WinGate Forums

[Gibbz]

ive got a vpn up and running, i can type in the name manually to access the computer, but theyre not showing up in my network place in windows xp, is there a way to get them to show, and also allow other network users on the lan to access them?

if i add the vpn server as a second gateway would that work?
or would this be WINS or DNS?(im not really farmiliar with either of these and havent set them up on the servers network)

Edit: Also when i right click > properties on a loged in user, it doesnt show the mac address, is it possible to get this information also?

[Pascal]

ive got a vpn up and running, i can type in the name manually to access the computer, but theyre not showing up in my network place in windows xp, is there a way to get them to show, and also allow other network users on the lan to access them?

For other users on the LAN to access them you would (a) have to have a license capable of that (You might do; just highlighting it), (b) have told the machines on the LAN that the VPN is available. This can be done in one of three ways:

* Make the VPN Server a default gateway so all network traffic goes out through it
* Setup static routes on each client machine to the remote network
* Install a RIP v2 compatible listener on the client machines and make sure that the VPN is publishing those routes

These are covered in more detail in our Guideline to setting up a functional VPN; you can find it in our whitepapers section.

If you can access the machines then the first step is there at least and your two networks are linked properly.

Are they perhaps in a different workgroup, that you need to go to a higher level to navigate to them?

[Gibbz]

um, well im trying to get games working over it but ive noticed they dont work correctly, usually you need to use direct connect, we are all on difrent subnets, but all in a the same workgroup....

the problem with most games seems to be they can see the lan game, but cannot connect....

[Gibbz]

also what version of rip2 is it as my modem supports 2 formats, and i wanna see if it wil toute the info to the modem them form the modem to the people using the router as a gateway

ok under DNS/WINS resolver the refrence to hosts and lmhosts, is this where the problem lays?

[Gibbz]

also found this on the dawn of war forums....

so is it possible to setup broadcasts over the vpn?

Thanks



___________________________________________

"When using a VPN, you'd use the LAN feature to play, not direct connect."

Not entierly, because per RFC standars, you don't broadcast through VPN. And when you set up a lan server the others see the server because they recieved a broadcast packet from the other hosts, but the broadcast packets don't go through the VPN network. At least no my VPN network it's actually possible to make the VPN server i'm using (poptop aka pptpd running on linux) relay broadcast packets but that reassigns the address they are being broadcasted from so when i recieve that packet and see the LAN server in the lan server list it's as if i'd be connecting to the VPN server be cause to me it looks like that packet came from the VPN server.
hope some of that made sense

edit: for those that don't know, broadcast packet is a packet that's has 10.10.10.0 destination (10.10.10. might ofcourse be diff, but the ending is 0) and thus it has no real destination and everyone on the same subnet recieves it)

[Gibbz]

yeah lots to read cos im confused

ok an overview of me and once client


VPN server
ip 192.168.1.11
gateway(to dsl router) 192.168.1.2
DNS: 192.168.1.2(router address)
subnetmask: 255.255.255.0
port forwarded 809 both tcp and udp(do i need to forward more ports?)


VPN CLient
ip 192.168.0.54
gateway(to dsl router) 192.168.0.1
DNS: 192.168.0.1(router address)
subnetmask: 255.255.255.0

thats about it, the rest of wingate settings are default pretty much...

[Pascal]

also found this on the dawn of war forums....
so is it possible to setup broadcasts over the vpn?

Go to Extended Networking; find the "Routing" page. Tick "Relay UDP broadcast packets" and then go into Advanced to setup the port numbers you want to allow broadcasts on.

[Pascal]

port forwarded 809 both tcp and udp(do i need to forward more ports?)

No, but make sure that you are forwarding this on the router; not on the VPN Server.

Now, what is the current status? Are you able to ping the other machines on the LAN, etc. ?

[Gibbz]

ok ive also forwarded the udp broadcast ports and will test that later, but on the network places side of things they are still no showing in the list, but i can ping them, and access one of them via \\computername\ . This is kinda strange.

The other im testing with i can ping with ip and also computer name, but i cant access that pc in the windows explorer.

Neither are showing in network places.....

[Gibbz]

ok good news, kinda!
after about 10-20mins the user i could browse has shown up in my network places, the user i can ping, but not browse has not.

[Pascal]

Which makes sense - the VPN's accessible state is determined by it's ability to actually communicate using std. MS protocols.

The next thing to do would be to test each client PC with pings of larger and larger sizes (As specified in the document) Such networking problems are usually caused by an MTU problem.

[Gibbz]

ok ive noticed the clients that are behind a firewall(show up with NAT TRANSLATED) cannot be accessed on the network, do they need to forward the same ports?

Ok this time that user is not showing up in network places, any ideas why? or is it just a random thing?

[Pascal]

Potentially, yes. Remember, as long as you can ping something it'll be fine.

For a computer to show up in network places whichever discovery protocols/notification schemes are used by the OS must be happening across the VPN. See the VPN as a 'network cable'. All it is doing is connecting the two networks together. (Bit more complicated than that, but that's what it comes down to)

Which means that if you can ping any machine on either end of the network; you're good - the network cable is there. Now it turns to network related problems, such as MTU, discovery of machines, personal firewalls, etc.

