WinGate Forums

[robn]

I currently am testing Wingate VPN version 1.2.3 it works fine on the internal network (i.e. can connect 2 PC together fine), not going through the firewall.

But when I try using the same 2 PC but change the JOIN VPN, server IP or DNS Name to match our external facing DNS IP the connection fails with the message "Connection to remote host time out". In the History logs on the VPN server machine there is a message "Connection from IP 0.0.0.0 failed. Pre negotiation of acceptance failed".

I have set the firewall up to forward the relevant port to the VPN server, and when I check the Firewall monitor I can see the this is been done and the ports are been forwarded.

What I am trying to do is establish if an external connection to the VPN server can be made.

Has anyone else had this error or am I doing something wrong?

Thanks

Rob

[Pascal]

1. Do you have sufficient free-space on the disk ?
2. Are the certificates created and the correct fingerprint imported on the joiner ?

[robn]

The Disk has over 30G free space both machine are p4 2.66 with min of 256ram.

The certificate I created is the same as the one I use for the direct link which works fine, all I have done is change the IP of the IP Server or DNS Name object to match the outward facing IP address.

Is this correct?

[Pascal]

The setup all sounds correct, although I'm dubious about the testing environment. Is it possible to physically separate the machine that will be joining the VPN from the network ?

It should be setup to join the VPN on the Hoster's external IP (Or DNS name if you have one).

[robn]

I will try accessing it from my home network, through my ADSL and see how that goes and get back to you

thanks

Rob

[robn]

I've now managed to get the connection working from my home network and can see the vpn host server and the network domain and machines on the domain but the only machine I can access is the VPN host server. Some times the other machines on the netork come back looking like they are active but when I try to explore them nothing happens, and some times they appeared greyed out with Not accessible next to the name. Is this dues to these machines not having there own individual license or something else?

[archmayge]

i am haveing the same problem with Connection from IP 0.0.0.0 failed. Pre negotiation of acceptance failed. if you have any advise please email me at kevin_derossett@comcast.net. my friend is trying to connect to me he connects to the internet through a linksys router and dsl. his router has port 809 and 2500 open. I am connecting to the internet with a netgear router and cable. my router has ports 809 and 2500 open.

what am i doing wrong??? am i using the wrong ports or do i need to open more???

any help would be great, thank you

[Pascal]

I've now managed to get the connection working from my home network and can see the vpn host server and the network domain and machines on the domain but the only machine I can access is the VPN host server. Some times the other machines on the netork come back looking like they are active but when I try to explore them nothing happens, and some times they appeared greyed out with Not accessible next to the name. Is this dues to these machines not having there own individual license or something else?

9 times out of 10 that is a routing problem. Your clients need to be able to get to the remote network as well. As it's a routing VPN, you need to tell them how to get to the remote network. There are three ways to do this:

1. Set their default gateways to the VPN Server.

2. Install a RIP v 2 listener on each client. This is available as a free download from our website.

3. Setup a static route on each client, to point all traffic for the remote subnet through the VPN Server.

[jono659]

Hi, if you want to take a look we have a self help group here > http://fishyfingerssl.com/phpBB2/viewfo ... 9eab69bd50

[robn]

Hi

I have installed the rip client V 2 on certain client PC to test, I have been able to access one a few times but more often than not I still get the Not accessable message. Also the connection seems to drop itself at random times, and the setting on the tunnel changes from 'Active' to 'In statis'. What does this mean? Also is there anything else i can do to keep the connection more stable?

Regards

Rob

[Pascal]

What connection drops ? The internet connection or the VPN control channel ?

[robn]

The VPN connection

[Pascal]

The VPN connection will normally drop because of an insufficient number of keepalives or some general form of socket error. If you turn debug logging on for the VPN connection (Both ends) do you see anything that might give us a clearer indication of where the problem is ?

[robn]

Hi Pascal

I will turn them on and try it out later and get back to you

Many thanks

Rob

[robn]

Hi the connection still does not appear to be working correct and now sometimes the machine I have chosen to host the VPN losses its network connection when Wingate VPN engine is running. But is fine when it is stopped.

I turned on the debug mode and nothing new was shown. I am still only able from a remote location to access the host machine, and the rest of the network is displayed as "not accessable" even when the internal network machine plus the remote client have rip 2 running on them.

Two things:

1. just to clarify do the machines on the internal network need to have the VPN client running on them to be able to be accessed them from the remote location vpn.

2. On the firewall I currently have blocking on TCP port 139 and UDP ports 137 and 138 could this be causing any problems?

Just to fill you in a bit more all the machines on the internal network have their default gateway set to the internal Firewall/router to provide internet access including the machine used to as the host VPN, could this be affecting anything?

Many thank

Rob

[jono659]

Hi the connection still does not appear to be working correct and now sometimes the machine I have chosen to host the VPN losses its network connection when Wingate VPN engine is running. But is fine when it is stopped.

