Hello,
I am Running WinGate on a boat on a Win XP SP3 Machine with single NIC. I have create 12 users in WinGate and guests (physical clients) are using these accounts to access the internet with the current available internet connection (UMTS, Satellite, GPRS 1, GPRS 2).
The best configuration for my scenario was to use ENS with Transparent Proxy Enabled WWW Proxy. User to authenticate uses the Java login authentication.
I am facing the following issues:
1. DNS resolve issues on clients
- I use wingate for DNS Server and on clients machines the DHCP assigns two DNS, the wingate machine IP and one from UMTS Router that is connected via ethernet (192.168.1.1 wingate/ 1.2 the router). The other internet connections are made via the dialer (rs232 interface's). The reason i use as secondary DNS the UMTS router is because without that clients are unable to resolve internet names. Also with that configuration when UMTS router is not connected to the internet the same is happening, users cannot resolve internet names, but only pubic IP' s and also the java login applet is not running (cannot resolve it), except if i enter a public ip address.
I need some help to explain me how to use wingate as DNS server and what is the best configuration i should make. Also please suggest me what IP configuration i should have on Wingate Server (TCP/IP settings - default gateway, dns). I remind that usually there is no internet connection active until a user request one (also for UMTS)
2. Dialer not roll-over
- I have configured 4 dial-up connections and i have setup them in wingate so users be able to have internet access from these connections. When UMTS is not available then automatically wingate dials the first available dial-up connection, but if that connection is not reachable does not roll to the next one. If from wingate administration in dialer pane i enter dial then the roll over is working fine.
Thanks in advance.
Best Regards,
Nikos
DNS & Dialer issue
Moderator: Qbik Staff
9 posts
• Page 1 of 1
Re: DNS & Dialer issue
by adrien » May 17 10 3:06 pm
Hi
Sorry to take so long to reply.
For your second issue I'd suggest submitting a support ticket by emailing support@wingate.com, they will need your dialer log files to see what's going on.
As for DNS, normally the clients should only need to use one or other DNS server (WinGate or your UMTS interface). The key is what does the WinGate computer itself use for DNS?
When you use the DNS service in WinGate, it uses the DNS resolver in WinGate to obtain answers for client queries. The DNS resolver uses the DNS settings of the host operating system - e.g. the DNS settings in your network adapter(s). So, if you had your NIC in the WinGate machine set to use the UMTS router for its DNS, then the clients should be able to resolve internet names through the UMTS router via WinGate - e.g. you'd only need to assign the WinGate IP to the clients for DNS. You can also manually assign IPs to use for DNS in the DNS resolver settings in GateKeeper.
What happens if UMTS is not available though? You'd need to fall-back to some other connection (is Satellite accessed via dialup networking as well?). WinGate will automatically see new DNS servers assigned to interfaces (e.g. when a dialup connection is made).
Regards
Adrien
Sorry to take so long to reply.
For your second issue I'd suggest submitting a support ticket by emailing support@wingate.com, they will need your dialer log files to see what's going on.
As for DNS, normally the clients should only need to use one or other DNS server (WinGate or your UMTS interface). The key is what does the WinGate computer itself use for DNS?
When you use the DNS service in WinGate, it uses the DNS resolver in WinGate to obtain answers for client queries. The DNS resolver uses the DNS settings of the host operating system - e.g. the DNS settings in your network adapter(s). So, if you had your NIC in the WinGate machine set to use the UMTS router for its DNS, then the clients should be able to resolve internet names through the UMTS router via WinGate - e.g. you'd only need to assign the WinGate IP to the clients for DNS. You can also manually assign IPs to use for DNS in the DNS resolver settings in GateKeeper.
What happens if UMTS is not available though? You'd need to fall-back to some other connection (is Satellite accessed via dialup networking as well?). WinGate will automatically see new DNS servers assigned to interfaces (e.g. when a dialup connection is made).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: DNS & Dialer issue
by bytelord » May 21 10 9:30 pm
Hello again,
Thanks for the answer and sorry for the delay also to reply back. I am on the ship right now and i am making some tests as also some configuration changes.
