Hi,
I've got a Netgear router and several PC's and I want to connect to a similar setup elsewhere.
The Router is the gateway currently (or I would not get internet access) and all the machines use private ip addressing (Router NAT).
Trying to use this VPN and I can 'connect' to other network but cannot route traffic to it... I read on FAQ that u set the gateway to be the server but then I would not get internet traffic i.e. my LAN card would not know where to send data to, is it me ?
Must be something really simple I am missing to get the IP traffic routed through the VPN ?
Private IP Address ---> Router ---> Public IP ---> Router ---> Private IP (Diff range but same Sub).
If someone could point me in the right direction please ?
Simple but confusing
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by Pascal » Nov 14 04 10:42 am
WinGate VPN is a full VPN solution; not a 'simple software firewall'. I'm reasonably sure your firewall can do port forwarding, and maybe that's sufficient for your needs. Is that encrypted though? Or does it mean anybody connecting to port xyz on your public IP will be able to browse your network?
To setup a VPN you need a machine hosting the VPN and, from your remote network, another joining in to the VPN. Those two establish an encrypted connection and exchange information about the networks before establishing an encrypted data tunnel between them. They act as 'marshallers' for the network traffic across the encrypted VPN link.
It is for the connection to reach the machine that acts as 'arbiter' on the VPN that you need the port forwarding setup - so your router/firewall does not block the VPN traffic to the other machine.
Now, once those two machines have negotiated the encrypted connection - you need to be able to tell the machines on your network how to access the VPN. Otherwise, how do you expect them to be able to use it? So, that is why you need to tell the client machines that the VPN Endpoints (Marshallers / arbiters / hoster / joiner) is the gateway for the remote network.
In normal setups, the machine providing VPN functionality is also the internet gateway. Thus, setting the LAN client's default gateway to the VPN machine is the easiest solution.
However, your setup is not like that. So, you need to use one of the alternative methods. That can be to use RIP v 2; just install a listener on the client machines. The VPN Nodes broadcast RIP route updates, so your clients can catch those and are then able to participate in the VPN.
The second alternative is to setup a static route on each client machine to inform it that any traffic for the remote network should be route to the VPN machine. (Who will then encrypt and tunnel it to the remote network)
The document http://www.wingate.com/files/VPN_Setup_Guide.pdf gives you details on how to setup the VPN and highlights a few different scenarios.
http://www.wingate.com/files/routing_paper_letter.pdf details routing and will explain some of the concepts involved. (The "why" of having to tell the rest of the network how to reach the remote network)
Bear in mind, when you posted to the forum is was between 3 and 5 'o' clock on a Sunday morning. We will get back to you, but, contrary to popular belief, software developers are human and also need to sleep.
http://www.wingate.com/support.php gives you details on when we are online and available.
To setup a VPN you need a machine hosting the VPN and, from your remote network, another joining in to the VPN. Those two establish an encrypted connection and exchange information about the networks before establishing an encrypted data tunnel between them. They act as 'marshallers' for the network traffic across the encrypted VPN link.
It is for the connection to reach the machine that acts as 'arbiter' on the VPN that you need the port forwarding setup - so your router/firewall does not block the VPN traffic to the other machine.
Now, once those two machines have negotiated the encrypted connection - you need to be able to tell the machines on your network how to access the VPN. Otherwise, how do you expect them to be able to use it? So, that is why you need to tell the client machines that the VPN Endpoints (Marshallers / arbiters / hoster / joiner) is the gateway for the remote network.
In normal setups, the machine providing VPN functionality is also the internet gateway. Thus, setting the LAN client's default gateway to the VPN machine is the easiest solution.
However, your setup is not like that. So, you need to use one of the alternative methods. That can be to use RIP v 2; just install a listener on the client machines. The VPN Nodes broadcast RIP route updates, so your clients can catch those and are then able to participate in the VPN.
The second alternative is to setup a static route on each client machine to inform it that any traffic for the remote network should be route to the VPN machine. (Who will then encrypt and tunnel it to the remote network)
The document http://www.wingate.com/files/VPN_Setup_Guide.pdf gives you details on how to setup the VPN and highlights a few different scenarios.
http://www.wingate.com/files/routing_paper_letter.pdf details routing and will explain some of the concepts involved. (The "why" of having to tell the rest of the network how to reach the remote network)
Bear in mind, when you posted to the forum is was between 3 and 5 'o' clock on a Sunday morning. We will get back to you, but, contrary to popular belief, software developers are human and also need to sleep.
http://www.wingate.com/support.php gives you details on when we are online and available.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by adrien » Nov 14 04 5:20 pm
there are routing issues that you will experience with any VPN solution that sets up IP tunnels, where the tunnel points are not also the main gateway for a network.
Where WinGate VPN is simple, is in its own configuration and operation. Try setting up an IPSEC VPN using MS VPN products, or SonicWall or numerous others if you want an idea of how difficult people can make it to set up and use a VPN.
Unfortunately since we did not invent TCP/IP, nor Windows, there is only so much we can do about issues related to those systems. Turning on RIP (where available) on a network gateway is actually normally very simple and effective.
Where WinGate VPN is simple, is in its own configuration and operation. Try setting up an IPSEC VPN using MS VPN products, or SonicWall or numerous others if you want an idea of how difficult people can make it to set up and use a VPN.
Unfortunately since we did not invent TCP/IP, nor Windows, there is only so much we can do about issues related to those systems. Turning on RIP (where available) on a network gateway is actually normally very simple and effective.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 296 guests