Hi
I'm using Wingate 7 on a W2K3 server (192.168.0.1) accessible through a DSL box with a static public IP address (routing incoming traffic to 192.168.0.1).
I want to hide my public IP only for some services (online games, IRC..).
So i have routed outgoing traffic for the desired services through a VPN (vyprvpn).
When the server connects to the VPN, everything works fine except my public IP and mail & WWW services that become unavailables.
Where does this problem come from ?
Why is incoming traffic rejected ?
Any idea?
Thanks
VPN & ROUTES
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Re: VPN & ROUTES
by adrien » Apr 04 13 1:58 am
Hi
what VPN software are you using? Sounds like you've set it to use default gateway on the remote network, so if you get an incoming connection request, your reply will go back over the VPN and not complete the connection handshake.
Regards
Adrien
what VPN software are you using? Sounds like you've set it to use default gateway on the remote network, so if you get an incoming connection request, your reply will go back over the VPN and not complete the connection handshake.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: VPN & ROUTES
by damien » Apr 05 13 6:58 pm
Hi,
DSL connection (external) 192.168.1.2 192.168.1.1 (adsl) DHCP
Internal Network (internal) 192.168.0.1 STATIC IP
--
vpn (external) 30.31.32.33 30.31.32.250
The adsl router redirect some ports on 192.168.1.2 that becomes unreachables when vpn is on.
The vpn is VYPRVPN form giganews and it actually uses PPTP protocol (L2TP is also available).
Thanks.
DSL connection (external) 192.168.1.2 192.168.1.1 (adsl) DHCP
Internal Network (internal) 192.168.0.1 STATIC IP
--
vpn (external) 30.31.32.33 30.31.32.250
The adsl router redirect some ports on 192.168.1.2 that becomes unreachables when vpn is on.
The vpn is VYPRVPN form giganews and it actually uses PPTP protocol (L2TP is also available).
Thanks.
- damien
- Posts: 24
- Joined: Apr 02 13 10:22 pm
Re: VPN & ROUTES
by adrien » Apr 05 13 8:12 pm
Hi
this isn't particularly a wingate issue. Fundamentally when you join the VPN, it sets the default gateway so that any outbound packets to any non-local address will be tunneled over the VPN.
If an inbound packet is forwarded by your router to the machine running the VPN software, the response packet will go out the VPN, and be forwarded by the VPN server at the other end as if from a different IP to the one the original (external) client connected to. So it will break all your inbound TCP connections while you are connected.
The most likely way to fix this is
a) disable the option to use default gateway on remote network in the VPN client settings
b) set up manual specific routes for which destinations you wish to use the VPN for, to only forward connections to those sites over the VPN.
Does the VPN service also provide a web proxy? This would be easier to use, since that's only 1 destination, and therefore only 1 route to add. Then you could use WinGate policy to specify which sites should go out through that other proxy which is via the VPN.
Another option could be (depends on the VPN software)
a) increase the metric for the default route associated with the VPN, Then it will still be usable by WinGate, but won't take over all your outbound traffic
b) use WinGate policy to specify which gateways to use per request.
Regards
Adrien
this isn't particularly a wingate issue. Fundamentally when you join the VPN, it sets the default gateway so that any outbound packets to any non-local address will be tunneled over the VPN.
If an inbound packet is forwarded by your router to the machine running the VPN software, the response packet will go out the VPN, and be forwarded by the VPN server at the other end as if from a different IP to the one the original (external) client connected to. So it will break all your inbound TCP connections while you are connected.
The most likely way to fix this is
a) disable the option to use default gateway on remote network in the VPN client settings
b) set up manual specific routes for which destinations you wish to use the VPN for, to only forward connections to those sites over the VPN.
Does the VPN service also provide a web proxy? This would be easier to use, since that's only 1 destination, and therefore only 1 route to add. Then you could use WinGate policy to specify which sites should go out through that other proxy which is via the VPN.
Another option could be (depends on the VPN software)
a) increase the metric for the default route associated with the VPN, Then it will still be usable by WinGate, but won't take over all your outbound traffic
b) use WinGate policy to specify which gateways to use per request.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: VPN & ROUTES
by damien » Apr 06 13 3:20 am
Yes !
previous non working route table on server
0.0.0.0 0.0.0.0 31.32.33.34 1
0.0.0.0 0.0.0.0 192.168.1.1 2
new working route table
0.0.0.0 0.0.0.0 192.168.1.1 1
0.0.0.0 0.0.0.0 31.32.33.34 2
Works fine!
Thank you !
previous non working route table on server
0.0.0.0 0.0.0.0 31.32.33.34 1
0.0.0.0 0.0.0.0 192.168.1.1 2
new working route table
0.0.0.0 0.0.0.0 192.168.1.1 1
0.0.0.0 0.0.0.0 31.32.33.34 2
Works fine!
Thank you !
- damien
- Posts: 24
- Joined: Apr 02 13 10:22 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 101 guests