WinGate Forums

[RoninMoto]

I have installed the VPN Version 2.0.3 Build (1005). It seems the help files included with this version are for an older version. The knowledge base seems to be out of date as well. This is not very helpful to some one that is trying to get this product up and running. But I am not here to complain, I am looking to get some help.

Here is my situation: I have two independent LAN's and I need to be able to share a drive on one LAN to the other. The best solution I could come up with is the Wingate product that was in the right price range. I have installed the server software on both sides and each machine runs on a static IP address, I have opened port 809 on each Linksys router to allow the traffic to go both ways. I setup the Server on the one side and I setup to Join from the other. But I am not able to connect. The help files refer to a client software but I have looked in the directory and have not found any, so I assume that I must use the same install file as I did for the server.

How do I get these things connected? Some help from Wingate would be nice. It would be even better if they made some kind of little tutorial and gave some screen shots. If I can get this to work, I would be more then happy to write a tutorial for them. I have written many tech manuals and I know there is an easier way to do this. I have included my wingate report so you can gather any info you may need from it. Thanks

(This is from the server side)

1.01 WINGATE CONFIGURATION REPORT

1.02 Monday, December 13, 2004, 15:03

1.03

1.04 ---------------------------------------------

1.05 WinGate Engine

1.06 ---------------------------------------------

1.07 WinGate 6.0.3 (Build 1005)

1.08 Operating System: Windows 2000 (NT 5.1)

1.09 Language: ENU

1.10 User database: NT

1.11 Num. users: 7

1.12

1.13

3.01 ---------------------------------------------

3.02 License details

3.03 ---------------------------------------------

3.04 License Key 1

3.05 Version: WinGate VPN 2

3.06 Expiry: 13/Jan/2005

3.07

4.01 ---------------------------------------------

4.02 Dialer information

4.03 ---------------------------------------------

4.04 Dialer is disabled

4.05

5.01 ---------------------------------------------

5.02 Network Interfaces

5.03 ---------------------------------------------

5.04 Local Area Connection (Ethernet) internal

5.05 MS TCP Loopback interface (Loopback)

5.06

6.01 ---------------------------------------------

6.02 Services

6.03 ---------------------------------------------

6.04

6.05 System Policies

6.06 ---------------------------------------------

6.07 Default System Access Rights:

6.08 Everyone - Unrestricted rights

6.09 Default Start/Stop Rights:

6.10 Administrators - Unrestricted rights

6.11 Default Edit Rights:

6.12 Administrators - Unrestricted rights

6.13

6.14 DHCP Service (DHCP Service)

6.15 ---------------------------------------------

6.16 Session Timeout: 60

6.17 Port: 67

6.18 Startup: Automatic start/stop

6.19 Access Rights: Defaults: may be used instead

6.20 Everyone - Unrestricted rights

6.21 Start/Stop Rights: Defaults: may be used instead

6.22 Edit Rights: Defaults: may be used instead

6.23

6.24 DNS Service (DNS Service)

6.25 ---------------------------------------------

6.26 Session Timeout: 60

6.27 Port: 53

6.28 Startup: Automatic start/stop

6.29 Access Rights: Defaults: may be used instead

6.30 Start/Stop Rights: Defaults: may be used instead

6.31 Edit Rights: Defaults: may be used instead

6.32

6.33 Remote Control Service (Remote Control Service)

6.34 ---------------------------------------------

6.35 Session Timeout: 60

6.36 Port: 808

6.37 Startup: Automatic start/stop

6.38 Access Rights: Defaults: may be used instead

6.39 Start/Stop Rights: Defaults: may be used instead

6.40 Edit Rights: Defaults: may be used instead

6.41

7.01 ---------------------------------------------

7.02 System Route Table

7.03 ---------------------------------------------

7.04 Current Route Table:

7.05 ---------------------------------------------

7.06 Network Mask Gateway Interface Metric

7.07 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20

7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

7.09 192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20

7.10 192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20

7.11 192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20

7.12 224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20

7.13 255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1

7.14

8.01 ---------------------------------------------

8.02 Enhanced Network Support

8.03 ---------------------------------------------

8.04 Enhanced Network Support: Qbik NDIS Hook 6.0 - Installed and active

8.05 Driver: Enabled

8.06 NAT: Disabled

8.07 Router: Enabled

8.08 Firewall level: Medium

8.09

8.10 Firewall

8.11 ---------------------------------------------

8.12 Disable network name broadcasts to the Internet: Enabled

8.13 Allow users to ping this machine locally: Enabled

8.14 Allow users to ping this machine from the Internet: Disabled

8.15 Discard spoofed packets: Enabled

8.16

8.17 Routing

8.18 ---------------------------------------------

8.19 Multiple default routes: Enabled

8.20 Relay UDP broadcast packets: Enabled

8.100

8.101 Port Security

8.102 ---------------------------------------------

8.103

8.104 Security for: External TCP

8.105 Action: Allow Port: 113 - AUTH

8.106 Action: Allow Port: 809 - Hole for VPN (Control)

8.107 Action: Allow Port: 1024 - 4096 - External

8.108

8.109 Security for: External UDP

8.110 Action: Allow Port: 809 - Hole for VPN (Data)

8.111 Action: Allow Port: 1024 - 4096 - External

8.112

8.113 Security for: Internal TCP

8.114

8.115 Security for: Internal UDP

8.116 Action: Allow Port: 53 - Hole for DNS Service (Auto)

8.117 Action: Allow Port: 67 - Hole for DHCP Service (Auto)

8.118

8.119 Security for: NAT TCP

8.120

8.121 Security for: NAT UDP

8.122

8.123 Security for: DMZ TCP

8.124

8.125 Security for: DMZ UDP

8.126

8.127 Security for: (unknown)

8.128

8.129 Security for: (unknown)

8.500

9.01 ---------------------------------------------

9.02 END OF CONFIGURATION REPORT

[Pascal]

Here is my situation: I have two independent LAN's and I need to be able to share a drive on one LAN to the other. The best solution I could come up with is the Wingate product that was in the right price range. I have installed the server software on both sides and each machine runs on a static IP address, I have opened port 809 on each Linksys router to allow the traffic to go both ways. I setup the Server on the one side and I setup to Join from the other. But I am not able to connect. The help files refer to a client software but I have looked in the directory and have not found any, so I assume that I must use the same install file as I did for the server.

The client is the same software package. What error message is it giving you when you attempt to connect? Is it the connection to the remote VPN that is failing? Or is it network traffic across the VPN that is failing?


http://www.wingate.com/files/VPN_Setup_Guide.pdf
Gives you an overview. It incorrectly references the X509 Certificate Tab, because this has been superceded by the "Certificate Manager" but the same principle applies. (You now have a button to click)

http://forums.qbik.com/viewtopic.php?t=3194
Gives you a brief overview and gives a correct explanation for the certificate generation process.

[Pascal]

Did those articles help? Have you managed to get it working?

[RoninMoto]

Sorry for the delay, I had to leave town.

I looked at the links you sent me and tried it out step by step, but still have not gotten anywhere on it. I think the problem is where I have to generate the key. I am not sure if I am doing it correctly and no documentation is not helping.

On the server side I created a key, which I called VMM. When I go to view the details of the key or try to generate a key it say no certificate. When I go to make a new one, it says requesting a key, but never completes. Also am I suppose to put the IP address of the client in there or the IP of this server. Your prevoius documentation does not make it clear enough to understand. Also I see no way to export this key so i can load it on the client side. I also see no way to load a key on the client side.

On the client side all it ever says is connection timed out. So I can not get it to go anywhere. The 809 port is open for TCP/IP and UDP with forwarding in place on both ends. So routing so not be the issue. I really think it has something to do with the certificate but not enough info exists to reslove. Do you think you could provide some step by step instructions, It would be very helpful.

Ronin

Ps. Moto (AT) asolution.us

[Pascal]

On the server side I created a key, which I called VMM. When I go to view the details of the key or try to generate a key it say no certificate. When I go to make a new one, it says requesting a key, but never completes.

Key? Are you talking about a license key?

Also am I suppose to put the IP address of the client in there or the IP of this server. Your prevoius documentation does not make it clear enough to understand. Also I see no way to export this key so i can load it on the client side. I also see no way to load a key on the client side.

When you go into the VPN Configuration - and switch to the VPN to Host tab there is a button labelled "Export". That is used to export the configuration on the server side.

When you go into the VPN Configuration - and switch to the VPN to Join tab there is a button labelled "Import". That is used to import the configuration on the client side.

The link to the forum post gives you a step-by-step, simplified guide to setting it up.

[RoninMoto]

No I have already gotten a 30 day key from win gate. The key I am refering to is the certificate key required to run the VPN. Also when I have the Gatekeeper software open in front of me, I have the VPN hosted / VPN to Join setup tab in front of me and there is NO export button located anywhere in any menu of this application. I think I am starting to lose my mind here.

Also on the client side, how do you delete a joined VPn from the list? There is no Right mouse menu or drop down menu anywhere and pressing "delete" on the keyboard does nothing either. Any ideas?

[Pascal]

Double-click the "General" button in the left-hand pane.

[Pascal]

If you are trialing WinGate VPN (No WinGate functionality):

Exporting a VPN Server Configuration
1. Double click "General" under the "Miscellaneous" heading on the left hand list.
2. Switch to "VPN to Host" (Where you setup the server) on the left hand list that just opened.
3. Look on the right-hand panel - inbetween the "Properties" and "Remove" buttons (Where you can remove the VPN you have configured) you will see the "Export Config" button.
4. The button is disabled until you select a VPN from the list above the button.


