WinGate Forums

[DaNCeT]

I'm currently running Wingate 4.4 on a server machine. Server serves as DHCP server and NAT router for an IP printer, two desktops and a laptop.

Now I'm supposed to set up a VPN link with a second office. My idea was to use Wingate VPN, as I've always been pleased with Wingate in the past, not even with that much of work to configure it.

So today I started, and deinstalled Wingate 4.4, and installed Wingate VPN 2.1.1. After firing it up, configuring all of it, I ended up in the situation I'm in right now: I can ping al machines, DNS is working properly, DHCP is working properly, but I can't get onto the internet.

However, only weird thing is that I can't enable NAT for some reason, while it has been working for such a long time in 4.4. The box is greyed out, and I'm unable to put it on. I allready deinstalled and reinstalled, but it won't work. All machines on the LAN work properly and are properly configured, but they can't get out of the LAN. The server is however working fine, and can get out of the LAN.

Now all machines are runiing XP pro or home, and the server machine has Windows 2000 Pro running on it. The server has an 10 Mb network card with an 'always-on' cable connection, and an 100 Mb network card for the internal LAN. The internet has a fixed IP, and the LAN card has no gateway filled in.

I've searched the forums, and several mauals, but nowhere something is mentioned on when you're not able to enable NAT. So please, somebody help me out here, it's pretty urgent.

oh, and yes, after deinstalling Wingate VPN completely, ICS is working fine. Only when reinstalled (even when shut down), it won't. Where is it going wrong for me?


CONFIG FILE

1.01 WINGATE CONFIGURATION REPORT
1.02 Friday, February 10, 2006, 18:23
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.1.1 (Build 1077)
1.08 Operating System: Windows 2000 (NT 5.0)
1.09 Language:
1.10 User database: NT
1.11 Num. users: 5
1.12
1.13
3.01 ---------------------------------------------
3.02 Licence details
3.03 ---------------------------------------------
3.04 License Key 1
3.05 Version: WinGate VPN 6
3.06 Expiry: 13/Mar/2006
3.07
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 telenet (Ethernet) external
5.05 lan (Ethernet) internal
5.06 MS TCP Loopback interface (Loopback)
5.07
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 Default Start/Stop Rights:
6.10 Administrators - Unrestricted rights
6.11 Default Edit Rights:
6.12 Administrators - Unrestricted rights
6.13
6.14 DHCP Service (DHCP Service)
6.15 ---------------------------------------------
6.16 Session Timeout: 180
6.17 Port: 67
6.18 Startup: Automatic start/stop
6.19 Access Rights: Defaults: are ignored
6.20 Everyone - Unrestricted rights
6.21 Start/Stop Rights: Defaults: may be used instead
6.22 Edit Rights: Defaults: may be used instead
6.23
6.24 DNS Service (DNS Service)
6.25 ---------------------------------------------
6.26 Session Timeout: 180
6.27 Port: 53
6.28 Startup: Automatic start/stop
6.29 Access Rights: Defaults: may be used instead
6.30 Start/Stop Rights: Defaults: may be used instead
6.31 Edit Rights: Defaults: may be used instead
6.32
6.33 Remote Control Service (Remote Control Service)
6.34 ---------------------------------------------
6.35 Session Timeout: 180
6.36 Port: 808
6.37 Startup: Automatic start/stop
6.38 Access Rights: Defaults: may be used instead
6.39 Administrators - Restricted by security level
6.40 Start/Stop Rights: Defaults: may be used instead
6.41 Edit Rights: Defaults: may be used instead
6.42
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 81.82.240.1 81.82.240.18 1
7.08 81.82.240.0 255.255.255.0 81.82.240.18 81.82.240.18 1
7.09 81.82.240.18 255.255.255.255 127.0.0.1 127.0.0.1 1
7.10 81.255.255.255 255.255.255.255 81.82.240.18 81.82.240.18 1
7.11 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.12 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 1
7.13 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
7.14 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.15 224.0.0.0 224.0.0.0 81.82.240.18 81.82.240.18 1
7.16 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1
7.17 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.18
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: Qbik NDIS Hook 6.0 - Installed and active
8.05 Driver: Enabled
8.06 NAT: Disabled
8.07 Router: Disabled
8.08 Firewall level: Disabled
8.100
8.101 Port Security
8.102 ---------------------------------------------
8.103
8.104 Security for: External TCP
8.105
8.106 Security for: External UDP
8.107
8.108 Security for: Internal TCP
8.109 Action: Allow Port: 808 - Hole for Remote Control Service (Auto)
8.110
8.111 Security for: Internal UDP
8.112 Action: Allow Port: 0 - Hole for Dialer Monitor (Auto)
8.113 Action: Allow Port: 53 - Hole for DNS Service (Auto)
8.114 Action: Allow Port: 67 - Hole for DHCP Service (Auto)
8.115
8.116 Security for: NAT TCP
8.117
8.118 Security for: NAT UDP
8.119
8.120 Security for: DMZ TCP
8.121
8.122 Security for: DMZ UDP
8.123
8.124 Security for: (unknown)
8.125
8.126 Security for: (unknown)
8.500
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT

