WinGate Forums

[shb]

Hello all,
I run a small LAN from home connected to the internet via Wingate. Currently I do not have the Wingate-VPN enabled.

I ocassionally bring home a laptop PC from the office (where they run Microsoft VPN). I plug it into my home LAN and it successfully connects to the office VPN through my wingate server (using NAT I guess). So far so good....

Now I'm getting ambitious :-) I want to continue to be able to connect from home to the office using their Microsoft-VPN. Also, when I'm in the office, I would like to be able to connect back my home PC. How do I do this securely ? I assume that I will need a Wingate-VPN licence (1 user)... and will need to run the Wingate-VPN-server on the wingate-server.... But its not the Wingate server that I want to connect to. Its my XP machine on the LAN behind it. Do I need to run any special software on it ? Do I need to come into my wingate-PC (from the outside world) on any special port ?

Do I need to run any specific software on the PC I'm connecting from ? Or is just running the VPN wingate server software on my wingate machine enough ? And what's the advantage (if any) of using the Wingate-VPN over the microsoft one.. Does the microsoft one work in both directions (or only outbound from behind the wingate server) ?

Finally, is there a brief tutorial on all this somewhere online...

Thanks in advance, regards SHB

[neil]

Well in a word, yes, all this is possible. If using the WinGate VPN, to join work and home, then you'll need to run WinGate at both ends. Your home WinGate machine would be the Server (or Host) and your machine at work would be the client (or Joiner). Taking the home side first, all you need to do to be able to access any machines on your home network is to make sure that these other client computers (at your house) have their DNS and Default Gateways set (in ach machines TCP /IP properties) to point out through WinGate (which if your using NAT for your home connections out, rather than proxy or WGIC, it sounds like this is already done). So now all you need to do is, on the WinGate server at home, export the config to file (1 click in GateKeeper GUI). NO other configuration needs to be done on your home end.

Now at your work, simply import this config file (another 1 click operation in Gatekeeper), and your ready to connect back to your home network.

The only additional to this is that your home network will have to be connected to the internet, ideally with a permanent / static IP, as WinGate will need to know where to connect to from your work. (or at least an IP that doesnt change too often).

You can find more info on this at:

http://www.wingate.com/product-vpn.php

and

http://www.wingate.com/resources.php

particularly

http://www.wingate.com/files/understand ... te_vpn.pdf

Regards

Neil

[shb]

thanks for the reply... some specific questions:

1. Do I need to buy a Wingate-VPN licence ? Is it a plugin or a separate product ? And as it is only 1 person (me) I assume that is just a one person licence (or does each end count making it a 2 person licence) ?

2. The diagrams imply that it would be connecting the whole of one LAN to another. I do not what anyone on the work LAN to be able to VPN into my home machine, just me. Is that also catered for ?

3. Is any software needed on the client pc (the one out there on the internet) ? (e.g. any Wingate software) ?

4. If no wingate software in needed for the client pc, couldn't anyone on the net connect in ?

5. Do I need to get my work firewall administrator to open up any ports for me ? I know that the Microsoft VPN uses port 3389, does the Wingate-VPN use the same port ?

[neil]

Answers in order:

1. You don't need any other software, the VPN is controlled through licencing. WinGate is licenced per machine, so in your scenario, you would need a 1 user licence for your work machine, and a 3 user licence for your home network. A 1 user licence allows local machine access only, so this would stop anyone else on your network at work connecting out through you, but if you want to get to machines at your home that are behind WinGate you will need a 3 user licence (the next one up after a 1 user licence).

2. As mentioned above, if you only have a 1 user licence on your work machine, then only this machine has access to the VPN. Also, your work collegues would have to set their Default Gateways to point through you.

3. No no other software is required on the client machine behind WinGate, as long as the Default Gateway of this machine is pointing back through WinGate. This can be set manually in the TCP /IP properties of the client machine or you can run a RIP client on it (QBIK has one available to download from http://www.wingate.com/download.php.

4. Not anyone could connect in, because when you create your VPN on your home machine, a certificate is generated, with a finger print. You export this to the configuration file (from Gatekeeper), and then import at your work end. There is also a user name and password that the joining machine has to enter (much like you do to login to Gatekeeper). So someone on the internet would have to get a copy of individually generated certificate, as well as guess your user name and password to connect.

5. WinGate VPN can use any port you care to. By default this is 809. If you use this port number then you would need your work firewall to redirect UDP traffic on this port through to your work computer.

Regards

Neil

[shb]

Thank you for for thorough answers :-)

You have cleared up some of my major issues. But I'm still a little confused about the licensing (sorry for being a bit slow):

1. You say that I don't need any other software. At home I already have Wingate (3 user licence). At work they do not use Wingate at all. So if I understand you correctly I would just need to buy a 1 user licence of Wingate-VPN (for my work pc) as my home machine already has what is required. Please confirm this is right.

1.a. Previously you wrote "you'll need to run WinGate at both ends". What I think you mean is that I need to run "Wingate proxy server" on my home network (which I already do), and "Wingate-VPN" on my work laptop (which I'll have to buy). Is that right ?

2. I only want one machine (mine) to have access from my work. I'm confused that you wrote: "Also, your work collegues would have to set their Default Gateways to point through you. " IS that only if I wanted other people from my work location to also have access ? So therefore I won't need that ?.

3. On my home network, the default gateway of the target machine (behind the wingate server) is already pointing back through the wingate server. Please confirm that this means that I will not need the RIP client.

4. Completely clear :-) , thanks
5. Completely clear :-) , thanks.

[shb]

Neil ?, you there ?

[neil]

Again, to answer in order:

1. No you WinGate and WinGate VPN are seperate licences so you will need to buy a 3 user WinGate VPN licence for your home. For work you could just buy a 1 user WinGate VPN licence which would mean you wouldn't need the full blown WinGate and could use the 'road warrior' version (WinGate VPN only).

1a. See above

2. Correct. And my point was that even if they did try this, because you only have a 1 user licence they wouldn't be able to get through anyway, as a 1 user licence is only for the local machine.

3. This is indeed sufficent. You will not need the RIP Client.

Regards

Neil