hi all, i´ll try to explain my problem the best i can, excuse my english :)
i´m giving wingate a hard chance to implant it on my company for roadwarrior users. I was trying standalone vpn 106 and had no problem at all. Then i decided to try wingate 507 with whatever version of vpn it has, and the problemas started, the users can actually connect, see and ping every server they need, but actually can´t hook on it (e.g. Lotus Notes, SAP gui..)
I tried to upgrade their vpn version to 1010 and left the current 507 wingate version, and the same. What could happen?
The IP i use are: in the office 192.168.10.0/24 subnet, both 192.168.10.2 and 151 are for the wingate machine (proxy + gateway), and a second subnet (172.10.10.2) that the wingate is sharing with the dsl router, to avoid any non wanted conection to the internet. Roadwarrios are dhcp clients from their isp´s, usb-dsl modems for all.
thanks in advance
standalone vpn 106 or wingate 507
Moderator: Qbik Staff
6 posts
• Page 1 of 1
standalone vpn 106 or wingate 507
by chespir » Oct 13 03 11:38 pm
- chespir
- Posts: 24
- Joined: Oct 13 03 11:24 pm
by adrien » Oct 14 03 6:30 am
WinGate 5.0.7/VPN 1.0.6 and WinGate 5.0.10/VPN1.0.10 use different methods of fragmenting packets that are over the reduced MTU of a VPN tunnel.
What this means, because the VPN tunnel packets have an overhead in the packet for the tunneling information, if someone sends a maximum size packet over the VPN, it must either be split up, or the client machine told to resend a smaller packet.
The way these packets were split up has changed since WinGate 5.0.7, and the two methods are incompatible, so it is likely that every packet above a certain size would be lost,
What this means, because the VPN tunnel packets have an overhead in the packet for the tunneling information, if someone sends a maximum size packet over the VPN, it must either be split up, or the client machine told to resend a smaller packet.
The way these packets were split up has changed since WinGate 5.0.7, and the two methods are incompatible, so it is likely that every packet above a certain size would be lost,
- adrien
- Qbik Staff
- Posts: 5441
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
thanks a lot, but...
by chespir » Oct 14 03 7:11 am
...that was the first combo i tried with wingate plus vpn, 507 and 106 respectively. As the problems appeared, i switched vpn version to 1010. I will try with the latest wingate version (5010) and vpn (1010) and see what happens.
thanks a lot, i´ll post the result if successfull for future users.
thanks a lot, i´ll post the result if successfull for future users.
- chespir
- Posts: 24
- Joined: Oct 13 03 11:24 pm
results
by chespir » Oct 14 03 11:32 pm
results are 50% succesfull, let see if i did wrong:
vpn 1010 client vs vpn 1010 server (standalones), still can ping and see servers, but still can´t connect. Looks like w2000 knows where the servers are, but Lotus Notes can´t reach the same address that w2000 pings. Anyway, suddenly worked! No action was taken at all, don´t ask me :) well, probably 1 thousand or so config combos. :))
vpn 1010 client vs wingate 5010, still won´t work. 3 servers (2 SAP, 1 Lotus) are gateway-oriented to the wingate computer, so they are being seen by the client, even pingable, but unreachable. Wingate´s firewall´s been up and down, when up with no NAT or/and internet-lan port redirected to servers (when vpn vs vpn was unnecessary). I launched rip2clients (just in case) in the servers, no difference. Many combos tried here too :)
In both scenarios the LAN config was the same.
The fact is that i would like one machine to handle all the routing+caching+vpn-ing work, not a pc for every task, with wingate, but probably the most important thing is the vpn one.
Another little question, is there any software sawmill-like to handle in a "pretty" way wingate´s logs? i was using sawmill for squid, and was very nice.
thanks in advance
vpn 1010 client vs vpn 1010 server (standalones), still can ping and see servers, but still can´t connect. Looks like w2000 knows where the servers are, but Lotus Notes can´t reach the same address that w2000 pings. Anyway, suddenly worked! No action was taken at all, don´t ask me :) well, probably 1 thousand or so config combos. :))
vpn 1010 client vs wingate 5010, still won´t work. 3 servers (2 SAP, 1 Lotus) are gateway-oriented to the wingate computer, so they are being seen by the client, even pingable, but unreachable. Wingate´s firewall´s been up and down, when up with no NAT or/and internet-lan port redirected to servers (when vpn vs vpn was unnecessary). I launched rip2clients (just in case) in the servers, no difference. Many combos tried here too :)
In both scenarios the LAN config was the same.
The fact is that i would like one machine to handle all the routing+caching+vpn-ing work, not a pc for every task, with wingate, but probably the most important thing is the vpn one.
Another little question, is there any software sawmill-like to handle in a "pretty" way wingate´s logs? i was using sawmill for squid, and was very nice.
thanks in advance
- chespir
- Posts: 24
- Joined: Oct 13 03 11:24 pm
more conclusions
by chespir » Oct 15 03 3:50 am
finally, got the main problem. The firewall implemented in wingate does it´s job fine, but keeps away ANY conection, even those coming out of the tunnel. What is the firewall´s option that is keeping my client apps out of the private network? As soon as i turn it off, everything goes smooth.
thanks in advance
thanks in advance
- chespir
- Posts: 24
- Joined: Oct 13 03 11:24 pm
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 29 guests