WinGate Forums

[Anas]

Hello


I've some problems with wingate that I hope you can help me with..

Bandwidth controller don't work, and it needs more features to be useful.
I need to set up two Rules for two lines on each PC on the network .. is it possible?

I tried some real Bandwidth control program (Bandwidth Controller Enterprise) but it seems that it conflict with wingate and I end up with a blue screen.

Activity monitor stop working some times and keep showing activity for shutdown PC's.

I've WWW Proxy service intercepting 80-8080 ports and binding it to "line 2" and all other traffic will go to "line 1" since it has lower Metric, but sometimes it uses "line 2" for different ports which will result in lost connections for our network clients.

OS:Windows Server 2003 ENT R2 SP2 - No Anti-Virus or Firewalls or...

Best regards,
Anas

[adrien]

Hi

so you have 2 internet connections, and you want to use bandwidth control to set rules for bandwith based on these connections?

At the moment, bandwidth control only selects rules based on IP:port and protocol. To select based on gateway would need to select on MAC address.

Are you trying to use both connections for all your clients and you want different bandwidth rules for each?

Regards

Adrien

[Anas]

Hi adrien


actually I'll have more than two Internet connections (If it works) and that is a major reason why I prefer wingate over ISA.

but I'm not able to separate connection (80-443-21 on line one - all other ports on line two)

as for the bandwidth control that is exactly what I need it to do, and I can use rules based on ports (first rule Port 80\443\21 - second rule all other ports)
but it seems that I can't set it for individual IP's rather than the gateway's LAN IP, which means shared bandwidth rule for all clients.

If it possible to set one rule (Browsing rule)for each PC then this might be enough.

[adrien]

Hi

You can only use proxies in WinGate to override routing to specify a particular gateway to use.

However, you can intercept connections with a TCP mapping proxy, and if you specify no mappings, it will connect out to the intercepted original destination ip:port. In this way you can specify which gateway to use on a port by port basis.

Anything which uses NAT will use the default gateway with the lowest metric.

So you can set a default gateway to use, and override it per port.

As for setting bandwidth rules per client IP, that should be possible with the bandwidth rules.

Adrien

[Anas]

You can only use proxies in WinGate to override routing to specify a particular gateway to use.

However, you can intercept connections with a TCP mapping proxy, and if you specify no mappings, it will connect out to the intercepted original destination ip:port. In this way you can specify which gateway to use on a port by port basis.

Anything which uses NAT will use the default gateway with the lowest metric.

So you can set a default gateway to use, and override it per port.

I already done this, and it is not working well

I've WWW Proxy service intercepting 80-8080 ports and binding it to "line 2" and all other traffic will go to "line 1" since it has lower Metric, but sometimes it uses "line 2" for different ports which will result in lost connections for our network clients.

as for BC I meant I'll write ONLY one rule for all the PC's, something like this:
Rule1 "192.168.1.0 - 192.168.1.250" 1600Kb(200KB), so when PC01,PC02,...PC81 connect each of them will have his own 200KB of bandwidth.

Thank you for your time.

[adrien]

sorry, missed that before.

So you're saying that when web browser clients use different ports than 80 and 8080 for HTTP, it's not intercepted by the proxy and therefore goes out the other interface.

I can only really think of one solution to this, and that's to get web browser clients to be configured to use a proxy. Then HTTP over all ports will go through the proxy and out the connection you specify.

For the bandwidth rule, you assign a restriction to a rule. A restriction is like a slice of cake, it's a resource. If you specify a restriction of say 100kbps, then assign rules to it, then all traffic that matches that rule will share the 100kbps, they won't get 100kbps each. So, unfortunately in your case with existing bandwidth rule structure, you would need to set up a restriction for each different LAN user, and have a rule for each one to apply the restriction.

Regards

Adrien

[Anas]

Intercepting HTTP seems to be ok, the lower metrics is the problem.

I might haven't been clear so I'll explain more:

I'm running a gaming center, and we have hundreds of TCP-UDP ports which will be impossible to map individually, and we have Connection A "Microwave link" and Connections B "DSL Lines".

I want to use Connection A "Microwave link" for all the ports and use Connections B "DSL Lines" for Browsing Only.

