Confused about multiple NICs

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Confused about multiple NICs

Postby marklp » Jun 26 17 9:28 am

Hi there.

I am currently trialling Wingate 9 running in a Microsoft Azure virtual network environment.

I have two subnets - internal (subnet 172.16.0.0/24) which has two AD Domain Controllers (DC1 and DC2) and another server (PROXY1), running Wingate.

I have configured a site-to-site VPN, so that I am connected to the Azure virtual network via VPN. All works well - it all works as expected.

I also have Wingate running on the server PROXY1 and my client PCs have their proxy server setting set to point at PROXY1. This works as expected too.

However, I've read a lot about segregating subnets in Azure so that the internal network is separated from internet facing stuff. To that end, I've created a second subnet (172.16.200.0/24) and have added a second NIC to PROXY1 using this subnet. I have added a route on PROXY1 (add route -p 0.0.0.0 MASK 0.0.0.0 172.16.200.0 IF 2) so that the new NIC has a default gateway for internet traffic. I can ping the internet using both NICs.

I have set Wingate so that the NIC on subnet 172.16.0.0/24 is INTERNAL and the NIC on 172.16.200.0/24 is EXTERNAL.

I assumed that Wingate would therefore expect to receive requests from clients on the INTERNAL NIC, and would use the EXTERNAL NIC to go out to the internet.

However, when I add a rule in to the Network Security Group (firewall in Azure) on the internal 172.16.0.0 subnet to deny outgoing internet traffic, Wingate stops functioning. The Wingate activity monitor still shows the request coming in from the client PCs, but I don't see the acknowledgement "HTTP/1.1 200 Connection Established". As soon as I allow outgoing internet traffic on the internal subnet, everything starts working again.

Am I doing this all wrong? Is there a need to have two separate subnets? Is there something in the Wingate configuration I have forgotten about/missed?
marklp
 
Posts: 2
Joined: Jun 26 17 8:56 am

Re: Confused about multiple NICs

Postby adrien » Jul 05 17 10:20 am

Hi

Do you still have a default gateway set on the internal adapter as well as the external one?

You may need to remove the default gateway for the internal adapter, and replace it with whatever routes are required to send response packets back to the clients (if they aren't on the same network).

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 35 guests