hi All
this seem's a bug .
after Upgrading wingate from 5.0.0.7 to 5.2.3 My cafenet Clients cannot Connect to My RRAS server(Remote access and VPN) and it work when i Stop Wingate Engine. Disabling ENS not helped then its not because of ENS.
\Error
789 the L2TP connection attempt faild because a secuirty layer encounterred a proccessing error During initial negotiating with the remote computer .
Upgrading to wingate v 5.2.3 Prevented RRAS Function
Moderator: Qbik Staff
8 posts
• Page 1 of 1
Upgrading to wingate v 5.2.3 Prevented RRAS Function
by meteor » Aug 17 04 5:17 pm
- meteor
- Posts: 6
- Joined: May 02 04 9:28 pm
- Location: Iran
by meteor » Aug 18 04 1:48 am
hello ..
Yes Installation is Complete. ENS is Installed. now i work by wingate 5.0.0.7 but any upgrade to wingate 5.2.2 or 5.2.3 or 5.1.xx prevent Clients to connect to RRas.
if You need more information Tell me to write them Here ...
Tanx for Assist Adrien
Yes Installation is Complete. ENS is Installed. now i work by wingate 5.0.0.7 but any upgrade to wingate 5.2.2 or 5.2.3 or 5.1.xx prevent Clients to connect to RRas.
if You need more information Tell me to write them Here ...
Tanx for Assist Adrien
- meteor
- Posts: 6
- Joined: May 02 04 9:28 pm
- Location: Iran
by Lt_Flash » Aug 19 04 12:30 am
I've had similiar problem.
1. I've had Microsoft RAS (VPN) on my server
2. I've had Microsoft Routing and Remote Access on server
3. I've set up WinGate 5.2.3
4. Clients were able to connect, but unable ping any computer in my network
5. They could work normally when I disable WinGate
6. Solution was to stop both Routing and Remote Access and WinGate. Then, you start RAS, and then WinGate, with "Router" enabled in WinGate ENS driver. It pick up routes already established on Routing and Remote Access and translates packets to Routing and Remote Access server. Everything worked fine. For excpet that:
1. I often got BSOD on my server when RAS VPN user under XP disconnects.
2. Demand-dial routes in Routing and Remote Access failed to initiate dialing - seems like WinGate didn't allow IP packets to go throw.
At last I found solution
1. On router with VPN dialin enabled I closed all ports except for 3389 (RDP for control if something goes wrong) and 1723 for PPTP VPN. Router has 2 interfaces - external for Internet, and internal for LAN. Internal IP is 10.0.0.210
2. I put WinGate on another server with one external interface and one internal. WinGate works as proxy-server and NAT. Internal IP is 10.0.0.211
3. Because I need my router to connect to other offices, I've set up on WinGate server (10.0.0.211) static route like this - route add 192.168.0.0 mask 255.255.0.0 10.0.0.210 -p
4. In DHCP I've set up 10.0.0.211 as a default gateway for WinGate to catch all IP requests
Now everything works fine.
PS. After that, I've made some upgrades to my network...Now, not all routes to other offices handled by router (10.0.0.210)...I have 9 offices to connect to, all has 192.168.0.0 (255.255.0.0) IP addresses. 5 of these offices are connected via WinGate VPN, 4 others - via Microsoft Routing and Remote Access...All you need to do is:
1. Delete persistent route we created in step 3 on WinGate server
2. Now we have to make class C routes, not class B as we did in example above...This happends because my offices has IP addresses like 192.168.0.xxx, 192.168.1.xxx and so on. When all routes to these networks were on router (10.0.0.210), all we need to do is to make one route for class B IP space (192.168.0.0/255.255.0.0). Now, when 5 of these routes are handled by WinGate, we need to make 4 persistent routes for class C IP space (192.168.0.0/255.255.255.0, 192.168.1.0/255.255.255.0 and so on). So, we create them by command issued on WinGate server computer:
route add 192.168.0.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.1.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.3.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.4.0 mask 255.255.255.0 10.0.0.210 -p
3. Now we configure WinGate to handle VPN traffic.
So, we have this at the end:
1. On router 10.0.0.210 we have dial-in VPN server and demand-dial router to other four VPN networks.
2. On proxy-server 10.0.0.211 we have WinGate installed for head office to browse internet and to process mail and so on.
3. On proxy-server 10.0.0.211 we have WinGate VPN, which connects us to five other VPN networks
4. On proxy-server 10.0.0.211 we have persistent routes for networks of four offices, which are not covered by WinGate VPN
So, this is my configuration...It requires 2 computers with 2 external IP addresses...But I know another configuration, which still requires 2 computers, but with only on external IP address...If you are interested, I could help you.
1. I've had Microsoft RAS (VPN) on my server
2. I've had Microsoft Routing and Remote Access on server
3. I've set up WinGate 5.2.3
4. Clients were able to connect, but unable ping any computer in my network
5. They could work normally when I disable WinGate
6. Solution was to stop both Routing and Remote Access and WinGate. Then, you start RAS, and then WinGate, with "Router" enabled in WinGate ENS driver. It pick up routes already established on Routing and Remote Access and translates packets to Routing and Remote Access server. Everything worked fine. For excpet that:
1. I often got BSOD on my server when RAS VPN user under XP disconnects.
2. Demand-dial routes in Routing and Remote Access failed to initiate dialing - seems like WinGate didn't allow IP packets to go throw.
