My problem is with data tunnels. The control connection completes successfully, one of the data UDP tunnels also goes well, but the second fails. This is what my VPN log looks like:
01/26/04 01:49:37 VPN Connection: Negotiated a protocol version 1.4 connection with 'Main'
01/26/04 01:49:37 VPN Connection: A VPN connection has been established to 'Local network of MANAGER'
01/26/04 01:49:37 VPN Tunnels: Tunnel to 'Local network of MANAGER' requested on 212.122.161.167:810
01/26/04 01:49:37 VPN Tunnels: Error ffe0b427 creating tunnel to node Local network of MANAGER (212.122.161.167:810) with ID 5
My setup is as follows
The client VPN node is Windows XP SP1 machine. It has private ip range and connects to Internet through NAT (Sygate Office network) the gateway (Windows XP SP1) has 2 LAN cards, one for the private network, the other for ISP LAN. The Internet connection on gateway is PPPoe through the LAN of the ISP. Let us call it "HOME"
The server is also in private network PC running Windows 2000 Pro SP4
The network is behind NAT (some old version of Solaris) The NAT is the type where the private machines inside are seen with public IPs outside not with the gateway IP. Let us call it "WORK"
Both client and server are set to use TCP 809 for control connection and UDP 810 for data. These ports are forwarded in both firewalls and available (I tested it with UDP and TCP test tools from here
http://www.simplecomtools.com/downloads.html) The TCP and UDP packets come and go from and to both networks. So it is very strange that UDP connection from "HOME" to "WORK" fails
I also tried running the VPN client from the gateway PC at HOME. Same result. Another thing I tried is switching the places of VPN server and client: vpn client connects from WORK network and vpn server is on private PC in HOME network. No luck either. UDP tunnel from HOME to WORK fails again.
I searched in the forum and it seems to me that the problem may be related to MTU size. Maybe the maximum size UDP packets are cut in the PPPoe?
Below are report files from both VPN client and server
Server
---------
1.01 WinGate VPN CONFIGURATION REPORT
1.02 Monday, January 26, 2004, 00:26
1.03
1.04 ---------------------------------------------
1.05 WinGate VPN Engine
1.06 ---------------------------------------------
1.07 WinGate VPN 1.2.2 (Build 892)
1.08 Operating System: Windows 2000 (NT 5.0)
1.09 Language: ENU
1.10
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 172.16.134.52 (LAN) [Internal] [Secure]
5.05 127.0.0.1 (LOOPBACK) [Internal] [Secure]
5.06
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 Default Start/Stop Rights:
6.10 Administrators - Unrestricted rights
6.11 Default Edit Rights:
6.12 Administrators - Unrestricted rights
6.13
6.14 DHCP Service (DHCP Service)
6.15 ---------------------------------------------
6.16 Session Timeout: 60
6.17 Port: 67
6.18 Startup: Disabled
6.19 Binding 1: 172.16.134.52
6.20 Access Rights: Defaults: are ignored
6.21 Everyone - Unrestricted rights
6.22 Start/Stop Rights: Defaults: may be used instead
6.23 Edit Rights: Defaults: may be used instead
6.24
6.25 DNS Service (DNS Service)
6.26 ---------------------------------------------
6.27 Session Timeout: 60
6.28 Port: 53
6.29 Startup: Automatic start/stop
6.30 Binding 1: 172.16.134.52
6.31 Access Rights: Defaults: may be used instead
6.32 Start/Stop Rights: Defaults: may be used instead
6.33 Edit Rights: Defaults: may be used instead
6.34
6.35 Remote Control Service (Remote Control Service)
6.36 ---------------------------------------------
6.37 Session Timeout: 60
6.38 Port: 808
6.39 Startup: Automatic start/stop
6.40 Binding: 127.0.0.1
6.41 Access Rights: Defaults: may be used instead
6.42 Start/Stop Rights: Defaults: may be used instead
6.43 Edit Rights: Defaults: may be used instead
6.44
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 172.16.134.35 172.16.134.52 1
7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.09 172.16.132.0 255.255.252.0 172.16.134.52 172.16.134.52 1
7.10 172.16.134.52 255.255.255.255 127.0.0.1 127.0.0.1 1
