WinGate Forums

[johndlcg]

Hello everyone.

i just want it to know why i try to move all my users to be assumed by name and when configure some doesnt work.

i'm running the 6.0.2 version of wingate.

Cheers

[adrien]

Hi

WinGate only knows the computer name based on the IP of the connected client if it assigned the IP to that client with DHCP.

So if the client computer didn't get its IP from WinGate's DHCP server, then WinGate won't know its computername, and then won't be able to assume user based on computername.

Regards

Adrien

[Alen]

WinGate only knows the computer name based on the IP of the connected client if it assigned the IP to that client with DHCP.

Cann't Wingate use NetBIOS or DNS server to resolve names?


P.S.
Adrien, you promised to clarify the BC issue more than month ago. I am still waiting...

[johndlcg]

knowing that, i have another question..

is there a way that i can use my domain DHCP instead of wingate???
i saw that wingate can use an external DNS server...

Thanks for your help

[adrien]

Hi

no problem to use your domain DHCP. All you need to do is

a) disable WinGate's DHCP server
b) configure the default gateway that the domain DHCP server allocates to be the IP of the WinGate machine

Depending on requirements for DNS you probably don't need to assign clients to use WinGate for DNS either, just forward the AD DNS server to WinGate. Make sure WinGate won't use the AD DNS server straight back though or you'll have a DNS loop. You can prevent this by running the WinGate Advanced Options applet and adding the IP of the AD server into the DNS settings in there.

Regards

Adrien

[johndlcg]

Hi Adrien, thanks for the replay.
Correct me if i'm wrong on my configuration

This is my scenario.

Wingate:
Already have the DHCP and the DNS servers of wingate disbaled.
i enter my domain DNS on the DNS/WINS Reolver Configuration and in the advanced Options of wingate.

PC:
I have two nics on this machine, as you know, 1 for LAN and 1 for Internet.
On the wingate server (internal LAN) i dont have a default gateway configured, cause everytime i use it, i lose internet, on the (external ISP) side, i do.

i havent restart the winagte service yet, but i'll wait for your answer to do it.

Thanks in advanced for your help.

John

[adrien]

Hi Adrien, thanks for the replay.
Correct me if i'm wrong on my configuration

This is my scenario.

Wingate:
Already have the DHCP and the DNS servers of wingate disbaled.
i enter my domain DNS on the DNS/WINS Reolver Configuration and in the advanced Options of wingate.

OK. Having the setting in the Advanced Options is correct.

PC:
I have two nics on this machine, as you know, 1 for LAN and 1 for Internet.
On the wingate server (internal LAN) i dont have a default gateway configured, cause everytime i use it, i lose internet, on the (external ISP) side, i do.

This is normal. That's because the purpose of a default gateway is to tell the computer where the Internet is. Unless the internet is out your LAN adapter, this just confuses the OS. If you have other subnets and routers on your LAN, you'll need to add specific routes for those subnets instead of using the default gateway setting.

i havent restart the winagte service yet, but i'll wait for your answer to do it.

Thanks in advanced for your help.

John

Regards

Adrien

[neoby]

Hi

I know that this topic is old but I would like to make a follow up question.

The question is how to stop wingate from assuming user after the first logon thru the smtp service. I did not setup any user to be assumed but it seems that wingate remembers everything during the first logon so it ignores user and password changes. I know that this behavior is good but not the case if I opted for my users to always authenticate when sending email. I would like to know if there's a cache for sender credentials and how to clear it. Thanks.

Regards

Neoby

[adrien]

With WinGate 7 you can use credential rules to control how long credentials are cached. So you can set the time to 0. You can control per IP / MAC / Computername.

This comes into force when the final connection from the client is disconnected. If a client maintains a connection with the proxy, it maintains the association of the credentials with the IP.

Regards

Adrien

[neoby]

You always divert the subject to v7. Well you don't provide any support to older versions do you? Not even a single word. Ok, that's fine! I know your reasons. It's just hard for me to upgrade this time.

Until next time...

Neoby

[adrien]

well....

you asked if there was a solution. There is if you upgrade to WinGate 7.

I don't know about what you could do for WinGate 6. There are a couple of registry settings for

a) what to do when the final connection from a computer is closed (leave creds, downgrade to assumed, or downgrade to Guest)
b) how long after the final connection is closed before doing the downgrade in (a).

You could try those.

HKEY_LOCAL_MACHINE\Software\Qbik Software\WinGate\Settings
MachineTimeout REG_DWORD (seconds before machine disappears after final connection closed: default value is 30)
MachineTimeoutAuthAction REG_DWORD (how do downgrade creds when final connection closed: 0 = set assumed, 1 = do nothing / retain creds, 2 = set Guest)

You'll need to create these registry values, and set the MachineTimeout to 0, and MachineTiemoutAuthAction to 2 then restart WinGate.

