VPN SSL - PLEASE, HELP ME !

Forum for all technical support and trouble shooting of the WinGate VPN.

Moderator: Qbik Staff

VPN SSL - PLEASE, HELP ME !

Postby christian » Jan 27 10 11:46 am

Hello,

I have a problem to establish an SSL VPN between two computers with Wingate.

In Wingate:

- VPN Server side: the computer of VPN client appear "online" but does not responding (pinging, sharing ...)
- VPN Client side: The computer of VPN server appear "testing ..." and other computers appear "offline"



Details:


Networks::

Client side:

Client (Wingate) with Windows XP Pro SP3 on a virtual machine (VirtualBox)

VirtualBox with Windows XP Pro SP3 on a physical machine
VirtualBox using a "bridge connection" on the physical machine
The physical machine using a "modem router" on Internet

Server side:

Server (Wingate) with Windows XP Pro SP3 on a physical machine

The physical machine connecting to a WAN through a routing software (NAT)
The routing software is another wingate with Windows XP Pro SP3 on another physical machine
This other physical machine connecting to the Internet through a "modem router (ADSL)


IP Addresses::

Client side:

Internal interface of the VPN client (Wingate in VirtualBox): 193.167.1.1
External interface of the VPN client (Wingate in VirtualBox): 10.0.0.185

Interface of the "connecting bridge" VirtualBox on physical machine: 10.0.0.184
LAN interface of the physical machine: 10.0.0.183

LAN Interface 'modem router ": 10.0.0.138

Server side:

Internal interface of the VPN server (Wingate on a physical machine): 193.167.0.1
External interface of the VPN server (Wingate on a physical machine): 192.168.0.2

Internal interface of the routing software (Wingate): 192.168.0.1
External interface of the routing software (Wingate): 10.0.0.183

LAN Interface "modem router": 10.0.0.138


Summary 1:

[LAN] 193.167.1.xxx --

[Internal interface of the VPN client Wingate] 193.167.1.1 - [external interface of the VPN client Wingate] 10.0.0.185 --
[Interface of "connecting bridge" VirtualBox] 10.0.0.184 - [LAN interface of the physical machine] 10.0.0.183 --
[Interface "modem router"] 10.0.0.138 - (ADSL internet) - [Interface "modem router"] 10.0.0.138 --
[External interface of the routing Wingate] 10.0.0.183 - [internal interface of the routing Wingate] 192.168.0.1 --
[External Interface Wingate VPN server] 192.168.0.2 - [internal interface of the VPN server Wingate] 193.167.0.1 --

[LAN] 193.167.0.xxx


Summary 2:

LAN - Wingate (VPN server) - DMZ - Wingate (routing) - WAN - modem router --
- Internet (ADSL) --
- modem router - LAN - VirtualBox (bridge connection) - [Virtual Machine: External Interface Wingate (VPN client) --
Internal Interface Wingate (VPN client) - LAN]


Details:


- The VPN connects 2 LANs:
_ LAN (virtual) client VPN side
_ LAN (physical) server VPN side

- There is no computer connected to the virtual LAN (internal interface of Wingate on virtual machine):
_ This internal interface has been created to allow Wingate to have 2 interfaces (internal and external)
_ This internal interface is not connected to any physical interface


- All computers on the LAN (VPN server side) must communicate with the virtual computer (VPN client side)

- The SSL VPN is completely connected:
_ All redirects ports TCP and UDP are made
_ It is a routing problem (I think ...)



How to solve this problem?

Thank you very much
christian
 
Posts: 8
Joined: Jul 23 09 3:14 am

Re: VPN SSL - PLEASE, HELP ME !

Postby genie » Jan 28 10 6:24 pm

In order for the VPN to work correctly, tcp and udp ports for your VPN configuration must be accessible (through firewalls and NATs).
genie
Qbik Staff
 
Posts: 1788
Joined: Sep 30 03 10:29 am

Re: VPN SSL - PLEASE, HELP ME !

Postby christian » Jan 28 10 8:39 pm

Hello,

All TCP and UDP ports (809) for etablish the VPN are accessible through firewalls and NATs.

Where is the problem ?


Thank you,

Christian
christian
 
Posts: 8
Joined: Jul 23 09 3:14 am

Qbik, I need your help

Postby christian » Jan 30 10 10:15 pm

Hello,

Can you solve my problem of VPN, please ?

I not think this is a problem of firewalls or NATs because nothing is recorded in my logs.
I think it is a routing problem and I am unable to know which road should be published and if I manually create other road.

How I can verify that everything is good for the routing of my ports TCP 809 and UDP 809 ?
Is there a tool to check the routing?

What other test I can do ?


Thank you
christian
 
Posts: 8
Joined: Jul 23 09 3:14 am

Re: VPN SSL - PLEASE, HELP ME !

Postby christian » Feb 09 10 11:52 pm

Problem solved, thank you.
christian
 
Posts: 8
Joined: Jul 23 09 3:14 am

Re: VPN SSL - PLEASE, HELP ME !

Postby Thredbo » Feb 26 10 12:30 pm

christian wrote:Problem solved, thank you.


How did you fix it?
Thredbo
 
Posts: 9
Joined: Nov 12 09 12:36 pm
Location: Thredbo, NSW

Re: VPN SSL - PLEASE, HELP ME !

Postby biblexy » Jun 21 10 8:06 pm

What is the fastest, least latency VPN protocol? I am setting up a VPN across two DD-WRT routers. Information traveling over this VPN is not sensitive or private, I just want the fastest possible transmission speeds between my two VPN endpoints. I wouldn't even mind if i didn't have to encrypt it. What is my best option here? I've started setting up PPTP with OpenVPN keys, but don't want to go much farther if there's an option with less latency.
__________________
affiliateelite
Last edited by biblexy on Jun 25 10 7:42 pm, edited 1 time in total.
biblexy
 
Posts: 1
Joined: Jun 18 10 7:29 pm

Re: VPN SSL - PLEASE, HELP ME !

Postby adrien » Jun 22 10 11:30 pm

Hi

latency is more often a function of the type of connection (e.g. DSL is worse than fibre) and distance. I wouldn't expect VPN tunnel protocols etc to add latency in a noticeable way. WinGate VPN allows you to turn off encryption if you wish, which will make the packet generation very slightly faster, but normally such savings are swamped by link latency.

Other things to look at are MTU through a VPN tunnel (e.g. what is the extra per-packet overhead of going through a VPN tunnel, and how does this affect max payload per packet). In this respect, protocols that layer over UDP suffer a bit, since there's an extra 8 byte overhead for the UDP frame - compared with things like GRE (used for PPTP), or ESP (used for IPSEC - not NAT-T though)

reduced MTU can affect your bulk throughput.
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate VPN

Who is online

Users browsing this forum: No registered users and 24 guests

cron