a screen shot which shows the Winsock Redirector properties. In this screenshot, there is an icon called 'Central Configuration'. I dont have this icon on my system. Is this relevent?

Ian

[genie]

Hi, Ian

Since you have only one interface, Wingate will us it for communicating to the server - provided there is a route to it (like a default route, for one). Can you drop me your Wingate server's routing table?

Regards,
Gene

[Hoof Hearted]

Wingate seems to be working for Proxy and Nat. So I would be surprised if it was a routing table problem. Here's the routing table as requested though.....

===========================================================================
Interface List
11 ...00 24 e8 5b de 3a ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{DACB0A0F-61FF-47FA-8BD1-54EE4A6D4C5B}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.1 192.168.16.2 15
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.16.0 255.255.255.0 On-link 192.168.16.2 266
192.168.16.2 255.255.255.255 On-link 192.168.16.2 266
192.168.16.255 255.255.255.255 On-link 192.168.16.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.16.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.16.2 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.16.1 5
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::291d:3640:fa0c:47fc/128 On-link
11 266 fe80::9554:5125:76d6:51bd/128 On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes: None