WinGate Forums

[culliard]

This will hopefully help someone who is pulling their hair out over trying to get a webserver on a LAN working over a VPN. I could browse computers on the network but I was about to give up on the webserver part until I stumbled across the (simple) solution and now that I have it working I think Wingate VPN is brilliant.

Although each setup is very specific the same principles will hopefully still apply. As a software engineer I know how difficult and frustrating it can be to solve problems on other computers when it works perfectly on my own.

I'm no network expert but I've learned a lot in setting this up and I wil try and include as much detail as possible.


Aim:
To access the internal company website from the remote computer (which dials up to the internet) over the VPN.

My setup:
Main server (VPN host) has Wingate (with integrated VPN) running on it with a WWW proxy server on port 80. Connected to the internet via ADSLmodem router DM602. Port forwarding of 809 (VPN port) is enabled in the modem. Realtek network card on external interface.

VPN host is set to Local network participation

A Microsoft IIS Webserver is running on another LAN computer (192.168.0.2).


Solution:
1. Install wingate VPN on the remote computer and install the certificate that was created on the Main server (which is the VPN server). The username and password is the user name of Wingate running on the main server.

2. Lower Maximun Transmission Unit (MTU) settingsThe default MTU is 1500 but lowered for VPN on the remote client. I have chosen 1350 simply becasue it works but you can test a different MTU setting using
ping 192.168.0.1 -l 1400

This is described elsewhere on the forums.

For more info goto http://support.microsoft.com/default.as ... -us;826159

The settings below were added to the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters\Protocol\0
PPPProtocolType = 0x21 ( 33 decimal)
ProtocolType = 0x800 (2048 decimal)
TunnelMTU = 1350 decimal (Enables network browsing)
ProtocolMTU = 1350 decimal (This setting is what I needed to change in order for the intranet to run)

Workgroup does not need to be the same and a username/password on the webserver is not required for the remote user.
When Wingate VPN is installed it should open TCP and UDP ports in the firewall automatically.

Hope this makes sense
Nigel

[adrien]

Hi

Thanks for that info.

We have been making a few mods in treatment of MTU as well, and hopefully have this MTU issue nailed. The problem has been in the past getting an accurate figure from the OS of just exactly what the real MTU value is for a network interface (as some APIs in the OS simply lie to us).

Adrien

[culliard]

The setup I described was for remote computer connecting to the internet via a dial up account.

When i tried to set up a VPN between two LANS (connecting to the internet via ADSL) I also discovered that I needed to use DrTCP to lower the MTU of the network card itself.

I also had to make sure that the two LANS used different subnets so that there were no routing issues e.g. LAN1 192.168.0.*, LAN2 192.168.10.*

Thanks Nigel

[GigaTel]

Dear Qbik Team,
We want to test if your aplication can connect 2 remote Computers with a Master Server.
** The Escenary is the Following: We have a Admnistration Software for your shop. We need to connect two branches with the Main Office. Each brand only have a PC with a POS (point of sale) aplication. Each brand has a ADSL connection (dynamic ip).
The question : Can we be able to connect each brach with the Main Office and sending data to main Office in a real time (realtime database access) ???
Thanks a lor in Advance,

[MattP]

Hi,

There should not be any problem with this scenario, the best thing is to take advantage of our 30 day free trial and see if it works for you.

Regards,

Matt