Directing Some Sites Through a VPN Interface

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Directing Some Sites Through a VPN Interface

Postby beach40 » Jan 24 13 2:20 am

Hello
I have installed WinGate and am able to direct all traffic to my Wingate Server (192.168.1.18) and then direct that traffic through a VPN interface which goes to the USA (so I can watch USA video content from Canada). I set up the proxy settings in Windows 7 LAN settings on my client PC. All the HTTP traffic goes to WinGate and then to the VPN Interface and this is good. If I want to watch Canadian content then I have to de-select my proxy settings on my Windows 7 PC and select it for USA content.

Now I want to tweak the setup by sending only the USA website traffic to Wingate and not any other site. The reason is that I want to watch both Canadian content and USA content without having to change settings. Here is what I did: I do not have any Proxy settings enabled in Windows 7. I did change the host file for the sites that I want to send to WinGate and instead of getting that address from the DNS it gets it from the host file and the address that I use is the WinGate server address (192.168.1.18). For example http://www.cbc.ca (Canadian Site) resolves the IP via regular DNS and it goes to the site directly (not through Wingate). For example http://www.usanetwork.com resolves to 192.168.1.18 and thus goes to WinGate Server. This WinGate Server is set up to accept "Web Server" requests (WWW Proxy Server Properties/Web Server Tab) and by default I set it up to PROXY the requests.

This all works GREAT except for one thing....... Most websites' web pages use other websites for various components. http://www.usanetwork.com for example does not play the video content if I only point that site to WinGate. I seems that site checks for the geo-location of the client PC using link.theplatform.com and if I also point this site to WinGate (in addition to http://www.usanetwork.com) I am able to play the content fine. The problem is that http://www.cbc.ca (which is a Canadian Site and is not sent to WinGate) ALSO uses this geo-location service (link.theplatform.com) and I if this traffic is send to WinGate the content on http://www.cbc.ca does not play.

Any ideas of how to overcome this issue would be appreciated.
beach40
 
Posts: 5
Joined: Jan 23 13 9:52 am

Re: Directing Some Sites Through a VPN Interface

Postby adrien » Jan 24 13 6:10 am

Hi

so as I understand it, the problem is that depending on which site you're looking at, requests to feed.theplatform.com need to either go via USA or direct.

This is actually possible if:

1. you set client to use proxy for everything.
2. you set WinGate policy up so that WinGate will only go out the VPN under the following circumstances:

a) e.g. if the Session.ServerIP.Country = "us"
b) if the site matches theplatform.com, then look in the referer headers to see what to do. E.g. maybe use a list, check Request.Headers.Get("Referer") against http://www.usanetwork.com/* and if it matches, use the VPN.

To get WinGate to specify usage of the VPN vs direct connection, WinGate would either need to be configured to use the proxy on the VPN, or specify a gateway that is the VPN connection. Either of these can be set in policy as well.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5201
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Directing Some Sites Through a VPN Interface

Postby beach40 » Jan 24 13 8:17 am

hmmmm - where do I begin... Thanks!!

I can set up the client to use the proxy for everything.

I understand that WinGate will handle the logic of sending the traffic through either the VPN interface or the regular Interface on that PC that is running WinGate. In my case the VPN is classified as External and Ethernet is Internal (According to the WinGate Management Console).

Where exactly do I configure the logic? I think it's in the Policy (within Control Panel) section? That is were I get stuck...and I don't understand the rest of your answer. :(

I think the session idea may work.... Say for example the show is at URL is www.usanetowrk.com/video/show.html . That page contains many other references to other webservers (ad servers, geo-location ones etc...). Is all the activity (sending and receiving all the data from the various servers) grouped within one http session? If so can I just treat that with one rule like "anything associated from the initial request of www.usanetwork.com send through the VPN interface and anything from www.cbc.ca reguest go through the regular Ethernet Interface?

Thanks
John
beach40
 
Posts: 5
Joined: Jan 23 13 9:52 am

Re: Directing Some Sites Through a VPN Interface

Postby adrien » Jan 24 13 11:06 am

Hi John

the policy would be attached to the ProxyRequest event for the WWW proxy, so it gets run any time a proxy request is made. So that's the where part.

As for the how, there are 2 parts.

1. Deciding which connection to use
2. Getting WinGate to use that connection

to answer the second question, I need to know how you use the VPN connection. Does it just use the VPN as a default gateway, or do you have some proxy settings that you use to access a proxy over the VPN?

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5201
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Directing Some Sites Through a VPN Interface

Postby beach40 » Jan 24 13 12:01 pm

Adrien

So I have one machine running WinGate (in Toronto Canada) and that machine is on my internal network with access to the internet through a standard NAT (I can surf from that machine if I want to). IP of this PC is 192.168.1.18. ALSO on that machine I have a VPN connection established to a VPN server in the USA - it's a standard VPN server in the USA and it is the default route out. So I have 2 source addresses - a Canadian one if I exit from regular 192.168.1.1 interface or a USA IP if I leave through the VPN gateway. There is no proxy that I use for the USA connection - it's just a VPN.

