Setting up a VPN: A step-by-step guide
Posted by Adrien de Croy (Import) on 24 January 2007 07:56 PM
Creating a VPN with WinGate VPN-only software.
If you have a firewall/router in front of the WinGate server please forward port 809 TCP and UDP to the WinGate VPN server. If you need assistance with Port Forwarding for your router please see this excellent site.
1. Set Up the WinGate VPN Host (The VPN Server that remote computers will connect to)
In the Miscellaneous menu double click VPN
In the VPN Configuration dialogue select VPNs to Host
Enter the VPN name, a description(optional), and the level of Local Participation.
Local Participation controls which local machines will be able to see or be seen by the VPN. Choose local network if you want the whole office to be on the VPN, or local machine only if you only want the WinGate VPN server to be visible.
Click the Generate button
In the Certificate dialogue click the Generate button at the bottom left.
In the Details of Certificate dialogue fill in the appropriate details and click Next, then Finish
You will need to select the new certificate from the drop down list (you may need to wait 30 secondss for certificate to appear)
Select the Policies tab
Click the Add button
Select the user/group that will have access to the VPN. Please note that this does not grant access to the network, only to the VPN. Network access is still controlled using Microsoft access permissions just as it is on the LAN.
Select the VPN from the list of VPNs to Host and click the Export Config button
In the Set the Location for this VPN dialogue enter your public IP address or domain name (if you are not sure what your public IP address is open your internet browser and go to http://www.whatismyip.com)
Save the file to an easily accessible location, you can email it to the remote user or save it to disk.
2. Setup the WinGate VPN Joiner
In the Miscellaneous menu double click VPN
In the VPN Configuration dialogue select VPNs to Join
Click the Import Config button
In the Open dialogue box select the file that was exported from the VPN host
Click the Open button
In the VPNs to Join dialogue enter the username and password that was entered when the host VPN was created. This user must be listed in the Host server's user database
3. Connecting to the VPN
Open GateKeeper, select the Network tab. Right-click the new VPN and click Connect
Remote clients can't connect
1. "Connection to remote host timed-out"
If the connection to the remote host times out you should check to make sure that the correct IP address/DNS name was used in the VPN. Right click the VPN and select properties to see the Server IP or DNS name field
Often a firewall will cause this problem so you should also check that the correct port is opened and mapped through to the VPN host server. You can use a telnet connection to verify that the port is open and mapped:
From a command prompt type "telnet"
type open my.vpnserver.com 809, or open (server's IP address) 809
If the Window goes blank, or says "Press any key" then you have connectivity to that port.
If you get the error message "Connecting To vpn.myserver.com...Could not open connection to the host, on port 809: Connect failed" there is most probably a firewall blocking the port.
2. "Unable to connect using SSL - error code 5"
This is usually due to a problem with the VPN name, or user name/password.
Check the VPN log(C:\Program files\WinGate\logs\VPN), there will be an explanation for the problem. Check that the VPN name is correct, and that the username and password is listed on the host server.
Disabling the Windows XP firewall
If you are using Windows XP Service Pack 2/Windows 2003 server we recommend that you disable the built-in firewall. The only sure way to do this is from the services applet.
Right click "My Computer"
Choose Services and Applications
Scroll down to the bottom of list and find "Windows Firewall/Internet Connection Sharing (ICS)"
Double-click and change the "Startup type" to disabled
Remote clients can connect but you see a "not accessible" error
1.Check the published routes, if you see a message "in conflict" check that each network is on a different IP subnet. For example, if the Host network is using the IP Address schema:
192.168.0.x / 255.255.255.0
then the remote network is required to be on a different subnet,
e.g 192.168.1.x / 255.255.255.0
Subsequent remote networks will need to be on other subnets.
2. If the IP address subnets are correct but you still see the "not accessible" error on LAN machines (except for the WinGate server), check that the default gateways of the LAN machines point at the WinGate server. To access the VPN there needs to be a route to the VPN, the easiest way to do this is to set the client machines' default gateway to the WinGate server. However, if you can't do this you can install the RIPv2 client (which is a free download from our website, here). You should never install the RIPv2 client on a machine running the WinGate software as this will cause routing problems.
Remote clients can join the VPN and don't see any error messages, but can't browse the shares on the remote machines
1. If remote clients can't see the host machines, or when they double click the LAN machines nothing happens, check that File and Print Sharing is enabled on the external adapter of the WinGate server.
2. If remote clients can't open shares on the host LAN, or they can't ping the host LAN machines by name, try pinging the host machines by IP address. If this works check that NetBIOS over TCP/IP is enabled in the TCP/IP properties of the external adapter on the WinGate machine. Personal firewalls on the LAN clients can also cause this problem.
3. If shares are visible but the remote clients cannot work with the files or have problems viewing large folders, there may be an MTU issue. Please see this knowledge base article.
If you are still having problems please try and simplify the set-up. We recommend uninstalling any security suite/firewall for the sake of testing, e.g. Norton Internet Security, Zone Labs, McAffee etc, WinGate VPN has a firewall built-in. Please make sure the WinGate firewall is enabled before you remove any firewalls from your machine. We do NOT recommend exposing your computer to the internet without a firewall!
Contact Qbik Support by submitting a support request here