Is Wingate VPN what I want?

Forum for all technical support and trouble shooting of the WinGate VPN.

Moderator: Qbik Staff

Is Wingate VPN what I want?

Postby pspahn » Jan 18 07 5:41 pm

So here is what I am trying to do...

At the office, I have a broadband connection plugged in to a WRT54G (DD-WRT v23 sp2).

I have a 16 port switch plugged in to the router.

I have multiple Windows clients plugged in to the switch.

I have multiple Windows clients (and future Linux clients) connected via wireless.

I have an HP-UX server plugged in to the switch.

I have multiple HP terminals connected to the HP-UX server via RS-232.

I have Reflections for HP installed (HP-UX terminal emulation, www.wrq.com ) so I can access the database from Windows clients.

So, if it's not obvious by now, I would like VPN access to my HP-UX server. A VPN client will use Reflections for HP to connect (or telnet for config).

Can WinGate VPN alone do this? Or will WinGate be better so that I can run a proxy server?

There is very little chance of needing anything additional aside from what I have mentioned. I will not be running a web server, ftp server, etc. I just need remote access to my HP-UX server via HP70092/70096 emulation.

Does WinGate VPN fit the bill?

EDIT

I forgot to mention, I briefly tried OpenVPN this evening, setting up a config and going home and testing it. I'm not routing things correctly and reading through documentation has left me slightly intimidated. This is a concern because if it intimidates me, then I can't rely on anyone else at the site to help with config/testing/diag/etc because they will be totally dumbfounded.

Thanks.
pspahn
 
Posts: 2
Joined: Jan 18 07 5:11 pm

Postby jamesc » Jan 18 07 8:12 pm

That is possible and I presume your network is TCP/IP based (which most are of course). The best thing to do is use a trial license to confirm it is aligned to your needs.


I can interpret a couple of potential scenario's here.

1. You only need to connect to the HP Server, and the rest of the network is irrelevant to the connectivity you need via the VPN.

2. You need to connect to the HP Server, and the option to be able to access different resources on your network via the VPN.


Option 1 would require 1 Single VPN License installed on the VPN Host (Server) and 1 Single VPN License installed on the remote VPN Joiner (Client).

Option 2 would require a VPN Gateway license, lets say for 3 different computers on your network, and 1 VPN license installed on the remote VPN Joiner (Client). The VPN Gateway license for a 3 computer LAN means that the VPN Joiner (Client) can access three computers at any one time, it does not matter which three computers on the network they are. Another consideration for option 2 is where you install the WinGate VPN Only installation, it could be on the HP Server (which I presume is Windows based) or on another computer on the LAN.


I believe WinGate VPN is very easy to setup, and does not create virtual adapters on the VPN Server, it is a routing based solution. Generally it is a matter of setting up the VPN Host at work by giving it a name, creating a certificate, specifying whether the participation is for just that computer or the local network, and then selecting the users who can connect, then exporting the configuration to take home in a very small file, installing WinGate VPN there (at home), and then double clicking the file exported to automatically configure the VPN client; you will need to enter the username and password though. Sometime the NetBIOS part of the configuration can be a bit of extra work, so its a good idea to use ip addresses if you do not initially get connectivity; i.e.

Pinging:
(Windows) Start menu --> Run --> Cmd --> ping computeranme
(Windows) Start menu --> Run --> Cmd --> ping 192.168.0.1

Accessing file shares:
(Windows) Start menu --> Run --> \\computername
(Windows) Start menu --> Run --> \\192.168.0.1



I have added some definitions and tips below to help get you started. Please remember that the Windows Firewall or other security suites could cause problems whether at the VPN Host (Server) location or the VPN Joiner (Client) location, in the case of the Windows Firewall it is best disabled in the Windows Services so that it also stop Microsofts implementation of ICS.


Definitions

VPN Host:
The side of the VPN that acts as the server; runs the WinGate/VPN Only Software

VPN Joiner:
The side of the VPN that acts as the client; runs the WinGate/VPN Only Software

VPN Participants:
LAN Clients behind the WinGate VPN Host or Joiner that do not run WinGate/VPNOnly Software. To participate in the VPN they will either:

1. Have their default gateways pointing to the WinGate VPN Joiner/Host on their respective side.
2. OR they will run the QBIK Rip2 Utility Service to automatically discover the routes. http://downloads.qbik.com/qbiknz2/downl ... client.zip
3. OR they will turn on RIP2 on the router, so the router knows to redirect VPN traffic back to the local WinGateVPN installation (Usually on a scenario that WinGate is not their default gateway and do not want to run Qbik RIP2 Utility).
4. Create static routes.



