DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Existing DrayTek Setup - Routing Issues

  • reado
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 Oct 2015 12:06 #1 by reado
Existing DrayTek Setup - Routing Issues was created by reado
I have an existing setup involving DrayTek routers but I’m having problems routing traffic correctly. DrayTek support has not been very helpful in resolving the problem so far and I am beginning to wonder if my setup will ever work or whether a different solution is required.

There are 2 sites and with 3 routers in-total as follows:

Router 1 - Default Gateway (HQ)
Model: Vigor 2850n
LAN IP: 10.1.1.5/24
WAN IP: 88.xxx.xxx.xxx
Connection: VDSL2 (Openreach modem connected to WAN2)

Router 2 - VPN Gateway (HQ) - Connected to Router 3 via IPsec
Model: Vigor 2820n
LAN IP: 10.1.1.16/24
WAN IP: 82.xxx.xxx.xxx
Connection: VDSL2 (Openreach modem connected to WAN2)

Router 3 - VPN Gateway (Satellite) - Connected to Router 2 via IPsec
Model: Vigor 2820n
LAN IP: 10.2.1.1/24
WAN IP: 80.xxx.xxx.xxx
Connection: ADSL2+ (WAN1)

All devices in the HQ office have their default gateway set to Router 1 by DHCP; however there are no devices in the HQ office that can communicate with any device at the satellite office.

If I change the default gateway setting on my workstation to Router 2, I can communicate with every device at the satellite office.

If I add a routing policy on Router 1 to route all 10.2.1.x traffic to Router 2 and leave the default gateway setting as Router 1, this allows every device at the HQ office to communicate with any device at the satellite office; however devices at the satellite office still cannot communicate with any device at the HQ office.

The satellite office router is a Vigor 2820 and does not have the same options as the 2850, let alone the “routing policy” option.

I have also tried creating static routes on each router but to no avail. Setting the VPN Gateway as the default gateway is not an option as the existing WAN configuration is set like that for load-balancing reasons.

My questions;

1) Is there anything that can be done to my existing setup that will allow both offices to communicate with each other over the VPN?

2) If my existing setup will not work, would a router that offers a dual-WAN interface and thus a single gateway suffice, such as the Vigor 2925?

Please Log in or Create an account to join the conversation.

More
15 Oct 2015 14:36 #2 by voodle
Replied by voodle on topic Re: Existing DrayTek Setup - Routing Issues
You need a static route on Router 1 so that 10.2.1.0/24 goes through 10.1.1.16
You may also need a policy route on Router 1 which does the same thing, and make sure that's top of the list of load balance / route policies, they can override static routes if you've got it set to use specific WAN interfaces etc in there.
It looks like you've already done that though...

I'm not sure why traffic would not be coming back through, unless maybe the VPN is set up in NAT mode, it should be using route mode. What kind of VPN is it using? IPSec or PPTP?
OR, maybe the 10.2.x site is using a /8 subnet mask on the PCs

Have you tried a traceroute on a PC on the 10.2.x network to see if that's hitting the 10.2.x router to get to the 10.1.x network?

Please Log in or Create an account to join the conversation.