WinGate Forums

[SandJ]

I have raised this before but I'm putting the question a different way. Previously it was "why can't this PC do HTTPS and SSL?" and in trying to diagnose it myself I have got this far:

The server is a Windows 98SE PC running Wingate 6.2.2

3 PCs on the network run Windows ME and work fine (and have for some years).

A laptop running XP Home SP2 is giving me grief.

With the Windows Firewall enabled, trying to install the WinGate client fails because it cannot see the WinGate server. I have set UDP port 368 as an exception to the firewall but that makes no difference.

Having the WinGate server as the DNS and default gateway works except for HTTPS pages and SSL. Also, other things don't work such as Firefox updates and Thunderbird email collection.

If I have the firewall disabled I can install the WinGate client and everything seems to work fine. But, as this laptop is also used out-and-about on all manner of WiFi networks, I want the firewall enabled. With the firewall enabled, the laptop won't work properly because the WinGate client can't see the server.

So, how do I get the WinGate client to 'see' the WinGate server on XP with Windows Firewall enabled?

WinGate server IP address: 192.168.253.201

XP laptop IP address: 192.168.253.207
Default gateway: 192.168.253.201
DNS Server: 192.168.253.201

The WinGate cache is purged and disabled.

The WinGate server can access the HTTPS and SSL web pages - as can the rest of the PCs.

Any ideas?

[genie]

Try also adding TCP port 2080 as a firewall exception.

[SandJ]

Try also adding TCP port 2080 as a firewall exception.

Thank you for the reply.

OK. That made no difference. Now what?

[genie]

Can you connect (if WGIC is not activated) from this laptop to the Wingate machine? Like, using Gatekeeper on the laptop for one?

[SandJ]

Can you connect (if WGIC is not activated) from this laptop to the Wingate machine? Like, using Gatekeeper on the laptop for one?

I didn't realise you could run GateKeeper from anywhere else other than the server.

Having just tried it - with WGIC not activated - I get "There was a problem connecting to the server. Connection was refused by the server. Check your server name and port number."

I get the same message on other PCs on the network. I tried the server's IP address and its name.

So, I tried to log on to the GateKeeper on the server where the "Log on to Local machine" box is ticked. If I leave it ticked, I can get in (on the server) but if I untick the box I can only get in if I enter 127.0.0.1 or 'localhost' as the server name. Using its IP address or name gives the same error as the networked PCs give.

So, no I cannot connect to the WinGate server using the GateKeeper from any PC on the network, including the server itself. The only way I can connect to it is when I run GateKeeper on the server and tick 'Log on to Local machine'.

I am running GateKeeper by pointig to it on the server's C:\Program Files\WinGate directory and running it from there. Should I be installing the WinGate server on the PCs to install the GateKeeper locally? Or am I doing something wrong?

[labull]

In the firewall, be sure port 808 is allowed to connect from the local network to the WinGate server. That's the port GateKeeper uses to communicate.

[SandJ]

In the firewall, be sure port 808 is allowed to connect from the local network to the WinGate server. That's the port GateKeeper uses to communicate.

I wasn't sure whether you meant the XP laptop's built-in Windows firewall or the WinGate firewall.

I have disabled both firewalls, rebooted and no difference. None of the PCs on the network can connect to the WinGate server using GateKeeper, (including the server that is running it unless I select 'connect to local machine').

I have explicitly opened port 808 (TCP & UDP) and re-enabled the XP laptop's firewall and still cannot get GateKeeper to connect.

[labull]

Is Remote Control Service bound to the adapter with 192.168.253.201 ?

[SandJ]

Is Remote Control Service bound to the adapter with 192.168.253.201 ?

It wasn't. I have changed it and re-started the engine.

