WinGate Forums

by **jav** » Nov 11 04 1:45 pm

Hi, I'm a first time wingate user trying to get an evaluation version working on a small local network with a nt domain controller. Wingate is installed (clean install) and running on a Windows 2000 prof. workstation with an NIC for the internal network, and a dialup modem to access the internet.

Symptoms:
From a client pc I try to ping an external website by name or IP and request times out.

Client setup confirmations:
On the client machine (xp), the DNS and Gateway settings reference the Wingate IP, and I can ping the Wingate server.

WG Server setup confirmations:
All services are active and bound to at least the internal network NIC, and at most the local host as well. I've left the modem dialed up to simplify matters and can ping an external address from the WG server. History tab shows DNS activity from the client computer. No errors on the System Messages tab. System Policy has one entry for Everyone to have Unresticted rights. User database options are set to use the OS's and my domain controller's lists. I can post configuration file, but I didn't want to my first post to be a novel.

Any suggestions on what I might have missed? I have a bad feeling that my domain authentication has something to do with it because the requests are being received, they're just not being acted upon. Is there a better way to authenticate that is transparent to the clients?

Thanks

by **genie** » Nov 11 04 1:48 pm

Make sure that the adapter usage in Wingate is configured properly (externl/internal adpater roles).

by **Pascal** » Nov 11 04 1:51 pm

I think the answers to these questions will all be yes, but just to double check them.

Do you have ENS installed and enabled?

Do you have the adapters marked properly? - network tab, adapters at the bottom.

If you connect using the proxy can you surf out?

by **jav** » Nov 11 04 1:52 pm

The adapters seem to be correct. On the Network tab the Dialup is showing external usage and the NIC is showing internal usage.

by **genie** » Nov 11 04 1:54 pm

Is your internet connection a dialup? Might be a problem with dialing setup then.

by **jav** » Nov 11 04 2:05 pm

Extended Networking Service is installed and enabled.

If I explicitly define the proxy server and port in IE Options I can surf.

by **genie** » Nov 11 04 2:07 pm

Right. But when you try pinging something from the client machine, can you see the dialing operation to be initiated by Wingate?

by **jav** » Nov 11 04 2:21 pm

I'm sorry, I'm a little confused. Do you mean, can I see the Wingate server attempt to dial when I ping from a client?

If that's what you mean, to simplify things I've left the server dialed up, so I'm not expecting the dialer to kick in.

by **genie** » Nov 11 04 2:29 pm

Ermm.... First off, what is your connection to the Internet? Is it a simple dialup or ADSL?

by **jav** » Nov 11 04 3:08 pm

simple dialup

by **genie** » Nov 11 04 3:10 pm

Right. When you connect from the client machine, does Wingate try dialing your ISP? Also, if you dial your ISP manually (initiate it from the system dialer) and the ping some IP address from the client, will the ping work?

by **genie** » Nov 11 04 3:19 pm

Sorry, James, I didn't realize you mentioned the dialing in your first post. Now, when you ping from the client machine, can you see NAT sessions in Gatekeeper? Also, are there any firewall hits when you do the pinging?

by **jav** » Nov 11 04 3:20 pm

The server is currently connected to the Internet via a simple dialup modem which I manually invoked through Windows and have left connected. I haven't tried the autodialer yet as I wasn't having any success with a full time connection. I've also tried a client ping when the dialup connection was invoked from the Gatekeepers Network tab. Same symptoms.

Sorry, I thought I mentioned this in my initial post.

I am able to successfully ping the Internet from the server. But still not able to ping from the client.

by **Pascal** » Nov 11 04 3:51 pm

The setup as you described it in your first post sounds 100% correct. There are two bits of information that should be useful. (Potentially three)

First would be to run "ipconfig /all" from a command prompt. You can take out the public IP info if you wish. That serves two purposes, it gives us an idea of how your system is currently configured, but also tells us (Usually) the make and model of your networking hardware.

Second would be to run "route print" from the command prompt. That will give us an idea of what the ENS has to work with.