The server now as DNS on the nic have only the UMTS Router and clients only the wingate machine. When i am trying to access internet from a client pc the java login applet is not appeared because cannot be resolved, also if i enter any domain. If i enter an ip address (internal or external) then the java login applet appears, the user logs in and the dial proccess is making place from wingate if the umts router is not connected. After that the user is able to access domain names and are resolved normal. So the issue now is that before the user logins dns cannot be resolved, what can i do for that?
Thanks.
Best Regards,
Nikos
Thanks for the answer and sorry for the delay also to reply back. I am on the ship right now and i am making some tests as also some configuration changes.
The server now as DNS on the nic have only the UMTS Router and clients only the wingate machine. When i am trying to access internet from a client pc the java login applet is not appeared because cannot be resolved, also if i enter any domain. If i enter an ip address (internal or external) then the java login applet appears, the user logs in and the dial proccess is making place from wingate if the umts router is not connected. After that the user is able to access domain names and are resolved normal. So the issue now is that before the user logins dns cannot be resolved, what can i do for that?
Thanks.
Best Regards,
Nikos
- bytelord
- Posts: 7
- Joined: Apr 28 10 1:50 am
Re: DNS & Dialer issue
by adrien » May 24 10 10:36 pm
Hi
You don't have policy set on the DNS service to require authentication do you?
do you have any log events (in the WinGate DNS service log file) showing authentication failures? This is what would be logged if the policy required authenticated access, since DNS cannot auth.
If so, you'll need to set DNS up to not require auth. The easiest way to do this is to add an unrestricted recipient in policies in the DNS service.
Regards
Adrien
You don't have policy set on the DNS service to require authentication do you?
do you have any log events (in the WinGate DNS service log file) showing authentication failures? This is what would be logged if the policy required authenticated access, since DNS cannot auth.
If so, you'll need to set DNS up to not require auth. The easiest way to do this is to add an unrestricted recipient in policies in the DNS service.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: DNS & Dialer issue
by bytelord » May 25 10 12:12 pm
Hi,
I am not right now in wingate installation, so i will check the log file after. I was thinking that aslo about dns authentication and i check it a few times, dns service is accessible from anyone. I remind that until a user authenticates and request internet access there is no active connection, so the only dns that wingate server "see" is wingate service. And the only way to show up the java login method is to enter wingate ip address or a public ip address.
Thanks,
Nikos
I am not right now in wingate installation, so i will check the log file after. I was thinking that aslo about dns authentication and i check it a few times, dns service is accessible from anyone. I remind that until a user authenticates and request internet access there is no active connection, so the only dns that wingate server "see" is wingate service. And the only way to show up the java login method is to enter wingate ip address or a public ip address.
Thanks,
Nikos
- bytelord
- Posts: 7
- Joined: Apr 28 10 1:50 am
Re: DNS & Dialer issue
by adrien » May 25 10 3:49 pm
Hi Nikos
So am I correct in assuming that the UMTS router won't connect when it gets a DNS request? Is there perhaps a setting in it to do that?
When you say WinGate dials, does it cause the UMTS router to dial somehow? If so, then is the setting on the DNS service "allow requests to initiate dialer" enabled?
Regards
Adrien
So am I correct in assuming that the UMTS router won't connect when it gets a DNS request? Is there perhaps a setting in it to do that?
When you say WinGate dials, does it cause the UMTS router to dial somehow? If so, then is the setting on the DNS service "allow requests to initiate dialer" enabled?
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: DNS & Dialer issue
by bytelord » May 26 10 5:23 am
Hello Adrien,
Yes, is configured to dial on demand and works great with that, if the router is not accessible or umts/gprs network is unreachable then wingate uses the dial-up connection in rotation.
No, its a UMTS/WAN and connected on the lan via ethernet.
DNS Service has that option enabled for the dial-up connections, and also dial-up connections are configured properly.
