WinGate Forums

[John Dawson]

I am curently evaluating Wingate VPN by attempting to set up a connection between my home PC and an office network.

The office network has a domain controller running NT 4 Server, which I have set up as a VPN host. The network is connected to the internet by ADSL via a NAT router.

My home PC has Windows XP Home as primary OS, but can be booted with Windows 98SE. It is connected to the internet via a cable modem.

I have managed to establish a VPN tunnel between my home PC and the office network, and can see a list of PCs on the network including the domain controller. However all the PCs on the remote network are shown as inaccessible. I suspect this has something to do with the fact that my home PC is not logged into the NT domain.

I am not sure how to proceed now. Since as I understand it you cannot log into an NT domain with XP Home I am wondering if Windows 98 would
prove a more profitable route.

Any advice gratefully received!

[jono659]

Have you set up a user in VPN gatekeeper to match the signin name of the remote,

Just a thought

[John Dawson]

Thanks for the suggestion.

I had already set up the Wingate username and password at both the server and client ends to match a user valid for the NT domain.

[Pascal]

Hi,

If the computers are shown as not accessible it is most likely a problem with the routing from one subnet to the other. You need to tell the client machines how to access the remote subnet. (As it is on a different IP range, usually private)

This can be done in three ways, which requires a bit of setup on the client PCs. (And needs to be done on BOTH ends of the VPN where you have machines BEHIND the VPN Node)

1. Point the machine's default gateway to the VPN machine
2. Set a static route to point all traffic for the remote subnet through the VPN machine
3. Install the RIP v 2 client on the machines BEHIND the VPN machine

Have you done any of those three setup steps at your office ?

[John Dawson]

Thanks for the information. However I am still struggling to understand how routing works.

I don't think option 1 will work for me since I have an IP address dynamically assigned by my ISP, and it does npt appear possible to change default gateway unless you have a static IP address.

I don't know how to go about setting up a static route (option 2). I've found the Customise Routes dialogue (which seems a bit of a misnomer as all it allows you to do is disable certain routes). What I don't understand yet is how the routes listed there get set up, which presumably is the key to the matter.

I don't think option 3 is relevant, since at present all I am interested in is access to the VPN host on the remote network, and not to other computers on that network.

Any pointers to how to proceed next would be gratefully received.

John

[Pascal]

Ah. Then I misunderstood you, sorry. I read "all the PCs on the remote network are shown as inaccessible" to mean you wanted access to them.

If that's not required, then your problem is with the tunnel. You indicate that the Office Network is behind a NAT router. On that router you need to point all traffic on the VPN ports (defaults to port 809 for TCP AND UDP) to the VPN Server. Otherwise it is possible the router will be blocking traffic for the tunnel.

All three options I suggested applied to accessing machines behind the VPN. So you'd normally point the static route to the internal IP (LAN) of the appropriate VPN node. The custom routes come from the operating system, and yes, you don't add routes there, but simply en/disable the normal routes. Any routes you add to the operating system will be shown there.

Let me know how you get on

[John Dawson]

I tried setting some static routes, not sure if I was doing it correctly. The VPN host computer on the remote network was then displayed blue, but I still could not browse it.

Can you answer the following questions.

1) Given that my home PC has IP address 81.110.67.37 (assigned by ISP), the VPN host on the remote network has static IP address 192.168.115 and the router which connects it to the internet has IP address 212.158.249.27, what routes are required for my PC to be able to access the VPN host?

2) Should these routes be set up automatically by the operating system?

3) If these routes are not being set up automatically, what could be preventing this?

Many thanks for your help.

John

[Pascal]

No, not quite. You don't need the static routes. If all you want to do is access the Host Computer, the VPN will take care of that for you.

All that you need to do is ensure that the office NAT / Router will forward traffic appropriately. It has to send anything it gets on the VPN ports to the VPN Server.