[Gibbz]

ok so forwarding port 809 tcp/udp and also udp 137-138 should fix it all ?

also if im playing a game do i need to forward the ports for that game? or will they be routed through the vpn somehow?

[adrien]

There are 2 scenarios for forwarding.

If the VPN connections are going through a firewall (remote translated), then you may need to forward the VPN ports on that firewall through to the local VPN server. This is normally port 809 TCP and UDP.

However the issue of relaying UDP broadcasts over the VPN is handled in the VPN software in terms of forwarding broadcasts.

So, to get the VPN working, the control channel and tunnel must work, which means these need to be able to get through any firewalls.

Once you have a tunnel working however, you should be able to use any IP protocol over the VPN. So you should be able to ping machines etc. If you can't ping 'em, it probably means there is a route problem, which RIP should fix. The version of RIP that we use is RIP 2 (so not 1, and not intermediate).

Once you can ping all the machines, then you know the VPN is working, and routing is working. Then you get onto things like network neighbourhood browsing.

Normally to browse a network, your network neighbourhood browser client uses a broadcast on port 137 and 138 UDP to find and connect to a master browser. This is why you need to relay UDP broadcasts on port 137 and 138.

If your games also use UDP broadcasts, you would need to turn on UDP relaying for the ports that the game broadcasts UDP on as well.

Remember, you may need to relay these ports on both ends of the VPN.

Adrien

[Gibbz]

ok im testing this with somone without any firewall to test.
This is the user that poped up on the network places for a bit but after restarting has not done it since!

Also the game packets are not getting routed across or something, as they cannot see the server in the lan list, but a direct connect works. The problem with using direct conect is it only allows one player, so i need it to work as tho its a lan game(so it needs to show in the lan browser)

[adrien]

Hmmm

I wonder if this game uses multicast? It's possible that if so, it won't be routed across the VPN.

Can you check with the game documentation to see if it uses multicasting?

Adrien

[Gibbz]

whats multicast? its broadcast packets for the server on udp port 6112 for the network games, so theres no way to route this information via the vpn?

[Gibbz]

intresting, we got it working using this program it routes udp packed across the vpn would it be possible to see this in a future version of wingate?





http://www.socks.permeo.com/AboutSOCKS/ ... erview.asp

using the following guide

___________________________________________________



Run SocksCap and navigate to find W40k.exe in your DoW main folder and click-drag it into the SocksCap window. Go to file->settings, type in 127.0.0.1 (or localhost, doesn't matter) and leave the port as it is. Below there should be a radial button for SOCKS Version 5, click that to enable it. At the top there is a tab called Direct Connections, click on that and at the bottom you'll see SOCKS Version 5 Direct UDP ports. This tells SocksCap to allow UDP packets going out through certain points to bypass the program.

The most important port you have to put in there is 6112, because that is the port that DoW itself sends data on. 6500, 27900, 27901, and 29910 are Gamespy-specific UDP ports that you can include in there as well, but they're not as important. The idea behind setting the UDP ports as a sort of exceptions list is due to the fact that most universities don't block those ports so why route the packets and increase the latency when you can just send them straight?

[Pascal]

Did you setup a UDP broadcast relay on port 6112? All games we tested that required a UDP broadcast to make the server known to other participants needed that. (We originally ran into that problem with Warcraft III)

[Gibbz]

yeah under extended networking, routing, then advanced i added a Dawn of war 6112UDP there, but it doesnt seem to work, do all ends need that or just the broadcaster(server) ?


Edit, also want to know if we dont know the port number the game broadcasts on is there some program that will inform us?

Edit 2: do i need to setup winstock redirector somehow?

[Gibbz]

ok it works with dawn of war :)

but unreal tournament 200 doesnt work, apparently it uses alot of ports(i tryed the 2 defaults), is there a way to add a port range in that section instead of individual numbers?

[Pascal]

Edit, also want to know if we dont know the port number the game broadcasts on is there some program that will inform us?

The game's manual will usually tell you.

Edit 2: do i need to setup winstock redirector somehow?

No.

[Pascal]

ok it works with dawn of war :)

Cool, is it any good? I've been contemplating buying it but don't want to pick up another RTS if that's all it is.

but unreal tournament 200 doesnt work, apparently it uses alot of ports(i tryed the 2 defaults), is there a way to add a port range in that section instead of individual numbers?

Does it use the ports to announce the servers? That is the one you normally want to add to the broadcast relays; so it will go across the different subnets and there is usually only one (port) per game server. You generally do not need to include ports it uses to communicate regular game traffic.

[Gibbz]

yeah DoW is pretty cool, tho id say if you play it to much you would get sick of it.

I added the ut2k4 broadcast packets but i think it uses a random one or something, it doesnt really matter with ut tho, as it supports direct connection by ip, i was mroe concerned about games that dont so im happy now :D