Now I can connect but get a 'blank' gatekeeper screen. The 'Control' button turns on an empty panel on the left and about the only thing that works is the Advanced menu option. That gives the following (useless!) troubleshooting report:

1.01 WINGATE CONFIGURATION REPORT
1.02 Tuesday, July 31, 2007, 16:21
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.1.0
1.08 Operating System: Windows 95 (0.0)
1.09 Language: eng
1.10 User database: WinGate
1.11 Num. users: 0
1.12
1.13
2.01 ---------------------------------------------
2.02 Licence keys
2.03 ---------------------------------------------
2.04
3.01 ---------------------------------------------
3.02 Licence details
3.03 ---------------------------------------------
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Default Start/Stop Rights:
6.09 Default Edit Rights:
6.10
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT


Slightly amusingly, if I go into the GateKeeper on the server using 'Log on to Local machine', I can see the two PCs on which I have tried running GateKeeper in the 'Client activity' as using the Remote Control Service.

Actually, here's the troubleshooting report from the server:

1.01 WINGATE CONFIGURATION REPORT
1.02 Tuesday, July 31, 2007, 16:34
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.2.2 (Build 1137)
1.08 Operating System: Windows 98 (4.10)
1.09 Language: eng
1.10 User database: WinGate
1.11 Num. users: 3
1.12
1.13
3.01 ---------------------------------------------
3.02 Licence details
3.03 ---------------------------------------------
3.04 License Key 1
3.05 Version: WinGate 4 Standard 6 concurrent users
3.06 Expiry: None
3.07
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is disabled
4.05
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 Bandits (Dialup) external
5.05 Realtek RTL8139/810X Family PCI Fast Ethernet NIC (Ethernet) internal
5.06 USB Cable Modem 351000 (Ethernet) external
5.07 MS TCP Loopback interface (Loopback)
5.08 USBCM 351000 (Ethernet) external
5.09
6.01 ---------------------------------------------
6.02 Services
6.03 ---------------------------------------------
6.04
6.05 System Policies
6.06 ---------------------------------------------
6.07 Default System Access Rights:
6.08 Everyone - Unrestricted rights
6.09 Default Start/Stop Rights:
6.10 Administrators - Unrestricted rights
6.11 Default Edit Rights:
6.12 Administrators - Unrestricted rights
6.13
6.14 WWW Proxy server (WWW Proxy server)
6.15 ---------------------------------------------
6.16 Session Timeout: 60
6.17 Port: 80
6.18 Startup: Automatic start/stop
6.19 Access Rights: Defaults: may be used instead
6.20 Start/Stop Rights: Defaults: may be used instead
6.21 Edit Rights: Defaults: may be used instead
6.22
6.23 Telnet Proxy server (Telnet Proxy server)
6.24 ---------------------------------------------
6.25 Session Timeout: 60
6.26 Port: 23
6.27 Startup: Automatic start/stop
6.28 Access Rights: Defaults: may be used instead
6.29 Start/Stop Rights: Defaults: may be used instead
6.30 Edit Rights: Defaults: may be used instead
6.31
6.32 DHCP Service (DHCP Service)
6.33 ---------------------------------------------
6.34 Session Timeout: 60
6.35 Port: 67
6.36 Startup: Automatic start/stop
6.37 Access Rights: Defaults: are ignored
6.38 Everyone - Unrestricted rights
6.39 Start/Stop Rights: Defaults: may be used instead
6.40 Edit Rights: Defaults: may be used instead
6.41
6.42 Winsock Redirector Service (Winsock Redirector Service)
6.43 ---------------------------------------------
6.44 Session Timeout: 600
6.45 Port: 2080
6.46 Startup: Automatic start/stop
6.47 Access Rights: Defaults: may be used instead
6.48 Start/Stop Rights: Defaults: may be used instead
6.49 Edit Rights: Defaults: may be used instead
6.50
6.51 RTSP Streaming Media Proxy (RTSP Streaming Media Proxy)
6.52 ---------------------------------------------
6.53 Session Timeout: 60
6.54 Port: 554
6.55 Startup: Automatic start/stop
6.56 Access Rights: Defaults: may be used instead
6.57 Start/Stop Rights: Defaults: may be used instead
6.58 Edit Rights: Defaults: may be used instead
6.59
6.60 FTP Proxy server (FTP Proxy server)
6.61 ---------------------------------------------
6.62 Session Timeout: 60
6.63 Port: 21
6.64 Startup: Automatic start/stop
6.65 Access Rights: Defaults: may be used instead
6.66 Start/Stop Rights: Defaults: may be used instead
6.67 Edit Rights: Defaults: may be used instead
6.68
6.69 VDOLive Proxy server (VDOLive Proxy server)
6.70 ---------------------------------------------
6.71 Session Timeout: 60
6.72 Port: 7000
6.73 Startup: Automatic start/stop
6.74 Access Rights: Defaults: may be used instead
6.75 Start/Stop Rights: Defaults: may be used instead
