WinGate Forums

[jono659]

Ok, I have 2 xp machines both behind ADSL 512k routers, the ports are forwarded on both (both have licences). the server with static ip has lan side of 172.x.x.x the client lan side is 198.x.x.x

Connects in a flash no problem at all tunnels done and everything seems hunky dory. First can only browse one or two of my shares and it takes a loooooooooooooong time. Then I sometime get to see the contemts of a share but other times it tells me I may not have the authority to use the network. When I do get to browse a share it takes an eon even if there is only one item in there.

Any help is good help :)

JonO

[adrien]

On your main network are you using a domain controller or Active Directory?

If so, the controllers need to have routes configured so that they know they can reach the other networks on the VPN. We find usually the Qbik RIP client is the easiest way to get this working, which you install on machines (other than the WinGate gateway) which you need to access the VPN.

All this is of course if the local winGate VPN gateway is not also the main internet gateway for your LAN, which I guess it won't be if you are only using a VPN license.

Otherwise, if you are using peer-peer networking with master browsers, then these machines need to be accessible over the VPN (which again requires all the routing to match up).

Adrien

[jono659]

On your main network are you using a domain controller or Active Directory?

If so, the controllers need to have routes configured so that they know they can reach the other networks on the VPN. We find usually the Qbik RIP client is the easiest way to get this working, which you install on machines (other than the WinGate gateway) which you need to access the VPN.

All this is of course if the local winGate VPN gateway is not also the main internet gateway for your LAN, which I guess it won't be if you are only using a VPN license.

Otherwise, if you are using peer-peer networking with master browsers, then these machines need to be accessible over the VPN (which again requires all the routing to match up).

I guess I use active directory (although it is a guess)Please be aware that apart from setting up local networks on the lans I am new to this. So, "Controllers" which controllers do you mean, I did try the rip 2 clients but have tried so many things now, my internet gateway is my router in both cases, is this what you meant? you mention master browsers, once agin, dont have a clue what this means, I guess I need help with the routing part.

I must say that although there is help available, a step by step idiot guide in plain english might clear up some of the recurring questions from dumbos like me who are trying to learn as they go.

JonO

BTW my work router is running rip1 should I change it to rip2?

[adrien]

OK, that's what I meant.

Yes, your router/main network gateway is the machine that all your LAN machines will be pointing to for access to anywhere that they don't specifically have a route for.

WinGate sends RIP2 broacasts (RIP1 didn't support subnets) so that is the version you need to enable on your router. It should then learn your VPN routes from WinGate VPN, and forward packets from your LAN machines to the VPN gateway to get out onto the VPN.

We do have a white paper on routing which kinda explains a few key principles which can help.

Master Browser is a service that runs on a machine on your LAN which maintains a list of all the computers on your network, and is used by browser clients (such as network neighbourhood) to provide network browsing services. The machine that acts as the master browser is decided by an election, where any machine capable of being a master browser sends out a packet stating its capabilities, and the one with the highest capability wins. This is based on OS, level, and whether certain services are running, for instance a Win2k Pro machine will score higher than a win98 machine, and a Win2k Server machine will score higher than a Win2k Pro machine.

Adrien

[jono659]

Am thinking of de-installing and starting afresh, here is the full rundown on where i am up to.

To simplify I have set my work machine for peer to peer only and likewise home this is vpn standalone latest version on both machines.

Work machine is win xp pro latest SP and updates, lan IP is 192.168.22.12, router is zyxel prestige 512k adsl, port 809 (assuming all as no option for tcp or udp) forwarded to the work machine the router is on 192.168.22.1. RIP 2B is enabled on the router. (2M is an option) this is a dynamic ip but this is the client.

Home machine win xp pro lastest sp and updates lan ip is 192.168.21.7, router is a telefonica rebrand udp and tcp 809 forwarded to the home machine router is on 192.168.21.1 (the masks for both machines is 255.255.255.0) there is no option to enable rip on this router. This is a static ip and acts as server.

Gatekeeper says work machine (babybird see picture) is in stasis but the remote machine (enko) is active, states enko is not accessible but can scan the shares (although very slow)




any clues?


incidentally if i run the static ip of the server from start>run i can connect via xp vpn

[adrien]

Hi

You only need to open port 809 on the router that leads to the machine you are connecting to - i.e. the WinGate VPN server end.