7.11 172.16.255.255 255.255.255.255 172.16.134.52 172.16.134.52 1
7.12 224.0.0.0 224.0.0.0 172.16.134.52 172.16.134.52 1
7.13 255.255.255.255 255.255.255.255 172.16.134.52 172.16.134.52 1
7.14
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: 5.10 Syz - Installed and active
8.05 Driver: Enabled
8.06 NAT: Disabled
8.07 Router: Disabled
8.08 Firewall level: Disabled
8.100
8.101 Port Security
8.102 ---------------------------------------------
8.103
8.104 Security for: External TCP
8.105 Action: Allow Port: 113 - AUTH
8.106 Action: Allow Port: 809 - Hole for VPN (Control)
8.107 Action: Allow Port: 1024 - 4096 - External
8.108
8.109 Security for: External UDP
8.110 Action: Allow Port: 810 - Hole for VPN (Data)
8.111 Action: Allow Port: 1024 - 4096 - External
8.112
8.113 Security for: Internal TCP
8.114
8.115 Security for: Internal UDP
8.116
8.117 Security for: NAT TCP
8.118
8.119 Security for: NAT UDP
8.500
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT
Client
--------
1.01 WinGate VPN CONFIGURATION REPORT
1.02 Monday, January 26, 2004, 01:59
1.03
1.04 ---------------------------------------------
1.05 WinGate VPN Engine
1.06 ---------------------------------------------
1.07 WinGate VPN 1.2.2 (Build 892)
1.08 Operating System: Windows 2000 (NT 5.1)
1.09 Language:
1.10
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 192.168.10.2 (LAN) [Internal] [Secure]
5.05 127.0.0.1 (LOOPBACK) [Internal] [Secure]
5.06
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 Default Start/Stop Rights:
6.10 Administrators - Unrestricted rights
6.11 Default Edit Rights:
6.12 Administrators - Unrestricted rights
6.13
6.14 DHCP Service (DHCP Service)
6.15 ---------------------------------------------
6.16 Session Timeout: 60
6.17 Port: 67
6.18 Startup: Disabled
6.19 Binding 1: 192.168.10.2
6.20 Access Rights: Defaults: are ignored
6.21 Everyone - Unrestricted rights
6.22 Start/Stop Rights: Defaults: may be used instead
6.23 Edit Rights: Defaults: may be used instead
6.24
6.25 DNS Service (DNS Service)
6.26 ---------------------------------------------
6.27 Session Timeout: 60
6.28 Port: 53
6.29 Startup: Automatic start/stop
6.30 Binding 1: 192.168.10.2
6.31 Access Rights: Defaults: may be used instead
6.32 Start/Stop Rights: Defaults: may be used instead
6.33 Edit Rights: Defaults: may be used instead
6.34
6.35 Remote Control Service (Remote Control Service)
6.36 ---------------------------------------------
6.37 Session Timeout: 60
6.38 Port: 808
6.39 Startup: Automatic start/stop
6.40 Binding: 127.0.0.1
6.41 Access Rights: Defaults: may be used instead
6.42 Start/Stop Rights: Defaults: may be used instead
6.43 Edit Rights: Defaults: may be used instead
6.44
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.2 30
7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.09 192.168.10.0 255.255.255.0 192.168.10.2 192.168.10.2 30
7.10 192.168.10.2 255.255.255.255 127.0.0.1 127.0.0.1 30
7.11 192.168.10.255 255.255.255.255 192.168.10.2 192.168.10.2 30
7.12 224.0.0.0 240.0.0.0 192.168.10.2 192.168.10.2 30
7.13 255.255.255.255 255.255.255.255 192.168.10.2 192.168.10.2 1
7.14
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: 5.10 Syz - Installed and active
8.05 Driver: Enabled
8.06 NAT: Disabled
8.07 Router: Enabled
8.08 Firewall level: Disabled
8.09
8.10 Routing
8.11 ---------------------------------------------
8.12 Multiple default routes: Enabled
8.13 Relay UDP broadcast packets: Enabled
8.100
8.101 Port Security
8.102 ---------------------------------------------
8.103
8.104 Security for: External TCP
8.105 Action: Allow Port: 113 - AUTH
8.106 Action: Allow Port: 809 - Hole for VPN (Control)
8.107 Action: Allow Port: 1024 - 4096 - External
8.108
8.109 Security for: External UDP
8.110 Action: Allow Port: 810 - Hole for VPN (Data)
8.111 Action: Allow Port: 1024 - 4096 - External
8.112
8.113 Security for: Internal TCP
8.114
8.115 Security for: Internal UDP
8.116
8.117 Security for: NAT TCP
8.118
8.119 Security for: NAT UDP
8.500
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT