WinGate Forums

[cb_oz]

Hi,

I am experiencing the following problem and I'm looking for suggestions or comments.

I am using Wingate 5 (orig 5.01, then 5.0.10, now 5.2.2 - problem exists with all the above versions) for public access in a rental building. As such users must authenticate (to the WG DB) to use any services. To keep the multi-platform design we are using the Java window (via the WWW Proxy) to authenticate users. Theoretically, once this window is correctly logged in the ENS service may be used (I believe this worked on the original install). Unfortunately only the proxy services appear to be working correctly. WWW and POP3 Proxies work fine, any NAT request (ICMP, POP3, etc) show in the activity and history logs (against the user they are authenticated as) appearing fine however the clients never receive a reply.

I'll briefly describe the system setup:
Intel Cel 1Ghz with 512Mb RAM
Win XP Pro
Wingate 5.2.2
Xitami Web Server
Custom Telephone Accounting Software
2 NICS, One Internal 192.168.0.x subnet, the other is the Internet Interface 10.0.0.x subnet, which connects to a DSL Modem using PPPoE and becomes another interface using a public subnet. Additionally there is other incoming / outgoing interfaces. I have the Interfaces setup as following:
LAN NIC Trusted
Loopback Trusted
DSL NIC Neither
DSL ISP Public

With the above in mind I have attempted various changes to Firewall settings, WWW Proxy transparent redirection, etc with no luck.
I believe the WG Server is receiving the NAT request (i.e. it's showing in the activity window) and it is either not able to access the internet correctly or fails to return the responses to the client PC's.

If it is of any value, a simple "ping google.com" shows the four requests in the activity window and they appear for 10 secs or so each. In the history log it shows 60 Bytes IN 0 Bytes OUT.

Any comments or suggestions would be greatly appreciated.


Regards,

Clint.

[adrien]

Hi Clint

We just released version 5.2.3, which amongst other things changed the way we support dialups in the ENS. Mostly PPPoE setups use a dialup-type configuration, and so it would be worth-while you trying this latest version. We had been having ongoing problems with some PPPoE installations from version 5.0.7 until 5.2.2.

Let me know if this solves the problem, otherwise we can send you a 5.0.7 driver to run (which will run with all versions post 5.0.7 as well).

Adrien

[cb_oz]

Adrian,

After installing Ver. 5.2.3 I've experienced a number of Wingate related and non related problems which has lead me to backing up logs and rebuilding the server.

Regardless of that I could not get the NAT connection s showing in Activity View but I did get the following debug log entires repeatetively:

------------------------------
02/27/04 13:37:29 Debug: NAT error message code FFE0B40B, context 1412 OutICMP=0, InICMP=0, OutUDP=0, InUDP=0, OutTCP=0, InTcp=0
02/27/04 13:37:29 Debug: NAT error message code FFE0B40B, context 1420 OutICMP=0, InICMP=113, OutUDP=0, InUDP=0, OutTCP=0, InTcp=0
02/27/04 13:37:29 Debug: NAT error message code FFE0B40D, context 1426 Total locked memory in use is 190632
02/27/04 13:37:29 Debug: NAT error message code FFE0B40E, context 1433 Unknown Frames = 0, Status Queue Size = 128
------------------------------

I'll advise how the rebuild goes is several hours time, in the meantime if you have any concerns with the above debug log please advise.

[adrien]

Those log entries can be ignored, they are simply the driver reporting memory usage.

As for the nat connections showing in Activity, this would imply that the driver does not believe it is creating a NAT session.

The only circumstances under which the ENS will create a NAT session is if it receives a packet on an interface marked as internal and this packet must be relayed out an interface marked as external.

So, the first thing to check would be that you have the interfaces set up properly in GateKeeper under Options: Advanced Options: Network Interfaces.

Adrien

[cb_oz]

Adrian,

Thanks for the feedback, the interfaces hadn't changed since the above post and yet the activity tab didn't show NAT connections (or attempts) like it use to and still no connectivity.

Anyway, I uninstalled WinGate and cleaned up the PC including all network interfaces, etc. Reinstalled 5.2.3 from scratch imported the registry keys holding the wingate user accounts and reconfigured all options exactly as they previously were and now everything is working perfect, except for my dialin interface, it's now blocked by the firewall settings for the Internet PC's. It doesn't show up in the Interface tab in Advanced.

So I now have two questions:
1. How can I configure ENS to not firewall (or at least not the internet settings) on my WinXP dialin connection? The IP assigned is the same subnet as the LAN card.
2. I'm tweaking the use of Wingate and have been considering launchying the Java authentication client via an intranet link rather then the proxy initiating it. I do have that working but can I ask for more information on the variable that can be passed into it? So far I'm using http://wingateserver:8080/wingate-inter ... ebsite.com. Can I be previlidged to knowing all the variables I can pass this Java applet?