WinGate Forums

[HenriLemmers]

I have a Windows Server 2003 with Wingate 6.0.4 (build 1025) fully functioning for months. The internet connection is by ADSL with a VPN connection to my ISP.

After my update of the server to SP1, incoming VPN to my server seems to be broken. Gatekeeper registers the usual Firewall hits, but no messages on port 1723 are reported.

Further analysis shows my server can't be pinged (visualroute), though in ENS pinging from internet is properly marked. All ports (except the redirected one's) are properly stealthed. Turning the firewall off in gatekeeper, however, doesn't change these results (though there are no more firewall hits registered).
It looks like the firewall is still active, though not seen in gatekeeper.

Could you suggest the next step in disabling/uninstalling the firewall to test open internet accessibility?

[MattP]

Hi Henri,

There is a setting in Extended Networking, "keep firewall enabled after WinGate engine stops", you should uncheck this. Also, "protect my system before WinGate engine starts" should be unchecked.

This will leave you with no WinGate firewall so please make sure you have some protection while you're doing your tests.

[HenriLemmers]

Hi Matt,

In fact I did turn of "keep firewall enabled ...".
In my configuration I have 2 interfaces bound to external:
1. My server to the ADSL modem on 10.0.0.150
2. My VPN connection through the ADSL to my ISP.

When the firewall is running all seems to work all right apart from my VPN.
Shields up marks my static Internet IP (port 1723 for windows VPN) as stealth while the firewall has port 1024-4096 set as external, and the test is logged as being accessed. When redirecting port 1723 to 127.0.0.1 Shields up marks the port as closed (visible form the internet)
At the same time visualroute can't ping my server from the internet, whilst my laptop can ping the server on the 10.0.0.150 external interface.

Setting pinging from the internet to disabled correctly closes the pinging on 10.0.0.150.

Turning the firewall off does reenable pinging on 10.0.0.150, but my VPN results from external stay the same (closed), although not flagged in the firewall screen. Even shutting down wingate completely (with "keep firewall enabled..." unchecked) still keeps the VPN closed.

I somehow suspect that the bindings of VPN are not fully correct anymore.
Would it be an option to uninstall wingate completely (I already tried creating a new VPN to my provider) for testing purposes?
If I do this, do I have to take special precautions on my license key (apart of backing up and restoring my Wingate registry).

Any comment would be appreciated.

[jamesc]

As a suggestion, disable the Windows Firewall

On your desktop, right click My Computer
Manage
Services and Applications
Services
Scroll down to bottom and double click "Windows Firewall/Internet Connection Sharing (ICS)"
Set the Startup type to disabled
Stop the service
Apply

[HenriLemmers]

Hi James,

I followed your suggestion, Windows Firewall service already was set to disabled, as it should be.
Contrary to Windows XP the firewall in Windows Server is not automatically set to enabled when upgrading with SP1.

[jamesc]

Would it be an option to uninstall wingate completely (I already tried creating a new VPN to my provider) for testing purposes?

Yes

If I do this, do I have to take special precautions on my license key (apart of backing up and restoring my Wingate registry).

(Windows) Start menu --> Programs --> WinGate --> License Management .... Slect you license then click the Deactivate button. When you reinstall, you will be prompted with a screen with a button to "Activate" your license. Place your key back in.

............


Question: So you are hosting a MS VPN server, correct? Do you know where the clients fail; do they get any connectivity?

Also, the MS VPN server is on the same machine as WinGate; correct?

P.S. Thanks for the tip on Windows Firewall on Win2k3.

[HenriLemmers]

Hello James,
First the answers to your questions:
Yes, MS-VPN (RAS) is on the same AD-domainserver as Wingate.
The MS client server will connect on external interface 10.0.0.150, put will not connect from the internet to the static IP address i got from my ISP.

Meanwile I deinstalled Wingate (gave me some headache with the KAV-key, but restored allright from backup) with no result.
In fact the Windows-Firewall when trying to activate responded with "Windows Firewall cannot run because an other program or service is running that might use the network address translation component (ipnat.sys)" both before and after the complete removal of Wingate.

As far as I know there is no other virus or network software loaded, but I will search in the Microsoft databases as the next step.

If you have further suggestions on how to probe for the interfering software I would appreciate your advise.

[HenriLemmers]

Hi James,
Internet search delivered an incompatibility between W2K3 Firewall and RRAS as the source for the startup problem. Since I also have RRAS installed for a demand dial connection to work (Wingate DMZ zone to allow Citrix) this explained the Firewall not being able to start.
On the other hand my VPN connection to the ISP was created as a network dial-up connection.
Although the w2k3 firewall should not have started (and was unmmanegable) it seems to have been installed behind wingate's firewall for dial up networking connections.
I then created a RRAS interface to my ISP with the same settings as network dial-up. Using this interface Wingate seems to be the sole firewall and the open ports can be reached again.

In the end you were right that Windows firewall seems to have been the trouble, although SP1 documentation stated that it would not be installed automatically.

I'll keep testing the connections the next few days.

Thanks for your advice.

[jamesc]

That’s good to hear this issue is possibly solved. Please let the forum know if you need more assistance.