6.76 Edit Rights: Defaults: may be used instead
6.77
6.78 SOCKS Proxy server (SOCKS Proxy server)
6.79 ---------------------------------------------
6.80 Session Timeout: 60
6.81 Port: 1080
6.82 Startup: Automatic start/stop
6.83 Access Rights: Defaults: may be used instead
6.84 Start/Stop Rights: Defaults: may be used instead
6.85 Edit Rights: Defaults: may be used instead
6.86
6.87 GDP Service (GDP Service)
6.88 ---------------------------------------------
6.89 Session Timeout: 60
6.90 Port: 368
6.91 Startup: Automatic start/stop
6.92 Access Rights: Defaults: may be used instead
6.93 Start/Stop Rights: Defaults: may be used instead
6.94 Edit Rights: Defaults: may be used instead
6.95
6.96 XDMA Proxy service (XDMA Proxy service)
6.97 ---------------------------------------------
6.98 Session Timeout: 20
6.99 Port: 8000
6.100 Startup: Automatic start/stop
6.101 Access Rights: Defaults: may be used instead
6.102 Start/Stop Rights: Defaults: may be used instead
6.103 Edit Rights: Defaults: may be used instead
6.104
6.105 WWW Server for viewing log files (Logfile Server)
6.106 ---------------------------------------------
6.107 Session Timeout: 60
6.108 Port: 8010
6.109 Startup: Automatic start/stop
6.110 Access Rights: Defaults: may be used instead
6.111 Start/Stop Rights: Defaults: may be used instead
6.112 Edit Rights: Defaults: may be used instead
6.113
6.114 DNS Service (DNS Service)
6.115 ---------------------------------------------
6.116 Session Timeout: 60
6.117 Port: 53
6.118 Startup: Automatic start/stop
6.119 Access Rights: Defaults: may be used instead
6.120 Start/Stop Rights: Defaults: may be used instead
6.121 Edit Rights: Defaults: may be used instead
6.122
6.123 Remote Control Service (Remote Control Service)
6.124 ---------------------------------------------
6.125 Session Timeout: 60
6.126 Port: 808
6.127 Startup: Automatic start/stop
6.128 Access Rights: Defaults: may be used instead
6.129 Start/Stop Rights: Defaults: may be used instead
6.130 Edit Rights: Defaults: may be used instead
6.131
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 81.96.244.1 81.96.244.158 1
7.08 81.96.244.0 255.255.252.0 81.96.244.158 81.96.244.158 1
7.09 81.96.244.158 255.255.255.255 127.0.0.1 127.0.0.1 1
7.10 81.255.255.255 255.255.255.255 81.96.244.158 81.96.244.158 1
7.11 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.12 192.168.0.0 255.255.0.0 192.168.253.201 192.168.253.201 1
7.13 192.168.253.201 255.255.255.255 127.0.0.1 127.0.0.1 1
7.14 192.168.253.255 255.255.255.255 192.168.253.201 192.168.253.201 1
7.15 224.0.0.0 224.0.0.0 81.96.244.158 81.96.244.158 1
7.16 224.0.0.0 224.0.0.0 192.168.253.201 192.168.253.201 1
7.17 255.255.255.255 255.255.255.255 81.96.244.158 0.0.0.0 1
7.18
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: Qbik NDIS Hook 6.0 - Installed and active
8.05 Driver: Enabled
8.06 NAT: Enabled
8.07 Router: Enabled
8.08 Firewall level: Disabled
8.09
8.10 Routing
8.11 ---------------------------------------------
8.12 Multiple default routes: Enabled
8.13 Relay UDP broadcast packets: Enabled
8.100
8.101 Port Security
8.102 ---------------------------------------------
8.103
8.104 Security for: External TCP
8.105
8.106 Security for: External UDP
8.107
8.108 Security for: Internal TCP
8.109 Action: Allow Port: 21 - Hole for FTP Proxy server (Auto)
8.110 Action: Allow Port: 23 - Hole for Telnet Proxy server (Auto)
8.111 Action: Allow Port: 80 - Hole for WWW Proxy server (Auto)
8.112 Action: Allow Port: 554 - Hole for RTSP Streaming Media Proxy (Auto)
8.113 Action: Allow Port: 808 - Hole for Remote Control Service (Auto)
8.114 Action: Allow Port: 1080 - Hole for SOCKS Proxy server (Auto)
8.115 Action: Allow Port: 2080 - Hole for Winsock Redirector Service (Auto)
8.116 Action: Allow Port: 7000 - Hole for VDOLive Proxy server (Auto)
8.117 Action: Allow Port: 8010 - Hole for Logfile Server (Auto)
8.118
8.119 Security for: Internal UDP
8.120 Action: Allow Port: 0 - Hole for Dialer Monitor (Auto)
8.121 Action: Allow Port: 53 - Hole for DNS Service (Auto)
8.122 Action: Allow Port: 67 - Hole for DHCP Service (Auto)
8.123 Action: Allow Port: 368 - Hole for GDP Service (Auto)
8.124 Action: Allow Port: 8000 - Hole for XDMA Proxy service (Auto)
8.125
8.126 Security for: NAT TCP
8.127 Action: Redirect Port: 21 - Intercepted by FTP Proxy server
8.128 Action: Redirect Port: 80 - Intercepted by WWW Proxy server
8.129 Action: Redirect Port: 8010 - Intercepted by Logfile Server
8.130
8.131 Security for: NAT UDP
8.132
8.133 Security for: DMZ TCP
8.134
8.135 Security for: DMZ UDP
8.136
8.137 Security for: (unknown)
8.138
8.139 Security for: (unknown)
8.500
9.01 ---------------------------------------------
9.02 END OF CONFIGURATION REPORT

