WinGate Forums

[Jens]

I have problems with installing the client. The Wingate server can see the client and the client pc can see the server on the LAN (can browse each PC from the other). Both PCs run Xp pro SP2 with firewalls and ICS disabled. DHCP is used and works fine, the client PC gets assigned IP adress from the WG server. Wingate firewall is also off. I have made a clean new WG server install with the 6.04 release and checked that GDP is running etc. Basically it is a bogstandard install, no warnings or errors encountered during installation. However, when I try to install the WGIC on the client PC it reports that it cannot find the server. I have tried two different client pcs with the same result. If I look into the GDP log all I see is that the service has started, no traffic or requests logged. The server and the client PC have their LAN cards connected via a crossover cable as there are only these two machines in the test system. I am at a loss what to do and need some help to resolve this issue. I have tried to search the forum without hitting an answer.

[Pascal]

Sometimes on XP / 2K systems the WGIC client has a startup problem and it's initial settings are not fully saved. This can usually be resolved by simply going into the applet, checking the WinGate server and then clicking OK.

Can you try that?

Also, does it work if you manually specify a server? (That'll tell us if it's GDP or if there is another problem)

[Jens]

I have found the root of the problem! I had (quite naturally I think) set the User system policies that everyone shall be authenticated. The way this is implemented seems dangerous to me as it even prevents the WGIC to discover the WG server but gives no indication to the user what the problem is. You just have a snafu.
I think this one was a particularly nasty trap, the function ought to have a warning!
So, in a network that is to be maintained, is it best to require authentication for the various services only and not have a general strict policy for all users?

[Pascal]

It all depends on how you want it configured. People often use System Policies (Default Policies) to define the basic template they want. For System Level Services such as GDP, WRP, DNS and Remote Control they then ignore the system policies and only specify the rights they have there.

The policy structure is very flexible and allows you to configure it how you want it to be configured, but therein lies the danger as well.

[Jens]

Hi Pascal,
Thanks for your response. Yes I can see it is very flexible, I suppose its the amount of choices and that you can make exceptions left, right and center that gives me a bit of headache to get it right.
I will be using AV plugin which I want to work for www, email and ftp. I also need to have strict accounting (including using prepay option) for all internet traffic. My understanding from tests and corresondence here is that I have to enable transparent proxies for all these services.
If I set a general systems policy that all users shall be authenticated, I assume that I dont have to specify policies for the individual transparent proxy services but which services do I need to exclude from this so that the system can be maintained while still having full control.

I guess GDP, DHCP and DNS should be open to everyone, but if I open WRP could that not allow uncontrolled internet access for unauthorised users?
As ever, appreciate your kind support

[Pascal]

The first thing I normally do on a WinGate installation (Short of logging in) is to setup access rights for the Remote Control Service. That one gets changed to allow access to my username and the Administrators group and is set to ignore system policies. That way, no matter what changes you make you can always get back into GateKeeper to change the configuration.

Then, as for the system services. By default they have the correct permissions for normal operations.

You need to think about binding policies as well. When you specify a binding policy that tells you where the service will be listening for new connections. So, for WRP, if it only binds to the local (LAN) adapter, then people from the internet will not even be aware of it. That is generally the way WinGate's default bindings are set (Which is why it is so important to have your adapters marked appropriately on the Networking tab in GateKeeper) is to only accept connections from the local network.

[Jens]

Is there a list of the default setting of all parameters, policies and all that are enabled after a clean install? After a few rounds experimenting with different settings (I seem to have to try and fail a bit) it would be nice to have a path back to square one.

[Pascal]

Not offhand. If you let me know what OS you are using I can see if we can make one here (Install on a QA lab machine, etc.) but that won't have the default detections, users, etc. as you installed on your end.

The easiest might be to export the registry immediately after you have installed. You can do this from GateKeeper by going into Options -> Advanced and clicking the "Save Registry Settings" button.

[Jens]

I'm running Win Xp pro. I understand there will be different adapters but I was more thinking about all the other default settings for services, proxies etc. The system is so flexible and complex so a default map would help when you start to navigate around the system.