So I assigned Connection A with a lower metric and setup WWW Proxy service to intercept port 80 and bind it to Connections B "DSL Lines".
Most of the time its working well and clients can play games "using connection A" and browse using "connection B" simultaneously without interference.
but sometimes for an unknown reason wingate use Connections B "DSL Lines" for random ports other than 80.

I think I assigned the metrics correctly, through advanced TCP/IP setting. and I noticed that my gateway never use DSL lines for it self.





you should consider implementing more features to BC "such IP address groups,ports groups and mac adress" its the only thing that WinGate is missing.


Thank you for your time.

[Anas]

I noticed that when the problem occurs the default gateway change to the DSL line "123.123.123.169".

How do I stop wingate from changing it, Should I connect the Microwave Link through router so it appears to WinGate to be active all the time, although I didn't enable "Monitor for dead gateways"..

[adrien]

Hi

WinGate doesn't alter default gateways (e.g. it doesn't touch default routes in the OS route table), so something else must be changing it.

Where are you seeing the default gateway? In route print, or in GateKeeper, or somewhere else?

Regards

Adrien

[Anas]

Hi

In route print (shown above) .. and if wingate didn't what did?

I only use "Bandwidth Controller Enterprise" with it, and I don't think it has anything to do with the default gateway since its designed to work with firewall and servers "such as Kerio-ISA" and my Rules are set to LAN (Interface name) and by "Client address group\Port-Protocol"as source and "ANY IP address\Port" for destination.

and If I'm not mistaken I have seen this happen before BCE installed.

Refreshing settings\Disabling-enabling for adapters and wingate solve it, and if I let it for a while it'll change back by its self.

this has a very bad influence on my clients, I hope we can solve this very soon.

I'll upload my settings when I'm there.

[adrien]

you can override adapter metric in WinGate. That might help. That will then set metric on any routes in WinGate routing based on the overridden metric. Need an enterprise license for that or trial will do it as well.

[Anas]

I've tried "override windows metric" long time ago ..

If I unplugged the DSL router cable "NIC Cable" wingate will redirect WWW traffic to the Microwave Immediately.

and if I just unplugged the telephone wire it doesn't for a while but eventually it will redirect it to Microwave again.

are you sure that wingate doesn't change my default gateway, it might be suspected as a dead gateway and redirected

if I setup redirection policies at "Port Security" with all the other port ranges will this force wingate to use the Microwave instead of DSL?

this is a copy of my settings:
http://upload.797.googlepages.com/wingateconfig.zip

[adrien]

Unless you have monitor for dead gateways enabled, WinGate treats all gateways as always alive.

Even when WinGate detects a gateway as dead, it doesn't touch the OS route table - it simply doesn't schedule connections over that gateway for proxies.

It's more likely something to do with the network adapter. For instance if the OS detects a link failure (e.g. switch, cable, NIC) it will remove the routes for that adapter, which would promote the adapter using the DSL.

Does this happen reliably? You could possibly log the route table periodically to a file to see what happens.

Adrien

[Anas]

How do I solve this, I don't want to use proxy server on separate machine!

I'm not willing to purchase two copies of BCE and wingate to use multiple lines!

It's more likely something to do with the network adapter. For instance if the OS detects a link failure (e.g. switch, cable, NIC) it will remove the routes for that adapter, which would promote the adapter using the DSL.

this is not the case, when this happen I can see the "Microwave link" routes sill exist and some existing connections don't get disconnected, the only thing changes is the Default gateway in the routing table.

Does this happen reliably? You could possibly log the route table periodically to a file to see what happens.

I don't understand what you mean by "reliably", but it happens randomly, some times its runs fine for hours and some times keep changing in minutes.. which forces me to disable the DSL.

I can't log it since I have to disable the DSL, and I don't know how anyway.

Can I force the OS not to change the routes? Perhaps a persistent routes or editing the route table?

[adrien]

Hi

Do you know if it happens more frequently say in rain conditions etc?

Some terminal equipment (our fibre does this) will disable the ethernet interface if the link goes down. If this happens with your microwave equipment, then a link outage (which could be caused by any number of things in the radio path) could cause a momentary disabling / re-enabling of the ethernet interface on the microwave terminal equipment.

You could prevent this from affecting WinGate if you put a hub or switch between the WinGate ethernet adapter and the microwave terminal equipment.

Is the microwave gear directly connected to the WinGate computer?

