Qbik Helpsys

How does WinGate VPN work?

Overview

WinGate VPN provides the secure end to end connection of two or more networks, by creating private communication tunnels across the public highway that is the Internet. This allows remote users and networks to access and share network resources as if they were all on the same Local Area Network.

Example 1

Example 1

To form a VPN, there must be one installation of the WinGate VPN software on each network that will be part of the VPN. It is not necessary for WinGate VPN to be installed on every machine that will be participating in the VPN. An installation for the machine in each network that holds the connection to the Internet, or has immediate access to the Internet through an Internet router is all that is required.

As shown in the example above, the single Mobile User needs to install WinGate VPN on their laptop in order to connect to the VPN hosted by the Company LAN. The remote Office LAN network would only need to install WinGate VPN on the machine that has the Internet connection, in order for users on that LAN to participate in the VPN.

Each installation of WinGate VPN used to communicate in a WinGate VPN is referred to as a Node.

Note

WinGate VPN is not able to participate with other types of VPN applications.

e.g. You cannot join a Microsoft VPN from a WinGate VPN or vice versa.

Hosting a VPN

To establish a VPN, one Node is chosen to host the VPN so that other remote VPN Nodes (and their networks) are able to connect to it and participate. The Node that decides to host the VPN will be providing control over the VPN connection. This is referred to as the VPN Host or Master Node.

In the Example 2 (below) the server on the Company LAN is configured to host a VPN. Each remote WinGate VPN connection that joins the hosted VPN is referred to as a VPN Client or Remote Node.

Example 2

Example 2

When a Node is set to host a VPN, it will be the Node that has control over the entire VPN. The other joining VPN Client Nodes will connect to it in order participate in the VPN as they require.

Any WinGate VPN installation can be configured to host or join a WinGate VPN depending on access requirements.

Participating in the WinGate VPN

Each VPN Node that joins the hosted VPN, can have itself, and other machines on its own network participate in the VPN. VPN Participation involves a machine on the network of any VPN Node connected to that VPN, making resources available for access from other Remote Nodes and their networks. By sharing or accessing resources (folders, printers etc.) in the VPN, machines are called VPN Participants (as shown in Example 3).

Although no software is required by these machines to participate, they must have correct network settings in order to send and receive VPN traffic correctly.

Example 3



Example 3

Once the connection is established to the Master Node, the joining VPN Client Node (and its network) can then share its own network resources with the VPN Participants on the local network of the hosted VPN.

In Example 3 the Mobile User is both a VPN Client Node connecting to the VPN, and a VPN Participant, since they have made shared folders available for other VPN Participants.

Each remote node can also reach VPN Participants on other remote nodes that have joined the VPN if they allow it (as shown in Example 4 below).

Example 4


Example 4

In Example 4, the Office LAN (VPN Client) and the Mobile user (VPN Client) both join the hosted VPN (shown by the red arrows).

By allowing a tunnel between each other, the VPN Participants on the Office LAN can be configured to access the shared folders on the laptop of the Mobile User VPN Client. Similarly, the Mobile User is able to access shared network resources on the VPN Participant of the Office LAN. These VPN Client Nodes create a tunnel between each other (shown by the Node to Node VPN tunnel) while they are joined to the VPN Host. This tunnel only exists while both remote VPN Clients are joined to the Master Node.

Each VPN Client Node can be configured to allow only a tunnel to the Master Node (VPN host) or they can be set to create VPN tunnels to other VPN Client Nodes (if they permit it) while they are joined to the VPN.

Communication

When the VPN Client Node attempts to join a hosted VPN, a secure tunnel is created for communication between itself and the Master Node. The WinGate VPN Service on the Master Node is set to listen for incoming VPN connections on TCP port 809 by default (Known as the Control channel). The VPN Service will establish and maintain the VPN connection between itself and VPN Client Nodes.

Once this tunnel is created then VPN Participants are able to access the appropriate network resources made available on the VPN.

Example 5

Example 5


As shown in Example 5, the WinGate VPN uses TCP protocol on port 809 (by default) to establish a control channel between the two end points (The VPN Client Node and the Master Node).

WinGate VPN uses the UDP protocol on port 809 (by default) to send and receive data. While 809 is the default, you can change the Data port if required.

Summary

  1. WinGate VPN software is installed on the machine with the Internet connection, on each network that will be involved in the proposed VPN. These machines with the WinGate VPN software installed, are referred to as Nodes.
  2. A Node can be configured to host the VPN (VPN Host/Master Node). This is the end of the VPN that all other Remote Nodes/VPN Clients will join.
  3. Machines on the local network of each Node that has joined a WinGate VPN, can be configured as VPN Participants. VPN Participants are machines who share, or attempt to access resources available on the VPN.
  4. Remote Nodes that join the VPN can access shared resources on other remote Nodes, by creating tunnels to each other while connected to the hosted VPN.
  1. no comments yet...

Download helpfile

You can use basic Full-Text Searches against the page title and body to find matching articles. Use the following search modifiers to refine your query:

  • event management (no quotes) will find all pages containing the words "event" OR "management"
  • "event management" (with quotes) will find all pages containing the phrase "event management"
  • +event -management will find all pages containing the word "event", AND NOT the word "management"