To test all this if for example I add a static route like route add 74.209.160.12 mask 255.255.255.255 192.168.1.1 I can go to that IP address (which is the IP of www.speedtest.net) through the 192.168.1.1 gateway and it shows an address from Canada. So I know I can access the Internet through both paths.

So in WinGate I went to the Management Console and in the Control Panel section I open the Services - I then open the WWW Proxy Server. In the Gateway Tab I have 2 Adapters - One VPN and One Ethernet. In the Connection Scheme drop down I am not sure which one to select - I assume I should select "Any Available"? Now I think should go to the Events TAB and do I Edit the Proxy Request Policy? There is one Policy that is a "Qbik policy system" and when I select it to edit it I get a fancy edit window with items to choose on the left pane etc... If I don't select the existing policy and just choose to ADD and event I can add : Lau Script, Javascript, Run Process and Send Email. This is where I get lost :( and your help wold be appreciated if I am in the correct place.

Thanks.
beach40
 
Posts: 5
Joined: Jan 23 13 9:52 am

Re: Directing Some Sites Through a VPN Interface

Postby beach40 » Mar 20 13 2:45 am

hmmmm - I was hoping for a reply to solve this issue. ???
beach40
 
Posts: 5
Joined: Jan 23 13 9:52 am

Re: Directing Some Sites Through a VPN Interface

Postby adrien » Mar 20 13 6:48 pm

Hi

easiest way to get this up and running is probably if we connect to your system remotely and work out the policy to do this.

We normally recommend Teamviewer for this or https://join.me

If you'd like to explore that option, send us an email at support@wingate.com and we can tee it up.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5201
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Directing Some Sites Through a VPN Interface

Postby beach40 » Mar 21 13 4:52 am

OK Thanks Adrien

I would like to make sure I have the correct version. Is the standard Proxy sufficient or do I need the professional one?

John
beach40
 
Posts: 5
Joined: Jan 23 13 9:52 am

Re: Directing Some Sites Through a VPN Interface

Postby adrien » Mar 21 13 10:31 pm

Hi John

I think the standard one should be sufficient

Adrien
adrien
Qbik Staff
 
Posts: 5201
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Directing Some Sites Through a VPN Interface

Postby J.Nehru » Oct 28 17 1:52 am

beach40 wrote:Hello
I have installed WinGate and am able to direct all traffic to my Wingate Server (192.168.1.18) and then direct that traffic through a VPN interface which goes to the USA (so I can watch USA video content from Canada). I set up the proxy settings in Windows 7 LAN settings on my client PC. All the HTTP traffic goes to WinGate and then to the VPN Interface and this is good. If I want to watch Canadian content then I have to de-select my proxy settings on my Windows 7 PC and select it for USA content.

Now I want to tweak the setup by sending only the USA VPN website traffic to Wingate and not any other site. The reason is that I want to watch both Canadian content and USA content without having to change settings. Here is what I did: I do not have any Proxy settings enabled in Windows 7. I did change the host file for the sites that I want to send to WinGate and instead of getting that address from the DNS it gets it from the host file and the address that I use is the WinGate server address (192.168.1.18). For example http://www.cbc.ca (Canadian Site) resolves the IP via regular DNS and it goes to the site directly (not through Wingate). For example http://www.usanetwork.com resolves to 192.168.1.18 and thus goes to WinGate Server. This WinGate Server is set up to accept "Web Server" requests (WWW Proxy Server Properties/Web Server Tab) and by default I set it up to PROXY the requests.

This all works GREAT except for one thing....... Most websites' web pages use other websites for various components. http://www.usanetwork.com for example does not play the video content if I only point that site to WinGate. I seems that site checks for the geo-location of the client PC using link.theplatform.com and if I also point this site to WinGate (in addition to http://www.usanetwork.com) I am able to play the content fine. The problem is that http://www.cbc.ca (which is a Canadian Site and is not sent to WinGate) ALSO uses this geo-location service (link.theplatform.com) and I if this traffic is send to WinGate the content on http://www.cbc.ca does not play.

Any ideas of how to overcome this issue would be appreciated.


It is not a big problem. I use a VPN that allows me to switch IP address when ever i wan. In your case you have to use two vpn service. it is called vpn into vpn phenomena. Or you can use the split tunneling feature that can bifurcate you USA and canada traffic.
J.Nehru
 
Posts: 2
Joined: Oct 28 17 1:40 am


Return to WinGate

Who is online

Users browsing this forum: Bing [Bot] and 2 guests

cron