Also, I think the RIP2 B might be B for broadcast.

There are generally 2 options, sending and listening, all sends are broadcasts, you need the router to be listening to the broadcasts that WinGate VPN sends. so maybe try the M option instead.

The tunnel in stasis is a problem though. Normally that stops tunnels working altogether.

So if you only want to connect 2 machines, you may be better swapping the client and the server, if you have no RIP option on the client end. Actually you only need RIP so that machines on that LAN can use the VPN.

[jono659]

Tried that but after a couple mins the host became unreachable, changed back to 2B and it is reachable again.

Both tunnells now active :O

[jono659]

K, The server now appears in workgroup, i can see the shared folders but if i try and browse one it takes a few mins then says you may not have authority etc, problem is it doesnt ALWAYS say that! Gatekeeper still says Server is not accessible. I also notice in gatekeeper (see pic) that there are 2 ip addresses, is this correct?

Gonna go read the white papers see if I can find anything in there (rtfi) ;)

[adrien]

Ah

I figure the B must be broadcast and the M is for multicast - RIP 2 has 2 options, either use broadcast UDP or multicast.

So yep, you would need B.

[jono659]

Well I have followed all the hints and tips I can find in this whole forum, as you can see from pic 1 everything seems to be in order



however when i try to browse a share there is some initial network activiity which soon stops then after about 2 mins I get this



I can ping the remote using its lan address or name and it appears in my workgroup.

Anybody have even a clue?

[erwin]

Hi Jono

Something else to check:

What permissions have been set for the shares you are trying to access?
I ask this because WinGate VPN essentially extends your network and so when trying to open the share, access will be silently checked against the account details that you logged on to the Windows machine you are connecting from. (As is usual for MS workgroup networking.)

Hence you will need to have a user account with the same details set up on the Enko machine and give this user permissions to access the share.

As an example: you log in as Dave with the password abc123 on the Mirabelle PC and connect to Enko via WinGate VPN. Enko should have been configured with a user called Dave (password abc123) and Dave should have permission to acccess the share.

WinGate VPN does not handle any share access authentication.
The only time WinGate handles any authentication happens is with the creation and access to the WinGate VPN tunnel as per the User details that were configured when you created and exported the VPN file from the host.

Just some food for thought.

Regards
Erwin

[jono659]

have set a new account at home will check when i go today 9 am GMT


JonO

[jono659]

Noted in the vpn logs today that this happens every minute

02/18/04 10:48:30 VPN Error: Connection from '192.168.22.12' failed. A request to connect to (babybird) was received. It is not hosted by this server.

according to this babybird is trying to connect to itself !

[jono659]

In desperation I have uninstalled everything with a view to reinstalling and starting again, in the interim i downlaoded pcanywhere trial and had it running flawlessly in 10 minutes. Deep sigh.

[jono659]

KK, normally I keep at things til I get em right, but had it I'm afraid. After spending 199 $US and 49$US for respective licences I finally gave up and installed the XP VPN. Not griping, I must admit, on the way I have learned a great deal and wish Wingate VPN no harm but the pressure of my company to get the vPN up was paramount. For the future (only in my humble opinion) A concise and full installaion tutorial would, I am sure benefit both the the product and the users of Wingate as ease of installation is of essence if people trialling Wingate VPN are to purchase. I will spend a while in the near future playing with the product as I dont like to be beaten, when I finally do crack it I WILL come back here and post a tutorial from the standpoint of a VPN amatuer.

Good luck

JonO

[adrien]

Noted in the vpn logs today that this happens every minute

02/18/04 10:48:30 VPN Error: Connection from '192.168.22.12' failed. A request to connect to (babybird) was received. It is not hosted by this server.

according to this babybird is trying to connect to itself !

This must be a configuration issue. If you could send me the WinGate registry on the two VPN nodes, I will have a look and see why it is trying to connect to itself.

In general, one node runs as a host, and the other as a joiner. Only the joiner should be trying to connect to anything, and that should be the hoster.

Adrien

[adrien]

One more thing.

If you can ping these machines across the VPN, that means basically the VPN is working - all it really does is transport packets back and forth.

If you then can't get networking working, that implies then that there is a problem with the network configuration on one or other of the XP machines.

