WinGate Forums

[brucer1957]

I am trying out WinGate VPN. Does the DHCP service need to be running for this to work behind DSL routers?
What about the client, can you just turn off the DHCP?
Is there a way to assign a static IP for the VPN client?

Thanks!

[jamesc]

DHCP is not a requirement to run WinGateVPN.

Is there a way to assign a static IP for the VPN client?

In what regard, can you please clarify this question and give it some context? Are you getting mixed up with the way MS VPN is handled? Our VPN is a routing based solution. Below is a pattern of the configuration of WinGate VPN networks.

So if the VPN at the office (Host) is on a subnet like:
192.168.0.x / 255.255.255.0

Then the client (Joiner) on their home network should be on a differnet subnet, for example:
192.168.1.x / 255.255.255.0 or other private address ranges

Then your other staff member who requires remote access from his/her home as well would have a subnet like:
192.168.2.x / 255.255.255.0 or other private address ranges.

Your sales manager using a dialup connection from a hotel in Taiwan, would not require any special subnet for his network card, becuase he is not plugged into a local network, and hence that interface is disabled. His/her routing for VPN traffic will be done with his/her internet address

[brucer1957]

Thanks for the reply. I had assumed it was working like MS VPN.

I am getting a remote host not found error when I try and connect. There are DSL boxes on both ends. Is the only configuration I need to forward port 809 to the VPN server?

Thanks.

[jamesc]

On the host side of the VPN, you will be required to map TCP/UDP port 809 (Unless you specified another port). Can you please confirm the two points I made in the link below.

http://forums.qbik.com/viewtopic.php?p=17109#17109

[brucer1957]

I do have the host set up like the image showed.

I have not been able to telnet in, I wasn't sure how to do that. Do I type in the remote host's NETBIOS name, or something else?
Do I have to open up telnet on the remote DSL modem to do that?

Thanks.

[jamesc]

Telnet can be used for all ports, You can send emails when telneting to port 25, check emails with port 110 etc... etc..., or check if your WinGateVPN ports are mapped correctly.

So in the case of the example I gave. You obviously need the public IP address (or a DNS name), which you either already know, or you can find out by navigating "from" the host machine to http://www.whatismyip.com

Lets say the webpage returns the IP Address of 203.9.96.69
The telnet command to check if port 809 is mapped all the way through to the WinGateVPN application/computer is as follows

2. To telnet into the Host:
On the "Joiner" (client), open a command prompt and test via telnet whether the ports are opened correctly on the "Host".

(windows) Start menu --> Run --> cmd --> telnet -->
open 203.9.96.69 809

If the Windows goes blank, then you have connectivity to those ports.
If you get the error message: Connecting To 203.9.96.69...Could not open connection to the host, on port 809: Connect failed
... Then there most probably is a firewall blocking the port....


* NetBIOS names are used on a Local Area Network, we are trying to make sure that the 809 port is open for internet connectivity, and hence, we will not use them. Once you have established a VPN connection to connect into the remote LAN, then you can use NetBIOS names

[brucer1957]

I tried telnet to port 809 and it said "press any key to continue". Is this an indication of getting through?

What configuration do I need to do on the client PC? Do I have to open up any ports on that end?
How exactly does the RIP utilitity work?

Thanks for your help!

[jamesc]

I tried telnet to port 809 and it said "press any key to continue". Is this an indication of getting through?

Yes, that is indicating it is getting through.

What configuration do I need to do on the client PC? Do I have to open up any ports on that end?

On the Joiner (Client), you do not require to map any ports

How exactly does the RIP utilitity work?

(jamesc: You install it on clients either behind the WinGate Joiner, or clients behind the WinGate Host that need to participate with the VPN)

An Introduction (From the installation document)
RIP stands for Routing Information Protocol. It is specified by Internet RFC 2453. RIP is a relatively simple protocol which allows routers to advertise available routes to other interested parties. In this way, hosts on the internet, or more commonly now on a corporate network, can automatically reconfigure themselves to reflect changes in the network.

This is increasingly useful in scenarios where VPNs may include transient parts to the network, such as remote networks or individual users joining the main network from time to time via say dialup or other switched (non-permanent) connections.

The Qbik RIPv2 client was designed to be used with WinGate VPN, however it may be used in conjunction with any other RIP server software that supports v2 of the protocol.

There are currently available RIP solutions that come with some operating systems, however unless you are running Windows NT server, Win2k Server, or XP Advanced Server, you are limited to a version 1 RIP client. Version 1 of the specification was limited (did not support network masks), and is not often very useful.

The Qbik RIPv2 client will run on all versions of Windows that have the IPHelper DLL installed. This includes windows 98, NT4, Win2k, and WinXP. Furthermore, if you are running Microsoft Internet Explorer v5 or later on Windows 95, this should also be available

[brucer1957]

Can you decipher the instructions for me? Do I need the RIP utility - is it necessary?
How do I install the utility? Do I have to do anything to make sure it is running when I join the VPN?

What is IPHelper.dll and how do I install it? I am running XP on all PCs. The joiner will be outside the LAN that the host is on.

Thanks for your help, I appreciate it.

[jamesc]

Can you decipher the instructions for me?

Sorry, I thought you wanted to know exactly what it was.

