Knowledgebase: WinGate VPN
Testing if ports are open on a VPN host
Posted by Adrien de Croy (Import) on 24 January 2007 08:07 PM
If you cannot connect to a VPN host server you can use Telnet to test if the ports are mapped through to the server and the server is listening.
To start a Telnet session:
Open a Dos window and type Telnet
Open a connection to the host server by typing open my.vpnhost.com 809 (where my.vpnhost.com is the server name and 809 is the port number you're connecting to)
A blank screen will mean you have connected to a service that is listening on port 809. WinGate VPN by default operates on port 809 so you've probably connected to the WinGate VPN server.
If you are unable to connect you will see the following error message:
"Connecting To my.vpnhost.com...Could not open connection to the host, on port 809: Connect failed"
Failures could be caused by:
1. If the VPN host server is behind a router/firewall, you must map ports 809 TCP and UDP through to the IP address of the WinGate VPN server. You may be required to restart the router after making changes to apply the new settings.
2. If the VPN host server is running a security suite (eg. ZoneAlarm, Norton Internet Security, McAfee firewall etc) the incoming connection may be intercepted.
We do not recommend running a third party firewall on the same machine as the WinGate VPN server as there can be conflicts. For the purposes of testing please disable the third party firewall and restart the machine. Please note, it is not enough to simply turn off the firewall, it must be prevented from starting at boot time.
3. Make sure that the ports are opened on the WinGate firewall. When you create a VPN host in WinGate you are asked if you want it to open the firewall ports. If these ports are not opened, or are subsequently closed WinGate VPN will not accept incoming connections. You can open these ports by going to Extended Networking-->Port Security
4. If the host computer is running Win2003 or Windows XP make sure that the built-in firewall is disabled.
The best way to do this is to disable the Windows Firewall/Internet Connection Sharing service from Services. Set the startup type to disabled and if the service is currently running stop the service.
5. You may want to confirm you are connecting to the correct address. If you're not sure of the external IP address that you should connect to, from the WinGateVPN host open a web page and connect to http://www.whatismyip.com. Make sure that the address that you're trying to connect to is the same as the address displayed here.