At last I found solution
1. On router with VPN dialin enabled I closed all ports except for 3389 (RDP for control if something goes wrong) and 1723 for PPTP VPN. Router has 2 interfaces - external for Internet, and internal for LAN. Internal IP is 10.0.0.210
2. I put WinGate on another server with one external interface and one internal. WinGate works as proxy-server and NAT. Internal IP is 10.0.0.211
3. Because I need my router to connect to other offices, I've set up on WinGate server (10.0.0.211) static route like this - route add 192.168.0.0 mask 255.255.0.0 10.0.0.210 -p
4. In DHCP I've set up 10.0.0.211 as a default gateway for WinGate to catch all IP requests
Now everything works fine.
PS. After that, I've made some upgrades to my network...Now, not all routes to other offices handled by router (10.0.0.210)...I have 9 offices to connect to, all has 192.168.0.0 (255.255.0.0) IP addresses. 5 of these offices are connected via WinGate VPN, 4 others - via Microsoft Routing and Remote Access...All you need to do is:
1. Delete persistent route we created in step 3 on WinGate server
2. Now we have to make class C routes, not class B as we did in example above...This happends because my offices has IP addresses like 192.168.0.xxx, 192.168.1.xxx and so on. When all routes to these networks were on router (10.0.0.210), all we need to do is to make one route for class B IP space (192.168.0.0/255.255.0.0). Now, when 5 of these routes are handled by WinGate, we need to make 4 persistent routes for class C IP space (192.168.0.0/255.255.255.0, 192.168.1.0/255.255.255.0 and so on). So, we create them by command issued on WinGate server computer:
route add 192.168.0.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.1.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.3.0 mask 255.255.255.0 10.0.0.210 -p
route add 192.168.4.0 mask 255.255.255.0 10.0.0.210 -p
3. Now we configure WinGate to handle VPN traffic.
So, we have this at the end:
1. On router 10.0.0.210 we have dial-in VPN server and demand-dial router to other four VPN networks.
2. On proxy-server 10.0.0.211 we have WinGate installed for head office to browse internet and to process mail and so on.
3. On proxy-server 10.0.0.211 we have WinGate VPN, which connects us to five other VPN networks
4. On proxy-server 10.0.0.211 we have persistent routes for networks of four offices, which are not covered by WinGate VPN
So, this is my configuration...It requires 2 computers with 2 external IP addresses...But I know another configuration, which still requires 2 computers, but with only on external IP address...If you are interested, I could help you.
- Lt_Flash
- Posts: 21
- Joined: Jul 13 04 8:30 pm
This is My Server Configuration
by meteor » Aug 19 04 1:38 am
. because i want to have a cafe net that work with Accounting Systems i Make it Like This :
this is a server with two NIC . one of them Connected to internet and another to a Switch that Clients Connected to It .
Wingate DHCP server Configured for clients to Assign them IP address Only (no DNS and NO Gateway only Scope 10.0.0.1-10.0.0.100)
ok then this Clients cant Connect Directly to internet . now i Configur RRAS for VPN as Follow:
5 Port of PPTP and 5 Port of L2TP are in RAS mode
RRAS Configured for Remote access without Route
IP Spool is range From 172.16.0.1 to 172.16.0.250
and RRAS give them Gateway and DNS from Internet Connection
RRAS Configured for Authenticate and Accounting by NTTacPLus
(because of NTTacPlus uses PAP authenticaion (Clear password in text)and it is a god accounting system)
now users cant Connect to internet until Connect To VPN
now i can Sell to them Cards for Internet in Cafe net.
this system work Fine ad every thing is ok . But Upgrading Wingate cause a Problem that Explained Before .
this is a server with two NIC . one of them Connected to internet and another to a Switch that Clients Connected to It .
Wingate DHCP server Configured for clients to Assign them IP address Only (no DNS and NO Gateway only Scope 10.0.0.1-10.0.0.100)
ok then this Clients cant Connect Directly to internet . now i Configur RRAS for VPN as Follow:
5 Port of PPTP and 5 Port of L2TP are in RAS mode
RRAS Configured for Remote access without Route
IP Spool is range From 172.16.0.1 to 172.16.0.250
and RRAS give them Gateway and DNS from Internet Connection
RRAS Configured for Authenticate and Accounting by NTTacPLus
(because of NTTacPlus uses PAP authenticaion (Clear password in text)and it is a god accounting system)
now users cant Connect to internet until Connect To VPN
now i can Sell to them Cards for Internet in Cafe net.
this system work Fine ad every thing is ok . But Upgrading Wingate cause a Problem that Explained Before .
- meteor
- Posts: 6
- Joined: May 02 04 9:28 pm
- Location: Iran
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 7 guests