WinGate Forums

[SignatureProperties]

Hello,

We are currently considering a purchase of the WingateVPN and have implimented the trial version. However, we are unable to establish a good connection.

The setup:

VPN server with Wingate VPN installed is on a box behind our firewall. For the purpose of testing, we have enabled a direct nat translation of all traffic from all ports, we plan on limiting this to ports 808, and 809 after we get this working. Our internal IP net is 192.168.1.1-255

The function of the VPN is to simply get an IP address from our network so that home users can work as if they were in the building with no restrictions on applications etc.

Again, for testing, I am using my laptop at my home, XP SP2 with the windows firewall turned off completely. The IP setup on my laptop/home network is 192.168.0.1-255 Behind a linksys router. (ports 808/809 opened on the router already)

Problem Symptoms:

Connection works fine; SLL says it's negotiated correctly, and under the remote network, I can see all the computers on my work lan, but I am unable to ping any of them, or use any resources EXCEPT for the server where wingate VPN is installed (the one I connected to) For the wingate server, I can ping by IP, or I can resolve the name and ping that way, I can browse shared folders etc but only on the VPN server. All other machines are not accessable, though viewable.

My guess is that I have a routing problem. As far as I can tell, I have RIP2 turned on at the server level in the wingate app, and I have installed the RIP2 service on my laptop as well as verified that the service is currently running. Alas, this did nothing to improve the issue, I still have the same situation.

I can only guess that this is a routes issue, but I am at a complete loss for where to go next. It does not seem that I am able to add my own routes to even do testing. I'll list what shows up for routes below; line for line.

Home side:
Behind NAT/translated
192.168.0.0/255.255.255.0
192.168.0.103/255.255.255.255

Office side:
192.168.1.0/255.255.255.0
192.168.1.42/255.255.255.255

=========================
I am very fustrated and I hope you can provide a bit of direction.
I'll check often, and I can give any further info you need.

[Pascal]

The clients on that LAN (Behind the VPN Server) must be made aware of the VPN somehow. This is done in one of three ways:

1. Have them use the VPN Server as their default gateway
2. Setup a static route on each client to point to the remote network
3. Install the RIP v 2 client on each LAN client [nb] and ensure that the routes will be published

You should be able to find samples of that in the setup guide.

[SignatureProperties]

Ah, I had no idea...

Sounds easy enough I suppose.

So, if I install the rip client on my exchange server for example, I would be able to use exchange, or any other IP app across the VPN?

And while I'm at it, I looked through the docs/menus and didn't see a way to assign static routes... Could you also point me to the correct documentation section, or post a short explanation on where I go to add the static routing?

[Pascal]

Exactly. Try one of those three (Sounds like the RIP client will be the way for you) and all should fall into place.

The problem is that machines on the LAN simply have no idea that the VPN Server exists. So, your remote network machine sends a packet to the correct machine, it arrives at the correct place and the local machine looks at who it should respond to and has no idea where that machine lives.

[SignatureProperties]

Exactly. Try one of those three (Sounds like the RIP client will be the way for you) and all should fall into place.

The problem is that machines on the LAN simply have no idea that the VPN Server exists. So, your remote network machine sends a packet to the correct machine, it arrives at the correct place and the local machine looks at who it should respond to and has no idea where that machine lives.

Thank you very much, you just made technical sense of the whole thing! Of course the packet would have headers for a strange network address, they came from one. Boy do I feel stupid...

You should really add that paragraph to your docs, it's very succinct, and to the point.

[SignatureProperties]

Hi, so the rip2 client worked great for my win2k boxes, but for my NT machines, it does not seem to have worked...

They are servers, so I havent been able to re-boot any of those, it could just be that NT needs a reboot before the RIP service will work on them?

Or is there another version to use for those ones?

[Pascal]

Nope, that is the one version there is. On the NT boxes you can double check the service is running in Service Manager.