WinGate Forums

[Darkfighter]

I have a problem whit my router i think.

Here are my problem:

I Hawe 2 routers conected to the internet first a Adsl Router (conected to the internet) and then another router (conetcted to the adsl router).

I can se mysevlf and acces myself but when other try to acces me ther stand Not Acceesabel.

I think the problem is the Published Routs.
In my published routs stand:
192.168.2.100 / 255.255.255.255

That is wrong. Nobody can conect to that Ip from the internet they need my Global ip but it isent on the rout tabel.........

I Thing there shud stand:
192.168.2.0 / 255.255.255.0
My Ip from router1-------> 192.168.2.100 / 255.255.255.0
My Ip from Adsl Router--> 192.168.1.33 / 255.255.255.0
My global ip---------------> 62.79.XXX.XXX / 255.255.255.255

Is that right?
if yes how do i do that?

Hope you understad me:D
And sorry for my bad english:D

Help help......

[Pascal]

The published routes indicate what is available on your machine. You want other users to see 192.168.2.100, which I assume is your local machine's IP.

When their VPN joins, they will connect to the IP specified in their VPN configuration (The remote server IP / name) which will be your 62.79.xxx.xxx address.

What I'd check is:

When somebody is connected, can you ping their internal IP address ?
Secondly, ensure that the various routers are actually moving traffic on port 809 UDP to your machine. This might involve setting up pinholes, etc.

Refer to our white papers section (www.wingate.com/support.php - I think) for a document on VPN configuration.

[Darkfighter]

I am the host And i can ping myself and other there is joining my network whit the computer name and see the shared folders.

But other can't ping me whit my computer name or acces my fils...... Is that becurs i not have opned UDP port 809??

[Pascal]

Accessing your local network should always be fine, pingable etc.

Yes, you need to open 809 UDP. The VPN consists of two 'connections' / 'channels'. One is the control channel (TCP) which negotiates the link and transfers information such as routes, machines, etc. The data channel (UDP) transfers the actual network traffic.

So, 9 times out of 10, if machines are marked as inaccessible it's because the data channel has been blocked / not forwarded to the VPN host.

[Darkfighter]

ok. I wil tray that tomrow.

I writ back when i have tray that.

[Darkfighter]

Now i have opned Udp Port 809 & Tcp Port 809 to my pc but it stil not working what is wrong??

Pepol can se my computer name and my workgrupe name in gatekeeper and in the Nightbhur folder but when they try to acces me it com's up whit an error about the host coud not be found or smothing...

What is wrong?

[Pascal]

If people can see you in Network Neighbourhood that's good. It means the tunnel should be up and running. Have you tried to ping one of the remote machines ? If you can ping them, you know everything is setup perfectly.

Then the last step to go through is to check MTU. The problem you describe sounds as if the tunnel is up, but the MTU value is too high. Have a look in our White Papers section for a guide on the VPN. It explains in detail how to test the MTU. Then find the MTU configuration tool in the VPN forum (I believe it's called DrMTU) and adjust your MTU.

Normally it is set around 1350 for the VPN to operate perfectly. With 6.0 you can adjust the MTU from within GateKeeper, per adapter.

[jono659]

(grin) Actually DrTCP and its here

http://www.dslreports.com/drtcp

JonO

[Pascal]

DrTCP. I think this post should go to my favourites, so I can refer back to it. Thanks Jono.

[Darkfighter]

Yep i found it. i will try it and return.

[Darkfighter]

Now i think i have set op the MTU corect but it is still not working......

Is there other ting i have to do before it work?

[adrien]

Hi

This looks to me like a problem with name resolution. i.e. you can ping machines by IP, but not by name, and you can't browse to them.

This means that NetBIOS name resolution isn't working properly.

Normally, netbios name resolution uses UDP broadcast packets on port 137. By default we relay these (go to Extended Networking, Routing, advanced). But if you have turned off UDP broadcast relaying, or don't have ports 137 and 138 enabled, that would break it.

Also are you running a WINS server?

Adrien

[Darkfighter]

Hhhmmmm you say somthing i don't have the NetBoris port open on my router.

And yes the netboris Name Service and Datagram Servic is is On in Extended Networking.

But i can ping oter by thir host name but they can't ping me.. Is that becurs i dont have open the Netboris Ports on my computer?

[Darkfighter]

And no im not running WinS server......
I don't know what it is....

[Darkfighter]

hmmm.... That dosen't work..........

I don't know what the problem is...
Now i have tray evrything but it isen't helping......

[adrien]

basically if you can ping by IP, but not by name, that means that the name to IP resolution is not working.

This uses UDP broadcast packets on port 137.

UDP broadcast packets are not normally transferred through a router, so if you have a router between your VPN gateway (on either end) and the client machines, then this could be the problem.

In order for a particular computer to respond to name lookups, they need file and print sharing enabled on their network adapter. If you are running windows XP, it is possible this is disabled, even if you have it bound to your adapter, XP disables it by default until you create a share.

Adrien

[Darkfighter]

I use Win 98 and Netboris over Tcp/IP is enabled.....
Is there anything else i have to do?

Only my pc is conected to a router not the other reacabel machins on the other end of the Vpn.
And sorry again for my bad english:D

[Pascal]

I just want to get a rough idea of the setup and scenario currently.

1. You can ping machines on the other end of the VPN by their name and by their internal IPs, but you cannot browse to them.

2. Machines on the other end of the VPN are able to ping you by name and internal IP, but cannot browse to you.

If those two are correct (Or if the pinging works by name and IP) then we know that your tunnel is up correctly.

3. The two subnets are on different ranges. Your local subnet is 192.168.2.x, the remote side should be something different.

4. You have done the MTU tests as described in the documentation, and you've adjusted the MTU to 1350.

Is that all correct ?

[Darkfighter]

HHhhhmmmm almost like that.....

I wil try to explain it better:

I am the Host of the Vpn.
I have 2 Routers coneted to the internet.

Lik this:
My Pc - Win 98 ip: 192.168.2.100/255.255.255.0
Router ip:192.168.1.33/255.255.255.0 Port: (809 Tcp/Udp, 137 Tcp/Udp, 138 Tcp/Udp forvarted to 192.168.2.100)
Adsl Router - Conected to internet ip:62.79.XXX.XXX/255.255.255.255 (All port forvardet to 192.168.1.33)

The Remote joiner:
Conected directly to th internet.
I think whit the ip/subnet 80.XX.XX.XX/255.255.255.255



Now what is working:
I (Vpn Host) can ping the Remote joiner whit his pc name and browse his pc fine... No broblem there....

What is not working:
The remote joiner canot ping me by my pc name and not brows my pc... Somthing wrong there....And the firewall don't sy enything to that so it can't be that.....



Now i have set the MTU to 1350... but not tested it.....
How dos i test it? i can't find it in the help sektion....

Hope you understand.

[Pascal]

That sounds good and groovy. The fact that you can ping him means that your network traffic is going out across the tunnel and coming back to you. Ditto for browsing him, etc.

Can he ping you by your internal IP address ? 192.168.2.100 ?

If yes, have him double check that he can ping with increasing packet sizes. (That is detailed in the VPN Setup Guide, you can find it in our Support Section under White Papers) That is also the test you would use for MTU.

If all that is fine, do you have shares enabled on your computer, etc. ?