I turned on the debug mode and nothing new was shown. I am still only able from a remote location to access the host machine, and the rest of the network is displayed as "not accessable" even when the internal network machine plus the remote client have rip 2 running on them.

Two things:

1. just to clarify do the machines on the internal network need to have the VPN client running on them to be able to be accessed them from the remote location vpn.

2. On the firewall I currently have blocking on TCP port 139 and UDP ports 137 and 138 could this be causing any problems?

Just to fill you in a bit more all the machines on the internal network have their default gateway set to the internal Firewall/router to provide internet access including the machine used to as the host VPN, could this be affecting anything?

Many thank

Rob

Hi
Wigate VPN only needs to be installed on the machine that the router ports are directed at.

Have you selected local network participation in gatekeeper

The ports you have blocked may be a problem as theses are the ports netbios uses i think, do you have firewall on the network machines (xp)?

Does your licence allow for the machines in the network

the router being the default gateway shouldnt be a problem does it have rip2 enabled? if not do you have rip2 client insalled on each of the network machines (apart from the "master"

JonO

[robn]

Hi

Local network is selected

No firewalls running on individual PC's just the company firewall

Running the trial licence of Wingate VPN at the moment

Rip2 is not on the firewall but it is on serveral of the corporate network machines, and non of these appear to be accessible.

Rip2 is installed on the master/host machine is this correct?

Anyone any ideas what the problem could be?

rob

[jono659]

Dont think you need the rip2 client on the main machine its built into the vpn. If you want to check in to here
http://fishyfingerssl.com/phpBB2/viewfo ... b3dbeb9a54

and gimme a shout maybe try connecting to my vpn and we can look at the logs

Regards

JonO

[robn]

Right after removing the blocking on Ports 135, 137 to 139 I can now see and access the machines with Rip2 running on them. So looks like it was port blocking that was causing the problem there.

But have now come across another problem in that when I access the VPN from the remote location and browse the PC's I can see. Certain PC's on the LAN network lose connection to certain areas of the internal network (i.e. can't connect to domain controller or exchange server or certain other internal domains).

The PC's that lose these connections appear to be all Windows XP with the rip2 client running, as soon as the rip2 client is stopped they can access the network fine again.

Is this a problem with the rip2 client and XP or is it something else? has anyone else had this problem?

Regards

Rob

[jono659]

Do you have rip2 enabled in the router?

[robn]

no its a stand alone firewall hardware devise that does not have rip2 enabled

[jono659]

are there any non xp machines running the rip2 client and not getting this problem?

[Pascal]

1. just to clarify do the machines on the internal network need to have the VPN client running on them to be able to be accessed them from the remote location vpn.

No, they do not. As for the RIP client, that needs to go onto the machines behind the Server / Joiner. (The LAN machines). Putting it on the Server or the Joiner will give you problems.

2. On the firewall I currently have blocking on TCP port 139 and UDP ports 137 and 138 could this be causing any problems?

Just to check - which firewall ? The WinGate / VPN firewall, or the one for your router ?

access including the machine used to as the host VPN, could this be affecting anything?

It should not, if you use one of the other two methods to inform the client machines (LAN) of how to route to the other subnet.

[robn]

Hi Pascal thanks for your response

The port blocking was on my router firewall, after removing this blocking I was able to access the internal network clients running rip2. Do you know which of these specific ports it could be that needs to say open (all all of them?).

What kind of problem could be caused by having the rip client on server or the joiner? As have just realised the rip client was on my home PC!

So now I can access machines on the internal network and see the machines running rip2 client. But have 2 issues.

1. When the vpn is set up and I have the host on one internal domain and attach another internal domain to the VPN plus my home PC, machines on the host domain running Windows XP and the rip client appear to lose connection to certain parts of the network (i.e. contact with the exchange server (on the same domain), and access to other internal domains. When I unattach the second domain machine from the VPN this access appears to return. Is this a known problem?

2. I only appear to be able to access machines running the rip2 client from my home PC when they are fully logged onto the network. By this I mean that I am unable to attach to them when they are turned on but not logged on (i.e. when the user name and password screen is up). Is this correct? Is it because the Rip2 service does not run until the machine is fully logged on?

Many thanks

Rob

[Pascal]

The machines at home, are they running 9x or similar, or are they NT based machines ? Double check the startup properties for that service, to ensure it's set to start on boot.

[robn]

The home machine is running windows xp home, the machine I'm having problems with the rip2 client on the internal network are windows xp pro sp1. The rip client service is set to start automatically but there is no option to start on boot. Is there another way of doing this?

many thanks

rob

[Pascal]

Start automatically = start on boot. (Couldn't remember the correct name) So the service should be running normally. I'll see if anyone here has any other suggestions.

[robn]

When set to automatic it could not be accessed, but I looked on the web and found that there was a way to ensure the service started on boot. To do this I added a scheduled task which was set to start the service on startup this appears to have solved the problem.

Thanks

Rob