I am trying to get our LAN to accept 2-3 remote users from around the state. Currently, I have six computers on the LAN behind a Linksys Router/Firewall/VPN Tunnel (they allow two simultaneous tunnels).
I think I still need some VPN Server/Client software since the L2TP connection through Win2k and XP needs to have a static IP, which I may not be able to provide from the remote users.
First, is wingate VPN my solution and if so, what's the overall cost?
Thanks,
Dave
A general scenario question
Moderator: Qbik Staff
10 posts
• Page 1 of 1
A general scenario question
by abudguy » Oct 16 04 1:03 am
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
by adrien » Oct 16 04 8:15 pm
Hi Dave
For your scenario you would need a single user license for each remote user, and a gateway license for your main LAN. Depending on how many of those 6 computers need to be accessible over the VPN influences how big a gateway license you would need.
Pricing is available from our pricing pages for VPN at http://www.wingate.com/pricing.php
Adrien
For your scenario you would need a single user license for each remote user, and a gateway license for your main LAN. Depending on how many of those 6 computers need to be accessible over the VPN influences how big a gateway license you would need.
Pricing is available from our pricing pages for VPN at http://www.wingate.com/pricing.php
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
More questions
by abudguy » Oct 20 04 5:22 am
Thanks for the help on the licensing, which helped a lot.
But for more questions:
Does the configuration of the the LAN being behind the Linksys BEFSX41 and having only one computer on the LAN be accessible to the VPN require anything special? I noticed a post that implied someone's computer had to NIC's to use Wingate VPN. This software doesn't require that, correct? I haven't played with the software enough yet to really fully understand the functionality of it.
But for more questions:
Does the configuration of the the LAN being behind the Linksys BEFSX41 and having only one computer on the LAN be accessible to the VPN require anything special? I noticed a post that implied someone's computer had to NIC's to use Wingate VPN. This software doesn't require that, correct? I haven't played with the software enough yet to really fully understand the functionality of it.
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
by Pascal » Oct 20 04 9:34 am
No you don't need two NICs. The VPN functions equally well if you only have, for example, a dial-up adapter, etc.
However, the important thing is that you need to have Microsoft Windows Networking started - and on certain operating systems it is not started if you only have a public interface. (Such as most dialup modems)
However, the important thing is that you need to have Microsoft Windows Networking started - and on certain operating systems it is not started if you only have a public interface. (Such as most dialup modems)
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by abudguy » Dec 11 04 9:26 am
A follow-up on licensing....
On the local LAN, I have 7 computers. There is only one computer on that LAN that needs to be accessed through the VPN, so if I understand the licensing correctly, I'd need the Gateway with the 3 User Lan, and a single license for each remote computer.
Now, the other 6 computers, will they still network the same in the Peer-to-Peer network, without requiring 2 NICs in the VPN Server machine?
I currently have the VPN connected with the remote computer (even though it's very slow), but now the local LAN computers can't view the Workgroup. I'm so confused on this setup now, between the speed issues and with the new network problems on the local LAN since I setup up the VPN.
On the local LAN, I have 7 computers. There is only one computer on that LAN that needs to be accessed through the VPN, so if I understand the licensing correctly, I'd need the Gateway with the 3 User Lan, and a single license for each remote computer.
Now, the other 6 computers, will they still network the same in the Peer-to-Peer network, without requiring 2 NICs in the VPN Server machine?
I currently have the VPN connected with the remote computer (even though it's very slow), but now the local LAN computers can't view the Workgroup. I'm so confused on this setup now, between the speed issues and with the new network problems on the local LAN since I setup up the VPN.
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
by Pascal » Dec 13 04 8:46 am
The licensing sounds about right. (The one computer is behind the WinGate Server, correct?)
As for the speed - you need to play around with the MTU values. The optimal value is determined by pinging across the tunnel using a non-fragmentable packet. As soon as the packet reports it needs to be fragmented, you need to use that size as your MTU for the optimal speed.