As i said, everything works fine IF only a user until a internet connection is available and/or login uses a public IP address for the first time. If the user entered a domain, e.g www.google.com nothing happens, after a minute wingate passes a timeout error. If i enter a public ip address, then wingate check's the umts router and if the internet is available on the router, use that provider dns, if not tries the dial-up connections. After a successfull connection (either via umts or dialup) the users are able to resolve domains, e.g. www.google.com
In conclusion when there is no internet available on wingate server the clients cannot resolve internet names, so the dial on demand or dial-up proccess is not working.
Thanks again for your help.
Regards,
Nikos
Yes, is configured to dial on demand and works great with that, if the router is not accessible or umts/gprs network is unreachable then wingate uses the dial-up connection in rotation.
No, its a UMTS/WAN and connected on the lan via ethernet.
DNS Service has that option enabled for the dial-up connections, and also dial-up connections are configured properly.
As i said, everything works fine IF only a user until a internet connection is available and/or login uses a public IP address for the first time. If the user entered a domain, e.g www.google.com nothing happens, after a minute wingate passes a timeout error. If i enter a public ip address, then wingate check's the umts router and if the internet is available on the router, use that provider dns, if not tries the dial-up connections. After a successfull connection (either via umts or dialup) the users are able to resolve domains, e.g. www.google.com
In conclusion when there is no internet available on wingate server the clients cannot resolve internet names, so the dial on demand or dial-up proccess is not working.
Thanks again for your help.
Regards,
Nikos
- bytelord
- Posts: 7
- Joined: Apr 28 10 1:50 am
Re: DNS & Dialer issue
by adrien » Jun 01 10 11:22 am
Hi
I think I know what the problem is.
You are using monitoring for dead gateway correct? So WinGate knows if the UMTS device is not connected, and then dials if it gets a request to connect.
However DNS doesn't know about this, so it still tries to do DNS lookups to the UMTS device, which fail if it's not online.
Once you force a connection to an IP, the dialer is connected. Once the dialer is connected, the OS gets assigned a new DNS server from the ISP and it all works again.
So the real problem is that the DNS server WinGate is using (UMTS device) is dependent on its connectivity, but WinGate doesn't know that.
I'm trying to think of a good solution. Ideally WinGate may be configured to know about DNS servers associated with internet connections, but I see some issues communicating that concept to clients.
As for in the meantime, I think perhaps getting something working by IP could be the most expedient. Do the client computers have a home page? You could add some sites to the hosts file on the WinGate computer, then WinGate will be able to resolve DNS for those sites without accessing the internet. If those sites are the browser home page, then WinGate will dial.
Regards
Adrien
I think I know what the problem is.
You are using monitoring for dead gateway correct? So WinGate knows if the UMTS device is not connected, and then dials if it gets a request to connect.
However DNS doesn't know about this, so it still tries to do DNS lookups to the UMTS device, which fail if it's not online.
Once you force a connection to an IP, the dialer is connected. Once the dialer is connected, the OS gets assigned a new DNS server from the ISP and it all works again.
So the real problem is that the DNS server WinGate is using (UMTS device) is dependent on its connectivity, but WinGate doesn't know that.
I'm trying to think of a good solution. Ideally WinGate may be configured to know about DNS servers associated with internet connections, but I see some issues communicating that concept to clients.
As for in the meantime, I think perhaps getting something working by IP could be the most expedient. Do the client computers have a home page? You could add some sites to the hosts file on the WinGate computer, then WinGate will be able to resolve DNS for those sites without accessing the internet. If those sites are the browser home page, then WinGate will dial.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: DNS & Dialer issue
by bytelord » Jun 02 10 11:02 am
Hello Adrien,
You give me some good things to check for an other issue i have. I found where the problem was ... was very simple ... guest user was disabled and i have forgot of that, so until a user authenticates wingate could "run" important services as dns for the "guest" user, but tries to resolve them, so only when i was enter a public ip address could bypass the dns service. I don't have right now access to wingate installation, but i think that monitoring for dead connections is enable.