Importing a VPN Client Configuration
1. Double click "General" under the "Miscellaneous" heading on the left hand list.
2. Switch to "VPN to Join" on the left hand list that just opened.
3. Look on the right hand panel, inbetween "Properties" and the "Remove" button (Where you can remove the client VPN you have configured) you will see the "Import Config" button.
4. The button is always enabled, you don't have to select anything. Just click it.

Creating a certificate
1. When you are seeing the VPN Server you have configured - the window title will be "VPNs to Host". There will be two tabs on the window, one is "General". The other is "Policies". Switch to the "General" tab.

2. On the general tab, there is a "Name", "Description", "Certificate", "Encryption schema" and "Local Participation" headings. Next to the "Certificate" one there is drop-down combo that shows the certificates you have already created. If the list is empty you can click the "Generate" button next to the drop-down combo to create the VPN.

If you are trialing WinGate:

Everything remains the same, except you do not click the entry labelled "General". You double click the entry labelled "VPN".

I hope that makes things clearer and will help you find the appropriate screens.

[RoninMoto]

UPDATE: Ok i found the export button. It is under the Miscellanous folder that is marked VPN. From there I was able to export the cert and then import it to the client side. I also noticed that you can remove theVPN from there as well. However, it still will not connect. I get the same error that the connection has timed out.

Any ideas.

Ps, the links you supplied refer to the old program and they lack a lot of data as to the menu setups and where things are located. I also found that they do not educate as to what is happening within the program. I have written manuals and underdstand thsat nothing can be assumed, which these links do. Again, I am not knocking the product, just the help section needs to be improved.

Cheers

[Pascal]

If you are not able to connect - it most likely means that either:

(a) the wrong port is in use on the client side (trying to connect to the wrong port)
(b) you are connecting to the wrong ip-address (it should be the server's external ip address)
(c) the traffic is not routed through to the VPN server properly
(d) the VPN server is not listening on the correct port

Try running a "netstat -an" from the command line on the VPN Server. You should see something like:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:809 0.0.0.0:0 LISTENING
TCP 127.0.0.1:25 0.0.0.0:0 LISTENING
TCP 127.0.0.1:80 0.0.0.0:0 LISTENING
TCP 127.0.0.1:808 0.0.0.0:0 LISTENING

The bold entry indicates that the VPN on this machine is listening on the correct port. You should make sure that yours is (a) listening and (b) on the port the client is attempting to connect to.

[RoninMoto]

A - As far as I know I have the same port setup 809 for the client side
B - I am connecting to the correct Public IP address
C - I do not know how to check this, how can I tell if the traffic is being routed correctly through the server?

D - here is my Netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:809 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4900 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5101 0.0.0.0:0 LISTENING
TCP 127.0.0.1:808 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1035 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
TCP 192.168.1.4:139 0.0.0.0:0 LISTENING

[Pascal]

Ps, the links you supplied refer to the old program and they lack a lot of data as to the menu setups and where things are located. I also found that they do not educate as to what is happening within the program. I have written manuals and underdstand thsat nothing can be assumed, which these links do. Again, I am not knocking the product, just the help section needs to be improved.

The PDF does refer to the old program, but the concepts and layout is the same except for the Certificate generation process, as the forum post indicated.

Gives you an overview. It incorrectly references the X509 Certificate Tab, because this has been superceded by the "Certificate Manager" but the same principle applies. (You now have a button to click)

The X509 tab has been replaced in Version 6.0 with a centralised Certificate manager. The process is still the same, except, now on the VPN to Host General tab you have a drop down that lists the available certificates and have a button to instigate the generation of a certificate.

We do have a new subset of VPN documentation for the new 6.0.4 release and the white-paper article is being converted into a help file as well. This documentation is not currently publically available however as it's going through our review process.

With the release of WinGate 6 though we are making assumptions about our user-base. The target market for the software is evolving, much like the software is. That is why we have alternative and free resources, like the forums, where people can ask questions and get quick, informed responses.

Your suggestions will be taken onboard though.

[Pascal]

C - I do not know how to check this, how can I tell if the traffic is being routed correctly through the server?

Netstat looks fine. Your easiest option here might be to go into "Extended Networking" on the left-hand pane. When the Extended Networking Dialog opens up, you will see an option labelled "Port Security" on the left hand pane. Select that option.

The right hand pane should show an entry called "Hole for VPN (Control)". If you double click that you can edit it. In the options section there is a checkbox called "Notify on access". If that option is ticked you will see firewall entries when the traffic arrives at the WinGate machine.

Secondly, make sure that the router is forwarding to the correct port as well.