If those don't help, we might have to ask you for the config of your WinGate machine.

by **jav** » Nov 11 04 4:02 pm

I took a closer look at what was installed on this pc and I found an old ZoneAlarm install that was disabled. I uninstalled it, rebooted, and now I'm getting the NAT activity, and I can browse from the client without explicit proxy settings.

My ping request from the client now returns Destination net unreachable, but I'm assuming that's because of the network address translation service.

Thanks for the help.

by **Nev** » Nov 11 04 9:41 pm

jav wrote:I took a closer look at what was installed on this pc and I found an old ZoneAlarm install that was disabled. I uninstalled it, rebooted, and now I'm getting the NAT activity, and I can browse from the client without explicit proxy settings.

My ping request from the client now returns Destination net unreachable, but I'm assuming that's because of the network address translation service.

Thanks for the help.

G'day James,

If NAT is working 100% a Ping to a responsive domain will resolve the IP and show all replies, same as any pc connected to the internet.

Maybe something is not 100% there isn't a Realtek NIC in the server? If so look for the toggle feature on the Wingate menu > Advanced options.

Nev.

by **jav** » Nov 12 04 5:35 am

Here's some more info:
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : homer
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82557-based Integrated Ethernet PCI (10/100)
Physical Address. . . . . . . . . : 00-60-94-C3-BD-02
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.30
DNS Servers . . . . . . . . . . . : 192.168.1.30

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 60 94 c3 bd 02 ...... Intel 82557-based Integrated Ethernet PCI (10/100)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.30 192.168.1.30 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.30 192.168.1.30 1
192.168.1.30 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.30 192.168.1.30 1
224.0.0.0 224.0.0.0 192.168.1.30 192.168.1.30 1
255.255.255.255 255.255.255.255 192.168.1.30 192.168.1.30 1
Default Gateway: 192.168.1.30
===========================================================================
Persistent Routes:
None

[end]

Contrary to what I saw last night, I am still unable to ping from the client today. I can surf from the client, but only after IE confirms that I do not want to dialup (xp thinks i'm offline)

Outlook can see the mail servers, but cannot get a response from them. And I'm no longer getting NAT activity on the WG server.

I've rebooted the server, and will try again to see if I can get a consistant symptom.

Any ideas?

by **Nev** » Nov 12 04 4:02 pm

jav wrote: Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82557-based Integrated Ethernet PCI (10/100)
Physical Address. . . . . . . . . : 00-60-94-C3-BD-02
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.30
DNS Servers . . . . . . . . . . . : 192.168.1.30

Hi James, now the NIC above is the internal gateway for the client computers right?

What I suggest is to remove the DG and DNS entries:

IP Address. . . . . . . . . . . . : 192.168.1.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

Wingate will handle all of these for this interface.

Report back how it goes.

Nev.

by **jav** » Nov 13 04 3:27 pm

Ok, here's where I'm at today:

I've removed dns and gateway info from the WG server...

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : homer
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82557-based Integrated Ethernet PCI (10/100)
Physical Address. . . . . . . . . : 00-60-94-C3-BD-02

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.30

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . :

PPP adapter Telus:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : ***.***.**.186

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : ***.***.**.186

DNS Servers . . . . . . . . . . . : 198.80.55.1
198.161.156.1
NetBIOS over Tcpip. . . . . . . . : Disabled

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 60 94 c3 bd 02 ...... Intel 82557-based Integrated Ethernet PCI (10/100)
0x2000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 ***.***.**.186 ***.***.**.186 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
161.184.0.200 255.255.255.255 ***.***.**.186 ***.***.**.186 1
***.***.**.186 255.255.255.255 127.0.0.1 127.0.0.1 1
161.184.255.255 255.255.255.255 ***.***.**.186 ***.***.**.186 1
192.168.1.0 255.255.255.0 192.168.1.30 192.168.1.30 1
192.168.1.30 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.30 192.168.1.30 1
224.0.0.0 224.0.0.0 ***.***.**.186 ***.***.**.186 1
224.0.0.0 224.0.0.0 192.168.1.30 192.168.1.30 1
255.255.255.255 255.255.255.255 192.168.1.30 192.168.1.30 1
Default Gateway: ***.***.**.186
===========================================================================
Persistent Routes:
None

[end]

When I ping from a client, the request times out. I am able to surf from the same client without explicit proxy settings. The wingate history is showing both DNS and NAT events occuring. Outlook cannot commincate with my ISPs mail server.

