WinGate Forums

[fatboymicrochip]

Hi there

Just downloaded and tested Wingate 6.1.1 for the purpose of being able to use UDP applications from a client and it works spot on!!

My setup was this...

Broadband through router

Wingate Server (192.168.1.2, full internet access, ENS enabled, no firewall)

Wingate Client (192.168.1.4, no internet access, full LAN access, WG client software pointing at server 192.168.1.2 / port 2080)

When I turn the Wingate client software off and use IE it doesn't work. When I turn it on, IE works no problem. I also tried Teamspeak (common UDP problems...) and it also worked when the client was turned on. Happy man!

However, I now need to be able to connect to the Wingate machine from a different network. Previously I established connectivity by doing this...

Home router. Port forward incoming TCP 5800 to 5800 on Home Machine (192.168.1.2).
Home machine. Free proxy software, SSH server. SSH server running on port 22. Proxy software mapping incoming TCP 5800 to localhost:22. Proxy software hosting SOCKS 5 server on 1080.
Work machine #1. Unchecked outbound port access on 5800 through company firewall onto internet, full LAN access.
Work machine #2. Crossover cable onto Work Machine #1.

#1 ran a piece of free proxy software and had the following setup...
TCP mapping from 127.0.0.1:5800 to MyRouter:5800

#2 ran a SSH client (PuTTY) and connected to #1 on port 5800 (which then made the connection through my router to the proxy then to the SSH server). The PuTTY client was set up to map local port 1080 to SSH server machine port 1080.

#2 also ran SocksCAP, pointing at 127.0.0.1:1080, SOCKS 5 and resolve DNS remotely.

Using this setup, when I ran a program through SocksCAP I was able to get it working properly. Browsers were not a problem. Games weren't a problem either (though they didn't use UDP).

However, Teamspeak absolutely refused to work under this setup. That's when I changed my whole setup to a Wingate one at home and tested it (as outlined at the start).

Any ideas (you Qbik Gods...) on what I need to do to get my WinGate client (the one on the crossover at work) to work against my Wingate server on my home machine? I've already tried exposing the Winsock Redirector Service on 5800 (so the router would be forwarding to it), mapping the 5800 port on Work Machine #1 as normal and pointing the WinGate client on the Work Machine #2 to use WorkMachine#1 / port 5800 as the server, but it didn't work. Surprise surprise :)

Help! I'm dying to throw cash at this as it's the only thing that's solved my UDP issues (in scenario 1!).

Cheers

[fatboymicrochip]

Just thought I'd also mention that I can see the WinGate server "seeing" the connection, it comes up as "WRP Control Session - iexplore.exe". But IE on the WGIC machine just gives me a normal "Page cannot be found".

[genie]

Just to clarify this a bit - what you want to do is to allow external machines to connect to your client machine behind Wingate - is that correct?

[fatboymicrochip]

Yes. I'll always know the IP of the machine(s) connecting so security isn't too much of an issue. The machines need to be connecting via WGIC and I think it's making the connection ok but maybe not allowing the clients access (to the internet etc) beyond the initial connection to the Winsock Redirection service. Just a guess though, I'm not too clued up on networking. What makes me think that is that I can see WinGate server accepting the connection, even showing the name of the application running on the client machine that is connecting, but the application (in my test case, internet explorer with no proxy info set) just responds like there's no internet connection.

Cheers
Ivan

[Roderick]

Hi Ivan,

Have you considered using Wingate VPN? From the description you have given, it sounds like a VPN connection would make your set-up simpler.

If you would like to try this set-up, this is what you need to do. Firstly set-up your VPN host. With the trial license you have, you should have access to VPN.

Install Wingate VPN on the remote PC (the PC in the office that you wish to access your server at home) and configure your connection. Please refer to this step-by-step guide to setting up VPN:

http://support.qbik.com/index.php?_a=kn ... _i=122&nav

Some important pointers you need to remember with Wingate VPN:

1) The private IP address range for the 2 LAN's (office and home) must be different to avoid routing issues.

Eg. Office LAN – 192.168.1.x
Home LAN – 192.168.2.x

2) Port 809 UDP and TCP must be opened and redirected on your router to your Wingate server. This only has to be done on the host end of the VPN connection. You may open up these ports on both routers if you wish both ends to be hosts and joiners. That way you could connect one way or the other.

