WinGate Forums

[sduffey]

We added a second internet connection to our Wingate box. I was successfully able to route outgoing web traffic through it using the gateways option in one of the proxies. However I have had zero luck trying to come IN through the new connection. I configured one of our tcp mappings to only bind to the the new external IP address. However when I try to attempt to hit it from the internet I see nothing on the firewall at all. I don't see it blocked, I don't see it logged, I don't see the attempt anywhere. It's driving me a bit batty.

When the second internet connection came online it also kncoked our two external VPN connections offline and I have been unable to get them reconnected either. I'm sure it's related.

I would love any direction on how to troubleshoot the issue.

Running Wingate 6.6.3

[sduffey]

Some more details. I just upgraded to 6.6.4 just to rule out not having the latest and greatest version. It didn't help the problem.

I also noticed some other odd behavior. It seems after a period of time outgoing traffic will cease to go out the new external connection. If I go into the proxy gateway config and change it back to "Use any available connection" it will revert back to using out original internet connection and traffic will once again flow.

After doing this, I can go back in and add the new external internet connection back as the preferred gateway and traffic will once again flow out the new pipe. So traffic is dying somewhere within in Wingate it seems.

[sduffey]

My original internet connection had a metric of 10. The new internet connection was automatically assigned a metric of 30. When I tried to explicitly route INCOMING traffic to the new internet connection it would just not work, even if I only had that new interface bound to the tcp mapping. The same behavior was observed with an incoming web reverse proxy. Worked fine on the original connection, if I tried to come in the second connection, nothing.

For the hell of it I went in and changed the metric of the new connection to be LOWER than the old connection. BANG, now that interface will accept incoming traffic and the old connection is BROKEN for incoming traffic.

So in a nutshell it seems that Wingate does not handle incoming traffic on two different internet paths as you would expect. Well, it doesn't at all from what I have seen.

Is this a bug or by design? Either way, is there some way I can have incoming traffic from the net hit TWO interfaces successfully? This bug also appears to have broken my incoming Wingate VPN connections as well.

I'd be happy to send a packet capture along if that would help disgnose the issue.

[sduffey]

I've been working with Adrien on this via email. I was able to set the metric on both outgoing internet connections to the same value. Once I did that I was able to come into either one successfully from the internet.

Now I just need to get the VPN client working again.