Hi,
I am adept with many facets of computing but VPN is not one of them. I have the following set up :
Router with Fixed IP ( 2mb /500k ) . On that PC is a folder i want to " share " with people in another location ( fixed office ) . The machine runs windows xp pro.
I do not want most of the features of WinGate other than the VPN. Thus in my simple view , all i thought i had to do was install wingate and portforward from my router ( its got a NAT ) to the pc on the ports that Wingate uses.
Maybe its that simple and im doing it wrong , the PDF from the Wingate website is not very good ( IMHO ) the links pointing to differerent bookmarks dont work so i had to browse through it a bit aimlessly but after hours the closest i have come is seeing activity from the laptop i am testing whilst it is on my network ( ie on the local network ) . When i put that system on a second router ( giving it an outside view of my static ip on the main router ) i dont get squat on the wingate server , not even a " warning of a blocked attempt at access as i can see.
Is the wingate software able to handle this set up ? IT seems all i have read wants me to set up the package as the DHCP server etc . Is there a dummies guide on how to do this somewhere ? When i finally got the server software to manufacture a file ( key for the client ) the client didnt recognise it ( perhaps thats all im missing ). It talks in the server softare of giving out a VPN security certificate, but i cant see a way to give this to the client.
Im quite impressed with the idea , but my own degree of ignorance in how to implement it is letting me down. Somebody told me i can do this with windows xp , but given it doesnt do most things correctly , id rather pay and utilise a more concrete sol.
Any tips , pointers , read this you newb etc. would be most welcome.
David
Utter Novice Question
Moderator: Qbik Staff
4 posts
• Page 1 of 1
by adrien » Dec 29 05 8:30 pm
Hi David
From your description, I take it you have a NAT/router with fixed IP which provides access to an internal network. One machine on this network will be a WinGate VPN hoster, and accept WinGate VPN joiners.
There are 2 things to consider.
1. Getting a connection
For this, all you should need to do is forward port 809 UDP and 809 TCP (this is important you do both UDP and TCP) to the WinGate VPN hoster machine
WinGate VPN joiners (i.e. the fixed office) then connects to the external IP of the NAT/Router.
At this stage you should see a connection established at either the hoster or joiner site.
Things to check at this stage.
a. route conflicts. If you are using the same range of IP addresses on the hosting LAN as the joining LAN, there is a route conflict. One LAN or the other would need to be renumbered.
b. from the joiner, can you ping the hoster by its NetBIOS name?
2. Allowing this connection to be used by other machines on the LANs at each site.
In your case, it sounds like you only want to connect to a share on the server running the hoster. So, if you don't want people connecting in to be able to access other machines, in the configuration of the VPN to Host, under "local participation", select "local machine only". This then dictates what routes are published and are routable over the VPN.
Let me know if you need any more help
Cheers
Adrien
From your description, I take it you have a NAT/router with fixed IP which provides access to an internal network. One machine on this network will be a WinGate VPN hoster, and accept WinGate VPN joiners.
There are 2 things to consider.
1. Getting a connection
For this, all you should need to do is forward port 809 UDP and 809 TCP (this is important you do both UDP and TCP) to the WinGate VPN hoster machine
WinGate VPN joiners (i.e. the fixed office) then connects to the external IP of the NAT/Router.
At this stage you should see a connection established at either the hoster or joiner site.
Things to check at this stage.
a. route conflicts. If you are using the same range of IP addresses on the hosting LAN as the joining LAN, there is a route conflict. One LAN or the other would need to be renumbered.
b. from the joiner, can you ping the hoster by its NetBIOS name?
2. Allowing this connection to be used by other machines on the LANs at each site.
In your case, it sounds like you only want to connect to a share on the server running the hoster. So, if you don't want people connecting in to be able to access other machines, in the configuration of the VPN to Host, under "local participation", select "local machine only". This then dictates what routes are published and are routable over the VPN.
Let me know if you need any more help
Cheers
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by davidffu » Dec 30 05 2:57 am
Hi,
Thanks for the detailed post. Im out the door now on way back to the office and will give it a go. I didnt renumber the networks and think everything down to the gateway probably caused a conflict. I will change the IP of the HOST side gateway and the DHCP range it can give out. Question: I should avoid changing the subnet ..i.e. keep that the same on both sides.
Im not interested in them being able to browse the rest of the network, just one machine so i will change that paramater.
One other thing, can i as the VPN hoster have access to a files shared with the appropriate permissions on the joiners side ? Is there anything i need to do to make that happen ?
Thanks for your help and patience.
David
Thanks for the detailed post. Im out the door now on way back to the office and will give it a go. I didnt renumber the networks and think everything down to the gateway probably caused a conflict. I will change the IP of the HOST side gateway and the DHCP range it can give out. Question: I should avoid changing the subnet ..i.e. keep that the same on both sides.
Im not interested in them being able to browse the rest of the network, just one machine so i will change that paramater.
One other thing, can i as the VPN hoster have access to a files shared with the appropriate permissions on the joiners side ? Is there anything i need to do to make that happen ?
Thanks for your help and patience.
David
- davidffu
- Posts: 2
- Joined: Dec 29 05 6:24 pm
by MattP » Dec 30 05 9:47 am
Hi David,
WinGate VPN extends your LAN, so yes, you should be able to browse the joining side of the VPN, although again this will be determined by the level of local access that you select on the joiner machine. You can choose "local machine only" or "local network".
You'll probably want to change the subnet, WinGate's VPN is a routing based solution, so if you're trying to access the remote machines on the subnet 192.168.0.*, but your LAN is also on that subnet you'll see problems.
WinGate VPN extends your LAN, so yes, you should be able to browse the joining side of the VPN, although again this will be determined by the level of local access that you select on the joiner machine. You can choose "local machine only" or "local network".
You'll probably want to change the subnet, WinGate's VPN is a routing based solution, so if you're trying to access the remote machines on the subnet 192.168.0.*, but your LAN is also on that subnet you'll see problems.
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 14 guests