You have a WinGate Host ,and a WinGate Joiner. The Host or Joiner do not require to have the RIP utility running on it. If you wanted to access computers behind the Host or Joiner, those computers either need to:

1. Have thier default gateway set the the WinGateVPN computer (which may not be ideal depending on how the computers access the internet)
2. Create a route (Which requires a bit of networking knowledge)
3. Use the RIP utility to automatically obtain routes to different subnets in the VPN. (Which is for automatically adding the routes for you)

So lets see an example

VPN Joiner at home
192.168.1.1 / 255.255.255.0
Gateway 192.168.1.254
DNS 192.168.1.254

VPN Joiners Broadband Router/Modem
192.168.1.254 / 255.255.255.0


Internet


Broadband Router/Modem
192.168.0.254 / 255.255.255.0

WinGate VPN Host (The Bosses PC)
192.168.0.1 / 255.255.255.0
Gateway 192.168.0.254
DNS 192.168.0.254

A client behind The WinGate VPN Host (The Secretaties)
192.168.0.2 / 255.255.255.0
Gateway 192.168.0.254
DNS 192.168.0.254


With the scenario above, if the "Client Behind the WinGate VPN Host" needs to participate in the VPN, then it would require a Route added manually, or automatically running the Qbik Rip2 Utility.

If it did not have the manual route or Qbik RIP2 utility, this is what would happen... The VPN Joiner connects into the VPN host from a remote location. It can open the shares on the WinGateVPN host. But it cannot open the shares on the secretaries computer. That is because...... The secretaries computer recieves the packets of data from the VPN Joiner, (through the VPN tunnel) via the VPN Host, and then it goes to reply back to the VPN Joiners request "Here are my shares", it send the reply to the default gateway, Instead of back to the WinGateVPN Host and ultimatly through the VPN tunnel back to the VPN joiner who originally made the request.

Gee that really is a mouthful,. I may need to draw you a picture.

So I will say again, The Qbik RIP2 utility is used when
A) The default gateways of VPN participants behind the VPN Joiner / Host are not set to the VPN Joiner / Host
B) When A) is true, and you do not want to make manual routes.

How do I install the utility? Do I have to do anything to make sure it is running when I join the VPN?

Download it from the link below, and follow the instructions inside. One it is set up, it will run as a service i.e "Set it and forget it"
http://www334.pair.com/qbiknz/downloads/ripv2client.zip

What is IPHelper.dll and how do I install it?

The Qbik RIPv2 client will run on all versions of Windows that have the IPHelper DLL installed. This includes windows 98, NT4, Win2k, and WinXP.

[brucer1957]

Thanks for your help. I have been able to connect two different LANs. I am having trouble running their real estate application over the VPN. I can run it over windows XP VPN, but not WinGate. How do I configure the WinGate VPN Firewall to make sure it is allowing this application to run over the VPN? I see the firewall tab, but can not find where to configure it?
The application is sitting on the host.

Thanks.

[jamesc]

You may have a problem with the MTU of your connection.

When you are connected into the host from the joiner, you can do a small test to establish your correct MTU (Maximum Transmission Unit).

If the WinGate Hosts' internal IP Address is 192.168.0.1, then from the joiner, do the following.

(Windows) Start Menu --> Run --> cmd

Code: Select all

ping -l 1500 -f 192.168.0.1

If you do not receive replys then lower the 1500 to say 1400

Code: Select all

ping -l 1400 -f 192.168.0.1

If you do not receive replys then lower the 1400 to say 1300

Code: Select all

ping -l 1300 -f 192.168.0.1

Once you start getting replys, edge the number up from 1300 to say 1350 etc etc... until you find your optimum setting. Once you have obtained it, download this utility: http://www.dslreports.com/drtcp

And if you have a dial up connection, you must place the MTU into the red box as shown in image below. Once done, restart your computer and try to connect to your database again.



You should test back from the host to the joiner too.

[brucer1957]

Thanks for your help, but I could not ping the host. I can connect fine, but I can't ping that PC at all. Should I be able to ping without any extra configurations?

[brucer1957]

PS I did download the DRTCP and set the MTU to 600 and it still gave me a Java error when starting the Real Estate application. Is there any firewall configurations on WinGate that need to be done for the application to run over VPN?

Thanks again.

[jamesc]

You should not need to make any changes to your firewall, because your VPN traffic is going through the VPN tunnel. You should be able to ping, but, it can depend on a few variables.

Can I get you to fill in a support ticket here: http://support.qbik.com/index.php?_a=tickets&_m=submit , and we will get this sorted for you. Can you also please indicate what your phone number is, and a good time to call.

If within protocol, It would be good to get your exported WinGateVPN key and a username and password, so we can connect in and do some serious troubleshooting while on the phone. If you require assistance on how to do this, please ask in the support ticket.

We will post a summary for the solution once completed.

[brucer1957]

I submitted a support desk ticket, but I don't have the Trial version registration key with me, it is on the another laptop that I am working on to connect. Hopefully you will still be able to get that ticket.

[brucer1957]

I changed the settings and it worked! We are trying it on a couple of different remote locations today.

Thanks!!

[jamesc]

This problem was fixed by setting the "Local Participation" of the VPN Host from "No Local Participation" to "Local Machine Only"