Due to some on going battles with Vodafone, they are requiring me to use their shonky excuse of a router.

In the short term, I've plugged it into WAN2 on my 2925 and I am effectively double NATting. This breaks incoming and out going VPN site to site VPN sessions. I can establish a connection by performing a dial, and it connects (verified at the other Draytek), but no data traverses the link. The external side can't dial in for pretty obvious reasons.

The Vodafone router doesn't seem to have many options (I've not spent much time looking at it to be honest), but I know it doesn't support modem mode. Any ideas of if it is possible to get away from the double NAT? and restore a bit of order in my life until the clowns at the VF central complete their tests....

mbames wrote: The Vodafone router doesn't seem to have many options (I've not spent much time looking at it to be honest), but I know it doesn't support modem mode. Any ideas of if it is possible to get away from the double NAT?

Does it support a "DMZ Host" ?

There was a time when one of the Virgin Media hubs didn't support "modem mode" and setting your own router as the DMZ Host, was the accepted best workaround.

I never really understand how it would help; since it didn't affect me, I didn't pursue it. I thought I'd mention it, on the off chance it helps.

I'm not sure, but I'll have a look.

I'm having to jump through hoops to prove to Vodafone the issue is with capacity and not my equipment. Yesterday they suggested the cause of the problems was that "I needed to change network and ports", obviously the currently configuration is scared of the dark :lol:

It has a DMZ, but it doesn't seem to work, so I tried turning off the VF's router firewall & rebooting it good measure.

Site to site VPN my side established (reporting via WAN2), but I have no successful route. Ping, tracert, etc all fail.

Incoming VPN (L2TP) from my phone also fails. Essentially no worse

Code:

VPN Type Remote IP Virtual Network Tx Pkts Tx Rate(bps) **Rx Pkts** %%Rx Rate(bps)%% UpTime 1( lyt-sec ) IPsec Tunnel AH-SHA1 Auth w.x.y.z via WAN2 192.168.x.0/24 7 24 **0** %%0%% 0:5:26

mbames wrote: Site to site VPN my side established (reporting via WAN2), but I have no successful route. Ping, tracert, etc all fail.

Um ... puzzling - if the tunnel's established, traffic should surely flow inside that tunnel...

Presumably, the 2925 gets a WAN IP address from the V.F. router's DHCP server ... and this network isn't in conflict with anything LAN-side on the 2925?

Could you switch to using an SSL tunnel? - I fancy its chances of getting through double-NAT to be higher than IPSEC.

Currently, your tunnel seems to be using "AH" mode ... i.e. unencrypted - which may not be what you intend! ( https://security.stackexchange.com/questions/83838/ipsec-is-ah-in-tunnel-mode-secure )

The 2925 see is a WAN IP of 192.168.1.1, and has .5 configured for its WAN2 port connection.

internally my network is running 192.168.100.x, and when I use my 130 into WAN1, I can happy connect to 192.168.102.x (2820) and 192.168.123.x (2860).

I might be able to set up SSL to the 2860, but pretty sure the 2820 won't support it.

Curiously I've just tried connecting from my phone again and that session establishes (4g data to the vodafone WAN IP). As that worked, I VPN'd to the 2820 and asked that to dial back to me, it established a session, but again there is no data flow. It is my my 2925 is not quite configured right, but as it used to work, I am not really sure where to start looking!