We still support WinGate 6, but we don't plan on adding lots of new features to WinGate 6, that is what WinGate 7 is for.

There are a lot of customer issues and even bugs with WinGate 6 that we fixed in 7, so of course I always recommend people update. It's a much better (we think) product. We're not just fishing for upgrade revenue, often people's existing 6.x license works in 7 already. It solves many support issues for customers and us, such as most if not all the DNS issues, DHCP issues, and a heap others.

Adrien

[neoby]

Ok!
But in my case, our server configuration is based on wingate 6, I'm afraid I will have to redo the configuration if I upgrade to wingate 7, this will require additional programming on my part. Well thanks anyway.

Regards

Neoby

[neoby]

MachineTimeoutAuthAction REG_DWORD (how do downgrade creds when final connection closed: 0 = set assumed, 1 = do nothing / retain creds, 2 = set Guest)

? = dispose creds

Is there a value for disposing creds?

Neoby

[adrien]

Hi

Guest = no creds, so that's option 2.

Regards

Adrien

[adrien]

p.s. to upgrade to WinGate 7 you do need to re-do policies.

Pretty much everything else (except scheduler, and cache config) are retained or migrated.

I'd recommend looking at our youtube channel - you might see some good reasons to update

http://www.youtube.com/user/qbiknzltd

Regards

Adrien

[MikeMeyers]

I have to warn you .. upgrading to V7 is not easy like Adrian tell you that.
We had Wingate 6.6.4 up and running for over 300 Users, with some restriction for Groups, User, Forwarding Policys, Redirections and so on
So we create a clone of the current machine and trying the upgrade there. All restrictions where gone, some bindings where "destroyed" or damaged. We try to repair this and then we stuck with the policys as we found many strange problems, user group checks generate strange problems, connections control could not be used and so on.

Now i delete the complete installation and made a fresh one, that installation is looking better now but i have to add all users and everything else manually. That is the point where we think to change to a other produkt instead of reactivating/upgrading our current license.

If i think back how long a new version was anounced... Wingate 200????.. then Wingate 7 how many years? and you can not do a update or import your restrictions and other things.. poor.

[adrien]

Hi Mike

How easy an upgrade to 7 is depends mostly on your existing policy requirements.

You shouldn't need to manually reenter any users or groups. WnGate migrates all of those.

We can assist (remote desktop or teamviewer) with the upgrade to make sure it goes as smoothly as possible.

It should still be possible to migrate your old users and groups, even if you re-installed from fresh, rather than having to re-enter them. That's a nightmare for 300 users.

Bindings can change if the duplicate machine has different network adapters, or adapter settings, or if your previous binding rules were IP-specific. Adapter-usage-specific binding rules should function as they did. In fact we didn't even change any code for bindings, so it uses the same config, and you'd have the exact same problem if you moved to WG6 on the other computer.

If you'd like us to help, email us at support@wingate.com, and we can organise a remote assist.

Regards

Adrien

p.s. Yes, WinGate 7 took a long time. It was at one stage called WinGate 2007. We don't deny any of that.

But trying to import those old policies proved to be impossible. We would not have been able to implement the new policy system properly if it had to be able to migrate the old settings. Everything else (except scheduler and http cache) we migrate, and we did a lot of work on this. If there were problems with migration of specific things that was unexpected we'd like to know about it so we can fix it.

[jrosen]

I have to warn you .. upgrading to V7 is not easy like Adrian tell you that..

I am doing it right now, having my old wingate up and running and trying to understand wingate7. Ok its a new wingate, but i used the posted movies on youtube and trial and error. And its starting too look something, think it will be up and running next week.

Its not easy, however Adrien has been very helpfull and answering my questions, both in the forum and mail. I think the support is very good and they work with you so that you can understand the (better) new version.

But trying to import those old policies proved to be impossible. .

The pain for me was my old policiys, and the white/black lists. I did a register export of my old installation, in that text file i got my old webpages. 1 hour later and a lot of cut and paste i hade exported it to 2 new wingate7 lists.

Maybe you could do an export tool thats dumps the sites into textfiles, think that should save a lot of time and frustation. The textfiles will then be up and running in a couple of seconds.

[MikeMeyers]

.

[adrien]

Hi

it's a shame you didn't seek help in our support desk, we can greatly assist in migration.

We did a lot of testing of migration of users. I think something got messed up with the NextRID setting in the registry, possibly due to multiple install / reinstall / migrate attempts etc.

Once that is messed up, it would be a nightmare which it sounds like you are seeing. Everything is based on SID. Users, group membership, user policy, permissions etc. If the SIDs are not being set properly because of a bad NextRID setting, then all these areas of WinGate function would behave badly.

I will see if there's some more sanity checking we can do on that value to avoid issues with it.

If you're prepared to give it one last go, I will do it myself remotely at a time that suits you.

Regards

Adrien