[labull]

COOL! We're making progress!

It's been a VERY long time but here are some things to check.

It's always best if you're running the GateKeeper executable from a drive mapped to the WinGate folder on the server.

Are you logining in as an Administrator or a User?

[SandJ]

COOL! We're making progress!

It's been a VERY long time but here are some things to check.

It's always best if you're running the GateKeeper executable from a drive mapped to the WinGate folder on the server.

Are you logining in as an Administrator or a User?

I have a permanent drive mapping of T: to \\SERVER\SERVERC and so I ran the GateKeeper from T:\Program Files\WinGate

I was logging in as Administrator.

[labull]

Well, now it's time to let those fine folks at Qbik take over as I've reached the end of my smarts/memory on this subject.

James?

[genie]

Now make sure that GDP and Winsock redirector services are bound on the internal adapter.

[jamesc]

James?

--> I have been having a bad run on a couple of forum posts lately so am not that keen :) But after reviewing this my two cents says:

With the Windows Firewall enabled, trying to install the WinGate client fails because it cannot see the WinGate server. I have set UDP port 368 as an exception to the firewall but that makes no difference.

So if it works when the Windows Firewall is disabled, but does not work if it is enabled. Then you must of misconfigured that firewall rule for UDP 368 in the Windows Firewall?

The WinGate server can access the HTTPS and SSL web pages - as can the rest of the PCs

1. So this is not caused by some policy correct? Because if it was then you would see authentication failures in WinGate.

