WinGate VPN routing scenarios - The WinGate VPN machine is not the default gateway for the network

This scenario occurs when VPN Participants on the LAN have their default gateway set to a IP address which is not the WinGate VPN Node machine. There are two common network set ups where this common, so explanations for both have been provided for clarity.

1. The WinGate VPN Node machine does not have an Internet connection

   The first is where all machines on the LAN (including the WinGate VPN Node machine) are connected to a router or multi-homed server that provides gateway functionality out of the network (As shown in the example below).

   
   

   To ensure correct routing for the VPN Participants in this scenario:

   1. If the WinGate VPN Node machine is hosting a VPN, then configure the Internet router firewall to forward any incoming VPN connections to it on the LAN.

      Read about port forwarding on the Internet router

   2. Enable the RIP listener on the default gateway device. Most routers and multi-homed servers will be equipped with a RIP listener to listen for RIP broadcasts from around the network (You will need to consult the router documentation to find out how to do this).
   3. Open the WinGate Management console on the WinGate VPN Node machine on the network.

   4. Navigate to Control Panel > VPN Settings. This will open the VPN Settings.

      

      Close | Close all images

   5. On the General tab make sure that the Send local RIP2 updates option is checked (usually checked by default).

   Once this has been done, the router (gateway device) will learn any VPN routes broadcast locally by the VPN Node machine on the network. As a result, all traffic the router receives that is destined for the remote side of the VPN will be sent to the VPN Node machines LAN interface for delivery.

   Since this LAN interface on the VPN Node has its default gateway set to point back to the Internet router, it will receive this traffic, package it for the VPN and send it back out through the router. This allows it to route VPN Participant traffic correctly to other Nodes across the VPN.

   This is shown in the How it works section below.

   How it works:

   Step 1

   
   

   Step 2

   
   

2. The WinGate VPN Node machine has its own Internet connection

   The second most common situation where the WinGate VPN Node machine is not the default gateway for the network, is where the WinGate VPN Node machine is connected to the LAN and has its own Internet connection (As shown in the example below).

   

   To ensure correct routing for the VPN Participants in this scenario:

   1. Remove the IP address from the Gateway setting in the network properties of the WinGate VPN Node machines LAN interface (The Gateway setting is not required since it will use its own Internet connection to send traffic out of the network).
   2. Enable the RIP listener on the default gateway device. Most routers and multi-homed servers will be equipped with a RIP listener to listen for RIP broadcasts from around the network (You will need to consult the router documentation to find out how to do this.).
   3. Open the WinGate Management console on the WinGate VPN Node machine on the network.

   4. Navigate to Control Panel > VPN Settings. This will open the VPN Settings.

      

      Close | Close all images

   5. In the RIPv2 section make sure the Send local RIP2 updates option is checked (usually checked by default).

   This set up will ensure that the router knows that all traffic destined for the network of the remote VPN Node will be sent to the local WinGate VPN Node on the network, as described in the How it works section below.

   How it works:

   Step 1

   
   

   Step 2