WinGate Forums

[funarg]

Hi!

I'm evaluating WinGate as a proxy server that would use a Windows PPTP VPN connection as its gateway.
However currently in the 6.6.4 build the only options available on the Gateways tab are those of physical network adapters installed on the machine.

I also tried to use OpenVPN as an intermediary but apparently its virtual network adapters are also not picked up by WinGate.

Does anyone know if this is a supported configuration and if there's any sense in trying to invest more time in it to make it work?

Thanks.

[adrien]

Hi

what OS is WinGate running on? Normally PPTP connections just show up in WinGate as a dialup connection. Is the dialup connection showing in the network tab in GateKeeper? It may need to be enabled for use by WinGate.

Do you only want some traffic to go through the PPTP connection, or all traffic?

If all, just enable the setting in the PPTP dialup profile to "use default gateway on remote network".

Then all the traffic will go through the PPTP connection anyway, without requiring it to be set in WinGate.

Regards

Adrien

[funarg]

Hi Adrien

Thanks for your prompt response.

I'm running WinGate on Windows Server 2008 R2 (x64) with ENS driver enabled.

My goal is to pass all regular trafic through WAN and use the VPN link only for stuff that's coming through the proxy.
So default gateway would not work in my case, I need quite the opposite - for VPN gateway to have the lowest priority/highest metric in the system.

The VPN connection does show in network tab as an Incoming connection, not Dial-up. Could this be an issue?

I'm attaching a screenshot where you can see the VPN at the bottom of Network tab.

Thanks.

[adrien]

OK.

There is a problem unfortunately with Gateway selection (the gateway tab) with dialup connections on Vista / Windows 7 / Windows 2008.

MS changed the way the TCP/IP stack works when there is dialup involved, and so gateway selection doesn't work with dialup on these OSes. The OS just fails the connection (wrongly). We bind to the IP of the dialup connection, and try to connect, and the OS fails it without trying (it's trying to be too smart and ended up being too dumb).

We view this as a bug in the OS, but we haven't had any response from MS when raising it.

So unfortunately I don't think this is going to work out for you in this scenario sorry, unless you can do the VPN connection from some other computer, and access that via LAN, in which case WinGate can select that other machine as a gateway fine, just not dialup.

Regards

Adrien

[funarg]

Ok, I see, thanks for the explanation.

I assume virtual NICs from OpenVPN or VMware won't work as gateways either, right?

[adrien]

actually we haven't had a problem with VMWare, not sure about OpenVPN, it may work.

Regards

Adrien

[scgate]

Bumping this thread - would like to know the current status of this WinGate shortcoming.

With Windows 7, WinGate 7.2.10, and OpenVPN, VPN virtual adapters do appear in the Network connections panel and the SOCKS service Bindings tab. So WinGate obviously can see and understand them. But VPN virtual adapters don't appear in the SOCKS service Gateways tab. Only physical adapters are present.

This greatly limits the usefulness of WinGate with a VPN. WinGate services are limited to being only able to send traffic out over physical adapters. There are many scenarios where one would like a WinGate service to use an outgoing VPN connection.

[adrien]

WinGate considers something eligible to be used as a gateway if:

a) it's a LAN card with a default gateway
b) it's a dialup adapter. Underneath this means the adapter uses NDISWAN. Many types of connection use this, including MS VPN Clients (PPTP, etc)

so if OpenVPN creates virtual adapters, with no default gateway (unless connected?) then WinGate won't consider it a path to the internet

as for binding the service,that's entirely different. Any interface with an IP address is eligible.

[scgate]

Seems like a senseless limitation to me. MS PPTP may work with WinGate, but it is an insecure, primitive, and unattractive VPN - not comparable to OpenVPN which is a secure, full-featured, popular VPN.

WinGate not only recognizes the OpenVPN virtual adapter in the Network Connections control panel, it recognizes the internal gateway ip address associated with that virtual adapter when the adapter is connected, listing it in the IP Address column. WinGate allows it to be marked for external usage even.

But go try to select that as a gateway for a service and WinGate refuses to offer the network connection as an option. I could be wrong, but I'm guessing if I bought the WinGate VPN, it would be presented as a usable gateway. Hmm.

[adrien]

my example about PPTP was simply something that shows up as a dialup connection.

We enumerate using RAS APIs, and apart from that network adapters which have a default gateway, which I presume therefore excludes virtual adapters that aren't connected.

there's no conspiracy here.