2. It sounds like you installed that free web browser made by a .org - is it possible to use the original one that came with your operating system for the sake of testing?

labull wrote:
Is Remote Control Service bound to the adapter with 192.168.253.201 ?
ScandJ wrote:
It wasn't. I have changed it and re-started the engine.

The Remote Control Service will remove all bindings except the localhost in the event that the Administrator does not have a password set.



Other checks:

3. If the Windows XP Desktop is a car, then the programs running in the Windows System Tray (by the time) are the trailer. Just because you have a trailer it does not mean you tow it everywhere you go. So please review your "trailer" and unhitch/disable what you don't need for the sake of testing.
(Windows) Start menu --> run --> msconfig



If you still need assistance then I would suggest doing the following:

Send an email to sales@wingate.com and reference this forum post - I would suggest sending in the following details:

WinGate Registry.
GateKeeper --> Options menu --> Advanced --> Save Registry

Belarc Advisor report.
Download http://www.belarc.com/free_download.html , run it and it will create a report of what is installed, then save it. *Please review it before you send it in, we acknowledge it does show some CD Keys, but that information will remain confidential.

[SandJ]

Now make sure that GDP and Winsock redirector services are bound on the internal adapter.

They already are.

[SandJ]

So if it works when the Windows Firewall is disabled, but does not work if it is enabled. Then you must of misconfigured that firewall rule for UDP 368 in the Windows Firewall?

I can see why you would leap to that conclusion - I've spent my time in user support too. What you can't see is the days and days I have spent on this and the pages of notes I have. Change a setting, reboot, try again, check the log files, check using something else, check the log files, document the results, put it back how it was, etc.

Checks ... ports 368 UDP and port 368 TCP are both marked as exceptions in the firewall setup. So no, not misconfigured.

The WinGate server can access the HTTPS and SSL web pages - as can the rest of the PCs

1. So this is not caused by some policy correct? Because if it was then you would see authentication failures in WinGate.

I don't recall ever having touched any policy settings in WinGate. How would I see authentication failures - what do I look for?

2. It sounds like you installed that free web browser made by a .org - is it possible to use the original one that came with your operating system for the sake of testing?

I have been consistently testing with both Firefox (I think you are allowed to use the name in public) and Internet Explorer. I have been using FireFox to check it is not just Internet Explorer that is giving me grief.

Other checks:

3. If the Windows XP Desktop is a car, then the programs running in the Windows System Tray (by the time) are the trailer. Just because you have a trailer it does not mean you tow it everywhere you go. So please review your "trailer" and unhitch/disable what you don't need for the sake of testing.
(Windows) Start menu --> run --> msconfig

This laptop does not have much on it because I have never got it working properly on the LAN. The very first thing I tried with it out of the box was internet connectivity and failed and I have struggled with it since. It is really a pointless, expensive doorstop. At home, anyway. When out-and-about it connects to hotel wireless systems perfectly happily. The only thing that seems different is here I have a server running WinGate between it and the outside world.

If you still need assistance then I would suggest doing the following:

Send an email to sales@wingate.com and reference this forum post - I would suggest sending in the following details:

WinGate Registry.
GateKeeper --> Options menu --> Advanced --> Save Registry

Belarc Advisor report.
Download http://www.belarc.com/free_download.html , run it and it will create a report of what is installed, then save it. *Please review it before you send it in, we acknowledge it does show some CD Keys, but that information will remain confidential.

Thank you for that suggestion.

Might it also be worth me uninstalling the WinGate software, rebuild the server from scratch and re-install WinGate? The server has had network cards and processors changed and the WinGate software been upgraded numerous times from versions 4 to 6. Although I do not recall changing any settings in WinGate it now appears a number are incorrect or unsuitable and this might fix it, yes? That is, get it back into a default out-of-the-box state.

(Actually, if I'm going to do that, might it not be easier to replace the server / WinGate combination with a WiFi-enabled modem router with NAT capability? I can't remember now why I originally bought WinGate - for NAT and internet sharing for Windows 95 I assume.)