Are there any other things I can check?

by **jav** » Nov 14 04 6:27 am

So, today everything is working at the application layer (email, surfing, telnet, ect) but ping results are still:

Pinging www.winzip.com [170.224.17.50] with 32 bytes of data:
Reply from 161.184.0.200: Destination net unreachable.
Reply from 161.184.0.200: Destination net unreachable.
Reply from 161.184.0.200: Destination net unreachable.
Reply from 161.184.0.200: Destination net unreachable.

Ping statistics for 170.224.17.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Do I care? Not really.
Could it be my ISP? Maybe.
Do I expect the same things to work tomorrow? No.

So for my application and environment, configuration and reliability are going to be two implimentation concerns. Is it worth over looking those issues for the 10 seats I would have to buy compared to just getting a hardware solution and some type of direct delivery ISP (my only option for my location is satelite $$). Probably.

Thanks for the help guys. I should mentioned though, I got alot farther with your product in less than a week than I did with 3 different varients of Linux in a month.

by **Pascal** » Nov 14 04 9:52 am

I don't get quite the same results. Setup wise, everything looks okay. Winzip doesn't respond to pings though -try another site.

One other thing - check what the settings are for ping on the WinGate Server (ENS -> I think it's on the "Firewall" tab, but I'm at home now, so can't verify that for you)

C:\Documents and Settings\Pascal>ping www.winzip.com

Pinging www.winzip.com [170.224.17.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 170.224.17.50:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Pascal>ping www.nzherald.co.nz

Pinging www.nzherald.co.nz [203.99.65.227] with 32 bytes of data:

Reply from 203.99.65.227: bytes=32 time=44ms TTL=248
Reply from 203.99.65.227: bytes=32 time=44ms TTL=248
Reply from 203.99.65.227: bytes=32 time=42ms TTL=248
Reply from 203.99.65.227: bytes=32 time=45ms TTL=248

Ping statistics for 203.99.65.227:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 45ms, Average = 43ms

C:\Documents and Settings\Pascal>

by **jav** » Nov 16 04 5:24 am

Your right, winzip is a bad example to show.

But, I get the same result when pinging the Herald.

I checked the ping settings in the firewall configuration, and everything but external pinging is turned on.

by **Pascal** » Nov 16 04 8:34 am

So DNS and NAT are working - but you're having difficulties with Outlook and ping, correct?

Would you happen to have the error message / code that Outlook gave you?

by **jav** » Dec 16 04 6:23 pm

Final Update:

Purchased 3 User standard license and i'm starting to explore some advanced configurations.

Basic Internet Sharing working great with Dial-Up. Maybe going to Wireless High Speed ISP and not even thinking about replacing Wingate PC with generic modem router.

Firewall seems to be complete right out of the box (my client's Zonealarm hasn't recorded a single hit since implemented, going to keep Zonealarm for program internet control though).

Haven't looked at email features yet.

One gotcha I didn't notice was how the standard version doesn't import my Domain users like the trial did. No biggie, worked around it, but no flexibilty with security (wide open).

Thanks for the help guys.

by **Pascal** » Dec 17 04 8:17 am

Email and VPN is where things get really exciting. One thing about your Domain Users:

http://www.wingate.com/wingate-licensing.php

That page gives you an overview of the differences between the licenses. If I read that correctly, you should still be able to run the domain on the same machine as the WinGate Server (Just not a different one).

by **jav** » Dec 17 04 1:22 pm

I think the problem I was having was that I couldn't import my Domain user list, only the local list. I was going to try and install Wingate on my PDC or BDC to see if their 'local' lists would actually be my domain list, but then I decided that I didn't want them to be my internet gateway (plus I don't think I could easily find an NT4 driver for any of the modems I have kicking around).

WinGate Forums

My WinGate config is not quite right yet...

My WinGate config is not quite right yet...

Who is online