[DaNCeT]

Managed to narrow it down to the Wingate Firewall. As soon as I enable the firewall (low, medium, high or custom), none of the pc's in the LAN, accept for the server itself, can browse the internet.

Off course, I'd like to use the firewall, as all ports are sitting there wide open now. Any ideas on where why the firewall blocks all of the traffic?

[Roderick]

Hi,

Can you check that your network cards are labelled correctly. LAN card should be Internal and Internet card should be External.

Regards

[DaNCeT]

Yep, they're labelled correclty.

Just installed Wingate VPN in the other firm. Fresh install of Windows XP Home on the server. DHCP works fine, DNS works fine, both from server and participant.

But, once again, NAT can't be selected. And I can browse internet from the server, but not from participant.

VPN is correctly connecting though. Solution I had at the site I installed yesterday (disabling firewall in Wingate VPN), doesn't seem to work here.

Will keep on trying some stuff...

[DaNCeT]

Update:

Servers see and connect to eachother, and I can access a shared test map on both servers from both sides.

However all pc's behind the server can't.

I also can't ping to the internal server addresses. Site 1's subnet is 192.168.0.*, where server has fixed 192.168.0.1, and site 2's subnet is 192.168.10.*, where server is fixed 192.168.10.1.

I can however do a ping to the external address of both servers, but not to the internal one, nor any of the other internal addresses.

Also, still can't enable the Wingate firewall. As soon as I do, pc's on the network behind it can't connect to the internet anymore.

Also, same thing happens when I enable the support for multiple subnetworks in the Wingate settings. However, I need to forward some traffic to one of the pc's in the network, where a filemaker Pro database is running at.

Any input from Qbik please?

[Pascal]

RE the firewall question: What are you using to share the internet connection?
RE the lack of connectivity: How are you informing machines on the LAN that the VPN Gateway is the gateway for the remote network? There are three options here - static routes, RIP v 2 client on client PCs and using the VPN Gateway as their default gateway.

[DaNCeT]

RE the firewall question: What are you using to share the internet connection?

I was using regular ICS, with the gateway being the machine with Wingate VPN on it.

RE the lack of connectivity: How are you informing machines on the LAN that the VPN Gateway is the gateway for the remote network? There are three options here - static routes, RIP v 2 client on client PCs and using the VPN Gateway as their default gateway.

I was using the RIP v2 Client on ALL clients.

Nevertheless, couldn't get it to work properly, especially the fact that I couldn't enable the firewall did it. Our networks were wide open for 5-6 days, and allready intercepted some attempts to get in.

So I deinstalled Wingate VPN, reinstalled Wingate 4.4, and installed another software package for the VPN, which was even easier to install anyway.

Sad to notice the ease of use and install of Wingate went backwards instead of forward. Anyway, the clients's VPN is installed, and I even found a free solution for what he needed, so I'm satisfied and he is. Luckily we didn't buy our Wingate VPN licenses yet. Only regret to have wasted such a time trying to get it working.