A total newbie, where the heck do I start. ?
Moderator: Qbik Staff
5 posts
• Page 1 of 1
A total newbie, where the heck do I start. ?
by emin » Dec 03 04 1:32 pm
Like the title says, I'll taking the plunge into VPN land. I have downloaded the WinGate VPN software, installed it, now I'm looking for the client thingy to install in the second machine, where is this client part ? And whats after that ?
- emin
- Posts: 3
- Joined: Dec 03 04 1:26 pm
by Pascal » Dec 03 04 1:45 pm
Hi Emin,
The client software is the same package as the server one you just installed. The basic idea is this:
1. Install the software on the server and on the client machine
2. Create a VPN definition that will act as the server and export it's configuration
3. Import that configuration on the client.
4. Connect the two.
5. Adjust the configuration as required.
The best recommendation I can make for you would be to have a read through the the Guideline for setting up a VPN in our White Papers section. That gives a good, step by step overview of how to set it up.
The client software is the same package as the server one you just installed. The basic idea is this:
1. Install the software on the server and on the client machine
2. Create a VPN definition that will act as the server and export it's configuration
3. Import that configuration on the client.
4. Connect the two.
5. Adjust the configuration as required.
The best recommendation I can make for you would be to have a read through the the Guideline for setting up a VPN in our White Papers section. That gives a good, step by step overview of how to set it up.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
Setup guide is very infomative.
by emin » Dec 03 04 2:06 pm
Pascal, thanks for the quick reply. I have read the guide and cruised the forum topics and like previous post, for instance the export fucntion, I do not see this anywhere. As with the X509 tab, it does not exist and in reading more of the post I understand that this particular feature has been removed, so thats no problem there but the export fucntion has me stumped.
- emin
- Posts: 3
- Joined: Dec 03 04 1:26 pm
Export config question answered.
by emin » Dec 03 04 2:10 pm
Pascal, I found the export feature, so I've answered my own question. Silly me.
- emin
- Posts: 3
- Joined: Dec 03 04 1:26 pm
by Pascal » Dec 03 04 2:36 pm
Terminology
Firstly, just to set some terminology straight so I'm not confusing myself.
The VPN Server is a PC you have designated as the centre of the VPN. Networks that want to participate in the VPN will connect to this machine.
The VPN Client is a PC that connects to the VPN Server from a remote location.
The VPN Server can have client computers on it's local network. Those machines are not VPN Clients, but they are (can be) VPN participants. The same holds true for the VPN Client. It can have VPN participants behind it too. The term VPN Node is often applied to the VPN Server and the VPN Client.
To make it easier - see the VPN Server and the VPN Client(s) as 'routers' that connect the two networks together. They're basically just nodes in a bigger network.
Server setup
Generally, you want to make the server a machine that has a static IP. (Or has a Dynamic DNS System running on it)
Then, you want to create the basic VPN definition on it. This essentially comes down to identifying it by name, X509 Certificate, setting appropriate participation options (Local network, local machine only, etc.) and defining the appropriate permissions.
So:
1. Create the new VPN
2. Give it a name that is recognisable. Usually something like "Office Network", etc.
3. Create a certificate for it. The clients will use that information to validate that the server is who he says he is.
4. Setup permissions for the users that are allowed to connect to the VPN. (This is distinct from OS level access permissions to network resources - people commonly get these two confused)
Once you've defined the VPN you can export it's configuration. You do this from the main VPN Screen where you can see the list of "Hosted" VPNs.
The X509 tab has been replaced in Version 6.0 with a centralised Certificate manager. The process is still the same, except, now on the VPN to Host General tab you have a drop down that lists the available certificates and have a button to instigate the generation of a certificate.
Client setup
The VPN Client will connect in to the VPN Server. When you import the configuration, everything will be filled in for you. There are only a few basic decisions you need to make.
This involves how this Node participates in the VPN. (I.e. if it allows the client machines on it's network to take part, etc.)
