VPN Error

Forum for all technical support and trouble shooting of the WinGate VPN.

Moderator: Qbik Staff

VPN Error

Postby andygray » Sep 16 03 2:36 pm

Hi Folks,

I would like to ask for help with a peculiar problem I am having with a wingate vpn I am trying to set up.

I am getting an error with the vpn tunnell. But you can only see the error under the network tab. Under "Local network of ???Remote Server hostname??? [Master]|Tunnels|Tunnel (2) to local network of ???Local PC Hostname??? - Error - unknown.

There are no other error logs anywhere, infact every where else I get a "Local network of ????remote_hostname??? [??IP??] with ID 2 active and updated". which I assume means that the vpn was established. but why would there be a problem under network tab with my side of the vpn?

A few things to note which probably have a lot to do with the error is this. On my end, I am behind a linux server running as a dialup gateway using NAT. I have forwarded the port 809 to my pc. also, on the remote end, they have ADSL connection with a win2000 box as gateway. I have installed wingate VPN on the win2000 box and my local winXP box.

ie:

+------------+ local +----------+
| My Win XP |---------| Linux GW |----+
+------------+ network +----------+ |
| Wingate | |
+------------+ |
|
+-------------[Internet]---------------+
|
| +---------+ Local
+---| Win2000 |---------
+---------+ Network
| Wingate |
+---------+


Any help would be much appreciated as I can't figure out what is wrong.

NB I have port 809 forwarded from the linux box to my winXP box, so that no matter if the VPN server is my end or the other end, they can establish a connection, even if not all of the link can be established.

Also, note that at the moment, I have configured "Local Network Participation" at both ends.

Cheers,

- Andrew Gray

(If someone shows me how, I can post screen captures if you like? Or look at: http://webboard.deerfield.com/guests WinGate VPN then item posted on the 15th of september. this link may work:

http://webboard.deerfield.com/read?17126,4

)
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby adrien » Sep 17 03 6:51 pm

THis is basically the same setup I run from home with one difference, the VPN server is at the other end, rather than behind the firewall (i.e. your Linux machine).

We have however had problems in the past with UDP mappings in linux not forwarding all the packets properly. WinGate VPN uses maximum size UDP packets for VPN traffic.

Note also you need to tunnel port 809 UDP (VPN data packets) and TCP (control connection).

Also, what IP addresses are you using on each local network?
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby adrien » Sep 17 03 6:54 pm

Also to clarify, the ADSL connection on the remote end, is that doing any NAT? Or is it a PCI card or something whereby the Win2k server actually gets the public IP address on the other end.

Otherwise you have the situation of 2 NATs to go through, which would require a pinhole on each end.
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

VPN Error

Postby andygray » Sep 18 03 11:40 pm

Ahh, I don't think I forwarded the UDP packets! Good point! I'll do that right now!

Also, the other end (the ADSL end), interesting question about the ADSL. I believe it is a USB modem, so I am assuming it doesn't do any NAT, although wingate VPN will.

The two networks are the same. 192.168.0.x

ie my pc has 192.168.0.77 and the win2k box has 192.168.0.5 (on the local lan), and my friends pc which is on that lan (behind the wingate firewall) has 192.168.0.9.

I am not sure if they should be different or the same.

We are wanting to do all sorts of stuff, including playing games like WarCraft 3 etc.....does this mean that we need bridging between the two locations????

- Andrew Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby adrien » Sep 19 03 12:30 am

having the two local networks on the same subnet will definitely be a problem. The VPN acts as a distributed router, so you have 2 interfaces on your router with the same subnet, this means the router can't choose where to forward packets to.

You would be best to renumber one of your networks.

Also, I am not sure about warcraft etc, but if they use broadcasts on UDP, you should be able to forward them, so bridging would not be required, otherwise if it is a simple TCP conenction or UDP unicast packets, then they should go across the VPN fine.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby andygray » Sep 19 03 12:38 am

Okay, so I'll have to re-number my network then. 192.168.1.77 would be perfectly acceptable yes?

Also, I believe WarCraft (and other games I want to play, except for counter-strike I think???could be wrong) use udp broadcasts. So, could you be so kind as to tell me how to configure it to forward these broadcasts over the VPN? Or will it do this automagically?

Many thanks.

- Andy
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby andygray » Sep 19 03 2:24 am

Okay, I have changed the my internal network address to 192.168.1.x for the server and my pc.
I forwarded both UDP and TCP packets arriving on port 809 on the linux server to my pc
I try and connect to the vpn on the remote end (he has a server too) but I still get an error on my end. the error doesn't appear in the history tab. You see it in the network tab when you expand the tree. it's under:
"local network of optimusXprime [ Master ]/Tunnels/ and it says at this leaf "Tunnel (4) to local network of GANDHI - Error unknown"
now Gandhi is the name of my pc, the workgroup name is workgroup, the remote computer name is optimusXprime and they have a workgroup called PheonixFire. I can now see computers in thier workgroup in the tree, which I couldn't before...but there is still this wierd error. Also, I can't open up any of thier computers to browse thier network. didn't try ping yet as I have to go to bed now.