3) If you have any firewalls on your OS, you may consider opening the above ports on it. Some firewalls such, as Zone Alarm is known to cause conflict with the Wingate VPN. I would suggest having them disabled if they cause any problems during the testing.

4) You will have to restructure your SSH mapping to channel through the VPN connection if the application is needed. If not, then the VPN connection should be secure enough for your connection.

5) You can use the 30-day trial license for the Wingate VPN software. It will allow you full access to all its functionalities.

Try this and let us know of any questions you might have. Looking forward to being of further assistance.

Best regards

[fatboymicrochip]

Hi Roderick

It's worth a shot! I have virtually no control over the available outbound ports on my company firewall other than those we have already managed to open in the past. These are just 2 outbound TCP ports, 5800 and 5900, that we used for VNC but now also use for SSH tunneling. Would this be sufficient for the VPN method to work? The client machines also need to work with UDP based programs, and until I came across WinGate 6 (and used the ENS feature) nothing quite worked.

So, if I have outbound access over 5800 / 5900 TCP and need UDP functionality on the client as well as TCP, do you think the Wingate VPN will work for me?

Thanks for your help. (Roderick + Genie :)

[Roderick]

Hi,

You can use any port you like but TCP and UDP must be open and redirected on the router at the VPN host. I would suggest that since you have control of your router at home, set that up as your host and open and redirect the ports you would like to use. It is just by default that Wingate uses 809 but not limited to it.

The VPN joiner does not have to open up any ports to make connection to the VPN host. Let us know if more information is required.

Best regards

[fatboymicrochip]

Cheers Roderick. I'll crack that can-o-worms open on Monday morning and see how it goes :) I'll post back to let you know the craic.

[fatboymicrochip]

Hi Roderick

I got the VPN up and going and the connection is established between the two machines, but I can't do anything. I've turned off all firewalls but can't ping any machine on the target network (eg, the wingate server or one of the other machines on that network) and I can't ping the vpn client machine from the wingate server. What should I be checking for here?

Cheers
Ivan

[genie]

As Roderick rightly pointed out, you have to make sure that on both sides routers are configured to allow both UDP and TCP traffic for VPN Port (809 by default) - not Wingate firewalls, but the routers.

[fatboymicrochip]

Yes, that seemed quite straightforward and has already been done on the router to push incoming tcp and udp traffic to the wingate server.

[fatboymicrochip]

Also, just to clarify, what my ultimate goal is to have a client machine running on a separate network to the wingate server, have some sort of connection established to the wingate server, and be able to run all manner of applications on the client machine which will be able to have transparent connectivity to the available bits'n'bobs the server machine has.

Eg, if I can run a browser program on the server machine and it can browse the internet, I want the client machine to access the internet through the server machine. If I run a UDP based program like skype on the client machine, it should be able to run as if it was trying to connect from the server machine.

I've had the UDP and TCP based programs working perfectly on a wingate server / wingate client setup where the client had just the WGIC installed and pointing at the wingate server. When I took the client machine to the external network and pointed the WGIC to a machine that had a TCP mapping on the relevant TCP port to the wingate server 'winsock redirector', it made the connection ok and showed activity in the gatekeeper application on the server, but the client programs just didn't work.

If it is the case that the wingate server doesn't allowed the WGIC to connect to it via mapped tcp ports, over an external network then the wingate vpn would do the job. If it does what I need it to that is, and connects properly.

However, I'd prefer if I could get the WGIC method to work as it worked when the machine was on the same network as the server, but didn't work when it was working via a mapped port. Also, fyi, the firewalls (wingate, router, client, server) were all turned off during these tests and connectivity was always conformed.

[fatboymicrochip]

Just a thought... our firewall is opened for outbound TCP access on 5800 and 5900. I don't think it's been explicitly setup to allow outbound UDP on those ports though. Is this the problem? Asking the IT department to do anything here is chargable and that single change would cost £200, if the cost to open up the TCP outbound ports is indicative of their general (highway robbery!) charging rates.

So, am I stuck if we don't get 5800 outbound UDP opened up?

[fatboymicrochip]

Just a yes or no to the "requiring UDP as an outbound requirement in addition to the outbound TCP"...

[Pascal]

Yup, WinGate VPN requires outbound UDP. The data channel is UDP based. However, you can configure which ports you want it to use.