WinGate Forums

[Vagan]

This is my setup:

VPN Server:

C:\Documents and Settings\Vagan>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : smallfry
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Internal:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Fam
Physical Address. . . . . . . . . : 00-80-48-21-22-85
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter Internet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com Gigabit LOM (3
Physical Address. . . . . . . . . : 00-0C-6E-34-22-BA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1





VPN Client:

C:\Documents and Settings\Vagan>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : bigmomma
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2
Physical Address. . . . . . . . . : 00-80-48-1D-58-74
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Monday, June 06, 2005 4:05:57 PM
Lease Expires . . . . . . . . . . : Friday, August 05, 2005 4:05:57 PM


VPN server can:

1 - Resolve DNS:

C:\Documents and Settings\Vagan>ping www.qbik.com

Pinging steak.qbik.com [210.55.214.36] with 32 bytes of data:

Reply from 210.55.214.36: bytes=32 time=398ms TTL=112
Reply from 210.55.214.36: bytes=32 time=392ms TTL=112
Reply from 210.55.214.36: bytes=32 time=392ms TTL=112
Reply from 210.55.214.36: bytes=32 time=396ms TTL=112

Ping statistics for 210.55.214.36:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 392ms, Maximum = 398ms, Average = 394ms


2 - ping IP addresses:
C:\Documents and Settings\Vagan>ping 210.55.214.36

Pinging 210.55.214.36 with 32 bytes of data:

Reply from 210.55.214.36: bytes=32 time=399ms TTL=112
Reply from 210.55.214.36: bytes=32 time=388ms TTL=112
Reply from 210.55.214.36: bytes=32 time=402ms TTL=112
Reply from 210.55.214.36: bytes=32 time=406ms TTL=112

Ping statistics for 210.55.214.36:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 388ms, Maximum = 406ms, Average = 398ms

3 - Ping client & itself
4 - browse web pages
5 - browse My Network Places




VPN Client:
1 - Resolves DNS addresses but cannot ping:
C:\Documents and Settings\Vagan>ping www.google.com

Pinging www.l.google.com [216.239.59.104] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.239.59.104:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

2 - tracert shows this:
C:\Documents and Settings\Vagan>tracert -h 5 www.google.com

Tracing route to www.l.google.com [216.239.59.104]
over a maximum of 5 hops:

1 <1 ms <1 ms <1 ms SMALLFRY [192.168.0.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.

Trace complete.
(Reaches VPN's internal IP then cannot find the next jump?)

Browses network normally, reaches all other PCs but no internet.

This looked simple enough but is proving a lot more difficult than I expected...

What can I look at next?

[jamesc]

1. Are you trying to setup a VPN within your internal network?

2. How does 192.168.0.50 connect to the internet... it says its Gateway is same address as VPN Server.

3. What is running on 192.168.0.1 .. WinGate, or WinGateVPN ... Do you have any other internet connection sharing programs running on it?

[Vagan]

I am trying to setup a NAT behind NAT as described in white papers. The object would be to connect my LAN to another LAN via the internet.

Previously all PCs had the DSL router as their gateway and DNS server. This is described as an incorrect setup for the purposes of connecting a LAN to another LAN. The setup is supposed to force all machines to "see" the internet through the VPN server.

The question was posted in the Wingate VPN section.. I thought it would be obvious I was setting up a VPN.

Also, I didn't mention that after I tried, unsuccessfully, to connect clients through the vpn server. I installled and statrted a RIP listener on the VPN server and QBik's RIP client on the client.

I have zone alarm but with zero security on the LAN and windows firewall disabled.

Am I supposed to bridge the two connections (nothing like this mentioned anywhere). the tracert from the client seems to indicate that the jump from inetrnal IP (192.168.0.1) to the external IP (10.0.0.2) on the server isn't being made.

Both PCs are Win XP Pro.

[jamesc]

Hey Vagan,

I am sorry about basically repeating these questions. But you have given a good analysis of the test you are trying. But you have not told us what your problem is and what you are trying to achieve; hence, I am trying to find out what you are trying to do.

1. is 192.168.0.50/bigmomma and 192.168.0.1/smallfry on the same "Physical" network?

2. How does 192.168.0.50 connect to the internet

3. If questiuon 1 is correct, Where is the other side of the VPN? What subnets are used.

[jamesc]

Hi Vagan,

I have contacted you via the help desk, asking you if you would like me to give you a phone call to sort out your problem.

[Vagan]

What I'm basicallly trying to do is to setup up my side of my LAN to use a VPN server as a gateway before the actual internet gateway (as described in the white paper NAT behind NAT). Correct Me if I'm wrong (and I might be labouring under a misunderstanding here) but I should be able to get a normal LAN (internet connectivity on all PCs and connectivity between all PCs) on the one side (first physical location), duplicate the situation on some other physical location (second physical location) and then connect to two together. I am still trying to setup the first site. In other words... if I had a small office of 5 PCs, and a VPN server, would those PCs have Internet connectivity through the VPN server or is the traffic throught the VPN server used only to setup the secure LAN setup (hence using a different IP setup for internet "normal" traffic). Should I be able to see the Internet on my VPN LAN client in the office and should this be through the VPN server or should I use the NAT behind NAT setup for the VPN network only and concurrently use another configuration (other IP network) for normal everyday Internet traffic.

Hope this makes it clearer.

[jamesc]

Added this in from the support call as refernece to our discussion.


These are the steps I would take

1. Put all pcs on the 10.0.0.x subnet.
2. On the client pcs have the gateway and DNS pointing to the router (including WinGateVPN server.)
3. Port Map TCP / UDP 809 from the router to the WinGateVPN servers IP address
4. Run the RIP client on each client PC (excluding VPN server). This will allow any VPN traffic to be directed back to the VPN server, instead of out the gateway on the internet.
5. Tell your friend to make sure he is using a differnet subnet on his end..e.g
You are using 10.0.0.x / 255.255.255.0
He should use 10.0.1.x / 255.255.255.0 .. or 192.168.0.x etc...
6. When you test your VPN with your friend, make sure that you do not have any other security suites running for the sake of testing... e.g Windows Firewall, Norton Internet Security, Mc Affee, Zone Alarm etc...

[Vagan]

Hope to be able to try this over the weekend.