It involves when the node joins the VPN. Normally, this is user instigated, although for some permanent connections this can be done when WinGate VPN starts up.
A few common problems
If the device connecting you to the network is a router or firewall it might be necessary to forward the appropriate ports to the VPN node. You will usually see this when the VPN is connected, but you cannot ping the internal IP addresses of any machine behind the VPN. In that case, you'll need to forward port 809 (Default) UDP for the VPN Data Channel.
If you can ping and browse the server, but not the remote VPN participants they do not know about the VPN. Somehow, you need to tell those machines that the VPN is available. Normally, the easiest way to do this is to use the VPN Node as their default gateway. Other ways include setting up static routes on the VPN participants, or allowing the VPN Node to broadcast RIP updates and having a RIP v 2 listener on the clients.
If you can ping and browse all the participants, but when copying files you get unexpected errors the problem is usually with the MTU. You will then need to do ping tests to determine what the maximum size packet is that can travel across the VPN link without fragmentation and then adjust the MTU to take that into account.
That's about it.
Firstly, just to set some terminology straight so I'm not confusing myself.
The VPN Server is a PC you have designated as the centre of the VPN. Networks that want to participate in the VPN will connect to this machine.
The VPN Client is a PC that connects to the VPN Server from a remote location.
The VPN Server can have client computers on it's local network. Those machines are not VPN Clients, but they are (can be) VPN participants. The same holds true for the VPN Client. It can have VPN participants behind it too. The term VPN Node is often applied to the VPN Server and the VPN Client.
To make it easier - see the VPN Server and the VPN Client(s) as 'routers' that connect the two networks together. They're basically just nodes in a bigger network.
Server setup
Generally, you want to make the server a machine that has a static IP. (Or has a Dynamic DNS System running on it)
Then, you want to create the basic VPN definition on it. This essentially comes down to identifying it by name, X509 Certificate, setting appropriate participation options (Local network, local machine only, etc.) and defining the appropriate permissions.
So:
1. Create the new VPN
2. Give it a name that is recognisable. Usually something like "Office Network", etc.
3. Create a certificate for it. The clients will use that information to validate that the server is who he says he is.
4. Setup permissions for the users that are allowed to connect to the VPN. (This is distinct from OS level access permissions to network resources - people commonly get these two confused)
Once you've defined the VPN you can export it's configuration. You do this from the main VPN Screen where you can see the list of "Hosted" VPNs.
The X509 tab has been replaced in Version 6.0 with a centralised Certificate manager. The process is still the same, except, now on the VPN to Host General tab you have a drop down that lists the available certificates and have a button to instigate the generation of a certificate.
Client setup
The VPN Client will connect in to the VPN Server. When you import the configuration, everything will be filled in for you. There are only a few basic decisions you need to make.
This involves how this Node participates in the VPN. (I.e. if it allows the client machines on it's network to take part, etc.)
It involves when the node joins the VPN. Normally, this is user instigated, although for some permanent connections this can be done when WinGate VPN starts up.
A few common problems
If the device connecting you to the network is a router or firewall it might be necessary to forward the appropriate ports to the VPN node. You will usually see this when the VPN is connected, but you cannot ping the internal IP addresses of any machine behind the VPN. In that case, you'll need to forward port 809 (Default) UDP for the VPN Data Channel.
If you can ping and browse the server, but not the remote VPN participants they do not know about the VPN. Somehow, you need to tell those machines that the VPN is available. Normally, the easiest way to do this is to use the VPN Node as their default gateway. Other ways include setting up static routes on the VPN participants, or allowing the VPN Node to broadcast RIP updates and having a RIP v 2 listener on the clients.
If you can ping and browse all the participants, but when copying files you get unexpected errors the problem is usually with the MTU. You will then need to do ping tests to determine what the maximum size packet is that can travel across the VPN link without fragmentation and then adjust the MTU to take that into account.
That's about it.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 195 guests