VPN & ROUTES

WinGate Proxy Server and other Qbik products

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
damien
  • damien
  • Posts: 24
  • Joined: Apr 02 13 10:22 pm

VPN & ROUTES

Apr 02 13 10:35 pm

Hi

I'm using Wingate 7 on a W2K3 server (192.168.0.1) accessible through a DSL box with a static public IP address (routing incoming traffic to 192.168.0.1).

I want to hide my public IP only for some services (online games, IRC..).
So i have routed outgoing traffic for the desired services through a VPN (vyprvpn).
When the server connects to the VPN, everything works fine except my public IP and mail & WWW services that become unavailables.

Where does this problem come from ?
Why is incoming traffic rejected ?

Any idea?
Thanks
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: VPN & ROUTES

Apr 04 13 1:58 am

Hi

what VPN software are you using? Sounds like you've set it to use default gateway on the remote network, so if you get an incoming connection request, your reply will go back over the VPN and not complete the connection handshake.

Regards

Adrien
damien
  • damien
  • Posts: 24
  • Joined: Apr 02 13 10:22 pm

Re: VPN & ROUTES

Apr 05 13 6:58 pm

Hi,

DSL connection (external) 192.168.1.2 192.168.1.1 (adsl) DHCP
Internal Network (internal) 192.168.0.1 STATIC IP
--
vpn (external) 30.31.32.33 30.31.32.250

The adsl router redirect some ports on 192.168.1.2 that becomes unreachables when vpn is on.

The vpn is VYPRVPN form giganews and it actually uses PPTP protocol (L2TP is also available).

Thanks.
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Re: VPN & ROUTES

Apr 05 13 8:12 pm

Hi

this isn't particularly a wingate issue. Fundamentally when you join the VPN, it sets the default gateway so that any outbound packets to any non-local address will be tunneled over the VPN.

If an inbound packet is forwarded by your router to the machine running the VPN software, the response packet will go out the VPN, and be forwarded by the VPN server at the other end as if from a different IP to the one the original (external) client connected to. So it will break all your inbound TCP connections while you are connected.

The most likely way to fix this is

a) disable the option to use default gateway on remote network in the VPN client settings
b) set up manual specific routes for which destinations you wish to use the VPN for, to only forward connections to those sites over the VPN.

Does the VPN service also provide a web proxy? This would be easier to use, since that's only 1 destination, and therefore only 1 route to add. Then you could use WinGate policy to specify which sites should go out through that other proxy which is via the VPN.

Another option could be (depends on the VPN software)

a) increase the metric for the default route associated with the VPN, Then it will still be usable by WinGate, but won't take over all your outbound traffic
b) use WinGate policy to specify which gateways to use per request.

Regards

Adrien
damien
  • damien
  • Posts: 24
  • Joined: Apr 02 13 10:22 pm

Re: VPN & ROUTES

Apr 06 13 3:20 am

Yes !

previous non working route table on server
0.0.0.0 0.0.0.0 31.32.33.34 1
0.0.0.0 0.0.0.0 192.168.1.1 2

new working route table
0.0.0.0 0.0.0.0 192.168.1.1 1
0.0.0.0 0.0.0.0 31.32.33.34 2

Works fine!
Thank you !
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index