Are these machines both using the client for Microsoft Windows (in the network properties). XP supports various different network configurations, make sure you aren't trying to use for instance the Microsoft client for home networks (I think it is called that).

Adrien

[jono659]

Yep, can ping by both name and local ip with good times also tracert shows just the one hop (as i assume it should). will check the other stuff today. The confusion i am having is that if it is a networking problem why does the xp vpn work correctly? It's all a bit confusing for me but I am sure I am very close. Not sure what you mean by the wingate registry could you clarify. Thanks,

JonO

[Pascal]

confusing for me but I am sure I am very close. Not sure what you mean by the wingate registry could you clarify. Thanks,

In RegEdit, if you navigate to HKEY_LOCAL_MACHINE \ Software \ Qbik Software \ WinGate that is the registry key for WinGate itself. If you delve a bit deeper, and navigate down to VPN - that is the VPN configuration. Adrien is interested in that portion of the registry (Although all of it would be good too).

So, if you can export that section and email it to Adrien (Address listed in profile) then we can take a look at it.

[adrien]

Ah

One thing that comes to mind is MTU. If your ADSL connections use PPPoE, then there will be a reduction in the biggest packet that can be sent due to the packet overhead of the PPPoE frames.

The effect of MTU problems can mean that some things appear to work, but then fail randomly, since only packets above a certain size will have a problem with transmission.

You can test this with ping to see the biggest packet you can send over the VPN and to test whether MTUs are correct and packets are being fragmented correctly. To do this, you ping a machine over the VPN with the -l flag set and the length of the ping. E.g.

ping 192.168.1.1 -l 1412

Normally the packet overhead of the VPN tunnel is about 60 bytes so the biggest ping payload you can send before fragmentation is about 1500 - 28 (ICMP and IP header) - 60 (VPN header) = 1412

If bigger pings fail, then you know that "full" packets are not being transmitted correctly.

[jono659]

Adrian you are a star mate, after weeks of messing tried the ping it failed, tried 1350 it worked got Dr. TCP lowered the mtu to 1350 and everything is PERFECT!!

Off to spread the news, Thanks very much for your time and patience


JonO

[caren103]

"after weeks of messing tried the ping it failed, tried 1350 it worked got Dr. TCP lowered the mtu to 1350 and everything is PERFECT!!"

Please, what is the mtu?

How and where do you lower it in WIN98SE? Or do you lower it at the DSL modem config utility?

Thanks

[jono659]

MTU is the Maximum Transmission Unit

If you go to http://www.dslreports.com/drtcp download Dr TCP, (only 50k and FREE!) run it, you will see this


In the bottom right hand window enter 1350 save exit and reboot

thats it set

[caren103]

Thanks, I'll check it!

Only, a question, you have modyfied the MTU of the two computers connected?

Or only the one with an ADSL connection?

( I ask it because one of my computers is connected to the Internet by cable ).

[jono659]

Actually both my machines are adsl, but only changed the mtu on this one (the remote)

Regards

JonO

[alexr]

How come, using DrTCP, no MTU shows on any adapter?

Could MTU have something to do with my MSN Messenger logging on and off all the time? Or is there another remedy for this?

[jono659]

There is no MTU in the box as standard, enter the max MTU you can ping in the box (I used 1350) reboot and off ya go

JonO

[azizercan]

Dear Sir

I'have been testing wingate for a long time
Ihave installed the system to many computers and stil testing.
But I have some difficulties. I think your solution is acceptable for me too.
But first I want to tell my problem.
I m using two computers with winxp sp1.
Wingate vpn installed on both computers. I also use Dyn ip for ip finding. Because our telecom does not support static ip. The problem is that.
When I connect to server pc there is no problem. Connection is fine. Tunels are fine. I can even see computers back side of the nat also.
But when I try to browse files there is a problem. If the client computer is win98 based then there is no problem. But if its win xp I can not browse the directories if there are so many files or directories inside it. Also I can not copy anything from server. What would be the problem. An other problem is about Mapping. I map the shared folders with "net use" command but if some thing goes wrong and file transfer stops all the system stops. How can I fix this problems. I m waiting your helps. Thanks.
Note: Both two connections are ADSL. Both two side use paradigm ADSL router. I set up port forwarding. No problem about this. I also configure route tables for network computers access. they are all pingable and accessable.