What does this error mean, is it serious, and most importantly, how do I fix it??

Many thanks!

- Andy Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby adrien » Sep 19 03 2:24 pm

how is the redirect set up on the linux machine?

For outbound packets on port 809 TCP and UDP from your LAN you don't want the Linux machine to redirect them back to you - they need to be NATted normally.

Only incoming packets from the internet on port 809 need to be redirected to your VPN server.

You could try changing the port numbers on the other end, so that outbound is on a different port to inbound, then the linux machine wont get confused

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

VPN problem

Postby andygray » Sep 25 03 1:35 am

Hi,

Yes, I have configured the linux box to only forward incoming packets. outgoing packets are NATt'ed normally and sent out. But incoming packets are forwarded to my pc.

Okay, this is the current setup now (I am still getting the same problem though)

I have changed my subnet as per previous suggestion. I now have 192.168.1.x and the remote is 192.168.0.x

On my end, I have a linux box that does dialup internet connection and does NAT and port forwarding. It NAT's outgoing packets normally, and forwards incoming packets on port 809 (both UDP and TCP) to my pc (winXP) where wingate VPN runs.

On the remote end, they have win2000 box connected via USB ADSL modem to internet. It runs wingate VPN also.


Now, when I try to connect after installing the remove VPN server config into my vpn's to join part of wingate VPN, I seem to succeed except for one small problem outlined below:

it seems to connect as I can see the computer name of the various computers behind the Wingate VPN on the remote end, and it shows the domain name of the windows file sharing on the remote end. so it looks good. except under "Local network of OPTIMUSXPRIME [Master]" | Tunnels I see text saying: "Tunnel (5) to Local network of GANDHI - Error - Unknown"

Now, Gandhi is my local pc, optimusXprime is the remote pc name.

There are no error logs in the history, or system messages.

Now, this really has me stumped as I've done everything you (and others) suggested and it's still giving me grief.

Would you be so kind as to lend me a hand fixing this?

Also, a screen shot of the error I am trying to describe can be found at:
http://users.tpg.com.au/andygray/screen_capture.jpg

It would be worthwhile looking at to help with the debug.

I really appreciate any assistance given. Thank you!

- Andrew Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby adrien » Sep 25 03 2:52 am

I have just recently got the VPN working well through a whole chain of NATs and mapped links using socket-based forwarding, so I think we have a good option for 5.0.8.

We hope to get a beta of this publicly available in a day or so, so your best bet is probably to hang out for that. Or I can send you a pre-beta if you are desperate.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby andygray » Sep 25 03 11:57 am

Nope, not desperate yet.

I'll wait a few days then and try the new version then. You reckon that's the best idea?

Anyway, thanks for the help, I'll post let you know how I go.

Any other suggestions?

- Andrew Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby andygray » Sep 25 03 7:16 pm

One point which is really worth noting is this:

I have previously been trying to connect my pc to the remote pc's WinGate VNC server. However, I went around to the remote end (win2k box) and tried connecting to my pc through the vpn and something slightly different happened:

It appeared to connect, however, it showed an error had occured in network view under:
"Local network of OPTIMUSXPRIME [Local] | Tunnels" and said the following:
"Tunnell (2) to Local netowork of GANDHI - Error return code FFE0B427"

So this is different, but again, my pc was listed in the Microsot Windows Network list in the Network Tab.

So in summary, I went to the remote PC, which I have in the past been trying to connect to from my pc, did connect, but came up with an error. This is not unusual, except that this time it also gave an error code, whereas the error I was recieving was "unknown".

Hope this helps.

Thanks.

- Andrew Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm

Postby adrien » Sep 26 03 10:34 pm

THat means the tunnel was unreachable - which means that the machine the VPN server was on did not have a route to the other endpoint of the tunnel. That is very weird, since you probably connected to it in the first place, however the IP may have changed since you were going through a NAT.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby andygray » Sep 26 03 10:44 pm

Okay, so what do you suggest I do now? Still wait for the next version to be released? What else do you suggest?

Perhaps it would be best if you sent me the latest version and I'll try it out on the computers. I can't be bothered waiting for it to be released.....

Thanks for the help so far.

- Andy Gray
andygray
 
Posts: 8
Joined: Sep 16 03 2:31 pm


Return to WinGate VPN

Who is online

Users browsing this forum: No registered users and 17 guests

cron