Key points:

1. TCP / UDP 809 needs to be mapped from the router to WinGate VPN "Host"; for exact instructions there is a guide available from here: http://www.portforward.com/english/appl ... g/WinGateV
PN/WinGateVPNindex.htm

2. You should turn off the Windows firewall and any other for the sake of testing if you deem it safe. The Windows firewall is best turned off in the services.

3. WinGate VPN is a routing based VPN. Each Joiner will need to be on a
different subnet to the HOST, as well as the other Joiners.

E.g.
Host 192.168.0.1 / 255.255.255.0
Joiner 1 192.168.1.1 / 255.255.255.0
Joiner 2 192.168.2.1 / 255.255.255.0
Joiner 3 on Dialup only /

4. Check how your network adapters were detected. The network card/modem
pointing towards the internet should be marked as External, and the network card pointing towards the LAN should be marked as Internal. If you only have one network card and it has a default gateway to a hardware router with a firewall, then you can set it as Internal in most cases. Please ask if you need more assistance with this.
GateKeeper --> View menu --> Networks --> (Bottom center will show your
network cards)

5. When you install WinGate VPN only, you might want to stop the DHCP server that is in it, and possibly disable its firewall via the "Extended Networking Service" option.

http://downloads.qbik.com/qbiknz2/downl ... 21-USE.EXE


With regards to the full version of WinGate, it is an Internet Gateway Management tool, and comes with the ability to NAT, Proxy and a Proprietary connection method. It also has VPN capabilities with the correct license type (enterprise license, but does not mean remote VPN Joiner location is licensed) or by adding a VPN license in. It also has some plugins to filter content for internet usage, virus scan via the proxies, and soon a spam plugin. WinGate licenses (not the plugins) will last the life of the product, i.e. when we release new versions, you can always upgrade and expect the features that you originally bought.
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand

Postby pspahn » Jan 20 07 6:37 am

I have installed Wingate VPN and have configured things as well as I know.

However, I am stuck with the same situation as I had with OpenVPN, I can see/ping/browse the host computer, but I can't ping any other machine on the host network.

Wingate VPN does show the other Windows PCs on the host network, however, and knows their IP addresses (right click >> properties), but I can't ping them or browse them.

That is irrelevant (sort of), as the goal is to be able to connect to my HP-UX server so I can run inventory control via HP-UX terminal emulation. This server is NOT a windows machine, it runs HP-UX 10.x (I think, would have to check and I'm not at the site at the moment).

I have the following setup:

Linksys WRT54Gv6 (dd-wrt v23 sp2 micro firmware)--Internet gateway-- 192.168.0.1 -- DHCP enabled

Linksys EF2H16 16 port switch -- ALL clients are attached to this switch, which is plugged in to port 2 on my router.

WinXP Pro machine -- Wingate VPN host node -- 192.168.0.75 static (again, this is plugged in to the EF2H16 switch)

HP-UX Server -- 192.168.0.30 static -- Plugged in to switch

Other devices irrelevant

I set up the Wingate VPN host as specified in the help file, including steps needed to use participant devices on host network, NetBIOS over TCP/IP enabled as well.

I did forget to forward port 23 in order to telnet into my HP-UX but that's no biggie, as I can't even ping that machine over VPN.

I feel like my routing table is the culprit, as I am basically at the same point of progress as I was with my OpenVPN setup the other night (though it's taken considerably less time to setup).

I'd love to get this working by this evening, so that I will know if I need to go another route or if Wingate will work.

I think I have other questions/comments, but a coworker has a million things installed on their system tray, both norton AND mcafee are yelling about "blocked access attempts from the internet" and his USB ports aren't working, oh and it's a Gateway.

:rollseyes:

Thanks.

--edit--

What is the best way to test my VPN connection locally? How can I trick my network into thinking I am not connected to the LAN/WLAN?
pspahn
 
Posts: 2
Joined: Jan 18 07 5:11 pm

Postby jamesc » Jan 24 07 1:32 pm

Use a different subnet, and then make a route to your normal subnet and vice versa

This may help for a quick test.

Normal subnet 192.168.0.x / 255.255.255.0 (test machine 192.168.0.100)
VPN Test subnet 10.0.0.x / 255.255.255.0 (test machine 10.0.0.100)

On Normal test computer
route add 10.0.0.0 MASK 255.255.255.0 192.168.0.100

On VPN test subnet
route add 192.168.0.0 MASK 255.255.255.0 10.0.0.100

*To have those routes available on reboot, then use the persistent switch at the end "-p"
jamesc
Qbik Staff
 
Posts: 928
Joined: Apr 04 05 2:04 pm
Location: Auckland, New Zealand


Return to WinGate VPN

Who is online

Users browsing this forum: No registered users and 30 guests

cron