[Anas]

Hi

If the ethernet get disabled the OS will delete all its routes and all clients connected through it will get disconnected but like I said:

this is not the case, when this happen I can see the "Microwave link" routes sill exist and some existing connections don't get disconnected, the only thing changes is the Default gateway in the routing table.

and its connected to a small device that power the Microwave equipment (PoE), any way I tried to connecting it through a switch but it didn't change anything.

I disabled the DSL for about two days now and I had no Disconnecting or any other problems,

it may be TCP timing out which change the route table, perhaps increasing timeout value will help?

is there any way that I can force the OS not to change the default gateway?

I changed the TCPIP registry settings with no results:

DeadGWDetectDefault 0 (it was 1 by the way)

DontAddDefaultGatewayDefault 1

[adrien]

is it possible the DSL is sending RIP updates or anything like that that may cause the RIP client in WinGate (if enabled, in the VPN settings) to change routes?

Adrien

[Anas]

I think I can disable the RIP from the DSL Router, but I can't keep experimenting in my network!

I've tried increasing the METRIC value to 9999 and connected the Microwave to a switch without an Internet connection and kept browsing (on the DSL)

after a few moments the default gateway changed to the DSL's, but I'm not sure the delayed change was from a higher METRIC (since I restored&rebooted and it stayed as long) or testing it with one PC "high load might force it to change in seconds", anyway this is not a solution.

I don't want to use the DSL line even if my Microwave internet is slow\busy\unresponsive or even down.

It seems impossible to fully separate traffic on multiple lines (at least with wingate), I'm doomed to use a proxy server.

[adrien]

Hi

Did you disable the RIP listener in WinGate, under the VPN settings general tab? then even if your DSL is sending RIP, it won't matter.

Is there any other software on that computer that could be messing with your routes?

I know it's frustrating, but we've used this ourselves before and had no problems, and we know of other customers that are also doing this.

Adrien

[Anas]

I found the DSL router had RIP disabled by default, I don't have any other programs "at all", I even disabled BCE.

we've used this ourselves before and had no problems, and we know of other customers that are also doing this.

could you give me the specific configurations (BOTH the adapters and WinGate)

should I configure the DSL router IP to a non-routable IP? will this have any effect?

I know it's frustrating

it's also time consuming and it's costing me my clients ..


there is something triggering this randomly, Is this possible or not:

I don't want to use the DSL line even if my Microwave internet is slow\busy\unresponsive or even down.

[adrien]

Hi
Couple of things to try then

1. Make sure the adapter usage for the adapter connected to the DSL is "external". That should block it from being able to send any packets that may cause your WinGate machine to change routes. There are a few sorts of things that devices can send that may cause windows to alter route tables, such as

a) ICMP router advertisement packets
b) UPnP

I believe it's also possible to stop Windows from acting on these.

http://www.pc1news.com/how-to-disable-d ... y-581.html
https://kb.berkeley.edu/jivekb/entry.jspa?entryID=2455

2. An option could also be to have both internet connections on the same subnet, and use just one adapter in WinGate to connect to both. That will prevent issues relating to possible ethernet link failures.

Adrien

[Anas]

1. Make sure the adapter usage for the adapter connected to the DSL is "external". That should block it from being able to send any packets that may cause your WinGate machine to change routes.

I had this set "manually" from the second I installed WinGate even though it was detected automaticly.

There are a few sorts of things that devices can send that may cause windows to alter route tables, such as

a) ICMP router advertisement packets
b) UPnP

I believe it's also possible to stop Windows from acting on these.

http://www.pc1news.com/how-to-disable-d ... y-581.html
https://kb.berkeley.edu/jivekb/entry.jspa?entryID=2455

2. An option could also be to have both internet connections on the same subnet, and use just one adapter in WinGate to connect to both. That will prevent issues relating to possible ethernet link failures.

Adrien

I tried that at home (WinXP Pro SP3 with no AV or Firewall and without WinGate) and the reg keys "DeadGWDetectDefault 0 - DontAddDefaultGatewayDefault 1"

after a reboot I added a fake gateway, in a few seconds the OS change the default gateway.

I can't utilize two Lines and I was planning to use 4-5 lines! I'm wondering how the "use in rotation" will work?

If you have a better way to test this or any other suggestions post it ..

[adrien]

we can have a look at your system with remote desktop if you like.

Adrien