How is your VPN configured? Are you using the same subnet on both sides of the VPN? (That is generally discouraged, because you need to setup complex routing tables for it)
Secondly, check the adapter useage. It is possible that with only one adapter your single adapter is detected as external. If that's the case, your local network traffic might be firewalled. (Do you have another firewall device [hardware/software], apart from WinGate VPN?)
adrien wrote:basically, find out the MTU by using ping, then set your MTU to that value
As for the speed - you need to play around with the MTU values. The optimal value is determined by pinging across the tunnel using a non-fragmentable packet. As soon as the packet reports it needs to be fragmented, you need to use that size as your MTU for the optimal speed.
How is your VPN configured? Are you using the same subnet on both sides of the VPN? (That is generally discouraged, because you need to setup complex routing tables for it)
Secondly, check the adapter useage. It is possible that with only one adapter your single adapter is detected as external. If that's the case, your local network traffic might be firewalled. (Do you have another firewall device [hardware/software], apart from WinGate VPN?)
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by abudguy » Dec 14 04 3:43 am
Well, the computer that is actually hosting the VPN is the one that will need to be accessed.
Our network setup is: a peer-to-peer network connected through a central hub. The DSL line is connected directly to a port on the hub. There is one computer that we use mainly has file storage that needs to be accessed remotely. That is the computer I have the VPN being hosted on. At this time, there are no other computers that should have to be accessed remotely on our LAN.
As for MTU's, from the remote site, I couldn't ping anything over 1500 (which even failed at 1500). Locally, when I ping the remote computer, it can send packets over 1500 successfully.
As for the VPN setup, the subnets are different. I'm not sure what else you need to know for the configuration of the VPN. I have the correct port forwarding for my DSL router.
How do I check the adapter usage? I want to make sure that is setup correctly. I do have another firewall device, but that is currently disabled until I figure out the VPN issues.
Our network setup is: a peer-to-peer network connected through a central hub. The DSL line is connected directly to a port on the hub. There is one computer that we use mainly has file storage that needs to be accessed remotely. That is the computer I have the VPN being hosted on. At this time, there are no other computers that should have to be accessed remotely on our LAN.
As for MTU's, from the remote site, I couldn't ping anything over 1500 (which even failed at 1500). Locally, when I ping the remote computer, it can send packets over 1500 successfully.
As for the VPN setup, the subnets are different. I'm not sure what else you need to know for the configuration of the VPN. I have the correct port forwarding for my DSL router.
How do I check the adapter usage? I want to make sure that is setup correctly. I do have another firewall device, but that is currently disabled until I figure out the VPN issues.
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
by abudguy » Dec 14 04 5:57 am
Well, I disabled the VPN firewall to see all the local computers, but how does that affect the security over the VPN? If it is, how do I configure the local computers to see through the firewall?
I still have the problem with the speed of the connection over the VPN.
I still have the problem with the speed of the connection over the VPN.
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
by genie » Dec 14 04 2:06 pm
Hi,
When you said that you disabled VPN firewall, did you mean your router firewall or Wingate firewall?
As of the speed issues - what did ping reported as a RTT if you ping the other side with the biggest packets it could handle?
When you said that you disabled VPN firewall, did you mean your router firewall or Wingate firewall?
As of the speed issues - what did ping reported as a RTT if you ping the other side with the biggest packets it could handle?
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by abudguy » Dec 15 04 3:46 am
I've disabled the VPN Firewall. I'm not sure if this will cause much of a problem with security though, since I have a firewall on my DSL Router.
As for the RTT (round trip time?), it was an average of 106ms for 1500 bytes and 1664ms for 12,000 bytes (which is slightly slower than yesterday).
What should I have both machines MTU's set at?
Thanks for all the help,
Dave
As for the RTT (round trip time?), it was an average of 106ms for 1500 bytes and 1664ms for 12,000 bytes (which is slightly slower than yesterday).
What should I have both machines MTU's set at?
Thanks for all the help,
Dave
- abudguy
- Posts: 10
- Joined: Oct 16 04 12:54 am
- Location: Illinois
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 285 guests