WinGate Forums

[mcit]

I am trying to discover how to run wingate behind a hardware router. The simple reason for this is that I have a client who is running wingate on an ADSL connection via a router configured as a bridge. Therefore the server manages the logging on and off of the connection. The problem is that even using both the wingate dialer and a third party dialer application, there is occassions where the ADSL connection drops and does not re-dial.

To try an combat this I configured the router to establish the connection, then set the DMZ to the wingate server, then made the default gateway on the wingate machine to address of the router. The clients are configured just as before [all point towards the wingat machine as the default gateway.

It seems to work partially, however, there are certain sites where the pages begin to load, but never actually display. Other sites work fine. Everything is a little slow however. The only pattern that I can find so far is that no https or SSL sites will load whatsoever.

Is there a configuration that I have missed? I have never tried to set wingate up this way before.

[adrien]

Hi

It's not uncommon to have WinGate go through a second router.

I'm wondering if your router though is using PPPoE? If so, it will have a slightly smaller MTU (max packet size). Normally about 8 bytes smaller than the default of 1500.

This could possibly cause trouble with things like SSL connections (these seem to be more susceptible to MTU issues for some weird reason).

anyway, try setting the MTU of your external adapter in WinGate to 1492 -in the advanced settings MTU override.

Adrien

[mcit]

This router is using PPPoA. I am unable to find the setting that you mention for the MTU. Is that a wingate setting or will it be on the network card properties in windows?

If this is the problem, would it also explain the speed issue?

[adrien]

Hi

Depending on the variant of PPPoA, it can reduce MTU. A MTU issue could definitely slow things down, since big packets would get dropped resulting in retries (depends on settings in your OS).

Its in the adapter properties in GateKeeper on the advanced tab under MTU override.

You can test MTU by finding a site you can ping on the net, and pinging it with larger packets, and set the "don't fragment" flag.

E.g.

ping smtp.qbik.com -l 1472 -f

will work if your MTU is 1500. (have to subtract 28 bytes since that's the size of an ICMP + IP packet header - the value you specify for ping is the payload size).

Adrien

[mcit]

I cannot find the adapter properties at all. This is a wingate 5.2 installation btw.

When I ping as you said I receive:

Packet needs to be fragmented but DF set. [x4]

...and 100% loss. Nothing returns.

[Nev]

I cannot find the adapter properties at all. This is a wingate 5.2 installation btw.

When I ping as you said I receive:

Packet needs to be fragmented but DF set. [x4]

...and 100% loss. Nothing returns.

Hi,

Your licence will still work for V6.1.4 and it's well worth the upgrade to allow access to the MTU adjustment [and many other features], has worked for me in the past.

[adrien]

OK, so you are on a reduced MTU

You can set the adapter MTU in your OS to get around that.

You can find the MTU value by reducing that value of 1472 until the ping works. Add 28 to the number you have and that's your effective MTU.

May also pay to ping something on your ISP instead of smtp.qbik.com

To set an adapter MTU, can use apps like DrTCP.

Cheers

Adrien

[mcit]

Anotehr interesting thing I have found. If I configure the clients to use a proxy instead of using NAT, all seems to work normally. Does this still mean it is an MTU issue?

[ChrisH]

How many NIC's on the WG server?

[mcit]

Single NIC on the server. Links straight into switch as does the ADSL modem

[ChrisH]

Could you draw us a block diagram of this setup please? Some of us are a little slower on the uptake than others.

[adrien]

With a proxy connection, the upstream connection is made by the server machine, normally the OS takes care of MTU issues, since if it's a dialup type connection then the OS knows the smaller MTU.

You could try reducing the MTU on a client, but I think your best bet would be to upgrade - we did a lot of work on MTU with version 6.

Adrien

[mcit]

I have upgraded to the current version and everything seems to be working fine now. Thanks.