PDA

View Full Version : Draytek VPN issue



berryb
29-05-2013, 12:20 AM
2 Draytek 2710N setup with Lan to Lan VPN working fine. Have created a new Dial in user and can connect OK but no ping etc. I have had trouble with the DNS setting on these devices as it has been defaulting to the ISP DNS and of course this wouldn't allow access to the server. I enabled the option to force DNS setting and now get the correct DNS for the dial in user but still no ping etc.

Main Draytek is configured under LAN option with DHCP disabled as have server 2008 on the Lan as DHCP and DNS.

The manual doesn't give any other options that I can see that need configured.

Anyone had these working as a dial in? Configured Win 7 as per http://www.draytek.com/index.php?option=com_k2&view=item&id=2771:built-in-vpn-client--windows-7-to-vigor-router--l2tp-over-ipsec&Itemid=293&lang=en

Cheers

Chilling_Silence
29-05-2013, 12:47 AM
In the Maintenance, have you enabled "Respond to remote pings" or something to that effect? I don't recall off the top of my head...

berryb
29-05-2013, 11:00 AM
Thanks. The ping was being blocked but wasn't the issue as I couldn't browse the network or RDP to the server. But you pointing me to that location I found "allow from the Internet" option. I entered my local IP subnet and I could browse and connect to the server. Now I have to see if entering this info is what made the difference as my thinking says it shouldn't because this is VPN data and shouldn't be treated as "Internet traffic" and how would I know what to enter for other VPN users as there local IP address.

Thanks at least it's working.

Dannz
29-05-2013, 01:50 PM
Great that you got it working. Router built in VPN can be interesting to setup sometimes :)

Chilling_Silence
29-05-2013, 03:31 PM
Yeah those DrayTek routers are pretty damn sweet though, I'm a *huge* fan of them!

berryb
30-05-2013, 01:09 AM
I'm at a loss now! I had a connection and could RDP and now I can't. I get the right IP and DNS from the router, it shows I'm connected in the router but no data/ping etc. Have turned off the disable ping and can ping the router when not connected but not when connected. I have disabled all firewalls for testing. Seems strange it was working and now not. I will try from a different site incase the issue is site related but shouldn't be.

berryb
30-05-2013, 10:32 AM
Was using L2TP/IPsec as that is my prefered option but I found unrealiable. If I left the connect open sometimes it would allow data transfer straight away and other times jad to wait 5-10 minutes for it to sort itself out. Change to PPTP and away no problems.

Chilling_Silence
30-05-2013, 11:06 AM
Yeah I prefer PPTP too. Supposedly not as secure but I'm not usually using a VPN for that reason...

berryb
30-05-2013, 12:40 PM
Using the VPN for mobile staff to access the LAN and mainly the Remote Access Server. I read PPTP can be hacked with some effort so will use a long auto generated password per user.

I have followed the documentation to configure L2TP/IPsec with Win 7 but and does connect. I have read there needs to be NAT or routes configured and with no documentation that I can find and with it being intermittent I cannot roll out to users. Support from the reseller is limited.

So PPTP it is for now.

berryb
19-06-2013, 10:49 PM
To follow up on this I have PPTP workinig OK but only one connection at a time. I cannot get concurrent connections at all. If a dial in user is connected then no one else can connect.
I have read the manual and cannot find anything related to limiting the number of concurrent dial in users. This is the Draytek 2710n - I have read they are limited to only one Lan to Lan connection but said nothing about dial in that I can remember. I can't find where I read about the Lan to Lan limit now to double check the dial in.
Anyone now if this model will work with concurrent users?

Alex B
20-06-2013, 11:17 AM
Ask snappernet. If it's anything like a Cisco, it may be a licensing thing.

Chilling_Silence
20-06-2013, 04:21 PM
Yeah look up "VPN Passthrough" and "VPN ALG". As Alex B mentioned, give Ed from SnapperNet a buzz.

berryb
24-06-2013, 11:40 AM
I have been emailing Ed for the last 2 weeks but he doesn't respond. Rang them and got someone else and got the answer straight away. There is a 2 VPN limit on the 2710n and I need to change the the 2800 series to have up to 32 VPN connections.
Finally answered.

Chilling_Silence
24-06-2013, 11:56 AM
Ah waddaya know :) Glad you've got it nailed.