On Wingate DNS Server i have bind to use any connection (local ethernet, umts router ip and the dialup connections) and also dns is able to dial a connection. Right now i am not on board, i hope this week to go for further tests to solve some issues.
This weekend was a test trip for the boat because was under service. Wingate works fine for internal devices (ipods, broadcasting devices, apple tv, etc), also the internet was available to the users smoothly.
Some issues i have are:
1. Wingate somehow cannot understand enough things for the umts that is connected on the lan and dials a connection, but sometimes still use the dial-up connection for many hours instead that umts is available. What can i do about that? Also sometimes when umts is available and connected to the internet, wingate dial's the first available connection and i don't know why, instead that umts is available. May be if i was enter umts ip address in wingate dns resolver to check first, but this causes me other issues, but i am not sure if this can resolve the issue.
2. When a user run for example internet explorer and enter a site, wingate java applet is coming up and ask asks him for credentials, but also wingate dials a connection if umts is not available for dns resolve issues before the user finish his authentication, these dns requests also may comes from antivirus software or windows update or adobe software. Is any way if there is not available internet connection until a user authenticates to the system to not be able to dial connections for dns resolve? I remind you that if there is no internet connection available the internal wingate site for authentication cannot resolved automatically (our initial issue), except if user enter a local or public ip address. After the authentication everything is working as i wish and everything work smoothly, i am asking that to see if i can save some bandwidth (charges are taking place per kb :) ). Also to remind that on dns resolver i havent enter umts router dns address...
3. Java authentication is a magnificent future, but as you know is not supported on iPhones or other devices with no java availability. I was thinking to use basic authentication (low security on basic auth is not an issue for me), i am able to show an internal web site first as java authentication runs client.htm file??
Thanks again for all your help!
Best Regards,
Nikos
You give me some good things to check for an other issue i have. I found where the problem was ... was very simple ... guest user was disabled and i have forgot of that, so until a user authenticates wingate could "run" important services as dns for the "guest" user, but tries to resolve them, so only when i was enter a public ip address could bypass the dns service. I don't have right now access to wingate installation, but i think that monitoring for dead connections is enable.
On Wingate DNS Server i have bind to use any connection (local ethernet, umts router ip and the dialup connections) and also dns is able to dial a connection. Right now i am not on board, i hope this week to go for further tests to solve some issues.
This weekend was a test trip for the boat because was under service. Wingate works fine for internal devices (ipods, broadcasting devices, apple tv, etc), also the internet was available to the users smoothly.
Some issues i have are:
1. Wingate somehow cannot understand enough things for the umts that is connected on the lan and dials a connection, but sometimes still use the dial-up connection for many hours instead that umts is available. What can i do about that? Also sometimes when umts is available and connected to the internet, wingate dial's the first available connection and i don't know why, instead that umts is available. May be if i was enter umts ip address in wingate dns resolver to check first, but this causes me other issues, but i am not sure if this can resolve the issue.
2. When a user run for example internet explorer and enter a site, wingate java applet is coming up and ask asks him for credentials, but also wingate dials a connection if umts is not available for dns resolve issues before the user finish his authentication, these dns requests also may comes from antivirus software or windows update or adobe software. Is any way if there is not available internet connection until a user authenticates to the system to not be able to dial connections for dns resolve? I remind you that if there is no internet connection available the internal wingate site for authentication cannot resolved automatically (our initial issue), except if user enter a local or public ip address. After the authentication everything is working as i wish and everything work smoothly, i am asking that to see if i can save some bandwidth (charges are taking place per kb :) ). Also to remind that on dns resolver i havent enter umts router dns address...
3. Java authentication is a magnificent future, but as you know is not supported on iPhones or other devices with no java availability. I was thinking to use basic authentication (low security on basic auth is not an issue for me), i am able to show an internal web site first as java authentication runs client.htm file??
Thanks again for all your help!
Best Regards,
Nikos
- bytelord
- Posts: 7
- Joined: Apr 28 10 1:50 am
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest