Hi,

I've got a Vigor 2620Ln connected to EE's 4G service, and have set up an L2TP VPN account with Andrews & Arnold as I believe this is a means of receiving inbound connections such as VNC while using a mobile network.

I've set up port forwarding on the router to forward the VNC port that I'm using to the required local IP address.

The L2TP VPN connection is connecting successfully.

But when I use the IP address provided by Andrews & Arnold for my L2TP tunnel, I'm unable to make an inbound VNC connection.

Also there seems to be very little activity in terms of packets sent/received on the VPN, which suggests that although it's connecting, it's not actually handling any traffic from local computers.

Can anybody suggest how I can troubleshoot this, or if I'm missing any steps? I've got no experience in using a VPN so am somewhat out of my depth here!

Any help much appreciated,
Phil

By default, only Arnold-and-Arnold addresses will use the VPN...so set VPN entry as Default Gateway, or get adventurous with Policy-based routing entries.

Ah ok - that seems to have worked. Thank you so much for your help!

Turns out I spoke too soon...

I checked the "Change default route to this VPN tunnel ( Only active if one single WAN is up )" checkbox (which was my best guess as to how to set the VPN as the default gateway), and the VNC connection started working, but I could no longer reach any websites.

phillxfx wrote:
... but I could no longer reach any websites.

You may need to refine what is meant by that...

Assuming, for example, that http://bbc.co.uk doesn't load, what happens, if you do a DNS lookup on "bbc.co.uk" ?

Code:

C:\>nslookup bbc.co.uk. Server: w.x.y.z Address: 192.168.100.252 Non-authoritative answer: Name: bbc.co.uk Addresses: 2a04:4e42:400::81 2a04:4e42:600::81 2a04:4e42::81 2a04:4e42:200::81 151.101.64.81 151.101.128.81 151.101.192.81 151.101.0.81

The DNS server nslookup uses by default, is whatever has been assigned to the connection, but you could force it to use (say) google

Code:

C:\>nslookup bbc.co.uk. 8.8.8.8

Assuming that works, what about Ping?

Code:

C:\>ping bbc.co.uk Pinging bbc.co.uk [151.101.0.81] with 32 bytes of data: Reply from 151.101.0.81: bytes=32 time=39ms TTL=56

Finally try a 'traceroute'...

Code:

C:\>tracert bbc.co.uk Tracing route to bbc.co.uk [151.101.64.81] over a maximum of 30 hops: 1 22 ms 21 ms 21 ms w.x.y.z [192.168.100.254] 2 32 ms 31 ms 30 ms vm1 [10.11.152.1] 3 30 ms 29 ms 40 ms bagu-core-2a-xe-225-0.network.virginmedia.net [62.252.244.17] 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 39 ms 40 ms 39 ms 213.46.174.118 9 41 ms 39 ms 39 ms fastly-ic-306174-ldn-b3.c.telia.net [62.115.42.194] 10 37 ms 39 ms 44 ms 151.101.64.81 Trace complete.

(As a guess, you might be trying to use your ISP's DNS servers, over the VPN - when the ISP doesn't allow that. (In which case, swap DNS servers, or use Policy-based Routing to send DNS traffic to your ISP))

Ah ok, yes - if I do a nslookup without specifying a DNS server it times out and eventually gives up. If I specify the Google DNS server it resolves instantly.

But pinging and tracert both fail due to not being able to resolve the host name.

I've just changed the DNS servers and rebooted and am now able to access websites as well as the VNC connection working, so mission accomplished!

Thank you again for your detailed help - it really is appreciated. Do you have a Paypal account so I can 'buy you a drink' to say thanks?