DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2927ac gateway server issue

  • markaut
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
03 Sep 2021 15:50 #1 by markaut
2927ac gateway server issue was created by markaut
I'm using this router to create a small isolated network, connected to the general site network at work. If it makes any difference, the site runs on cisco kit.

The router automatically obtains the configuration via DHCP and populates IP address and Subnet mask and the DNS servers correctly. It also picks up the gateway IP address correctly, but I cannot access any external (eg web) resources.
We discovered that the site uses a virtual gateway IP address (provided by DHCP) which links to separate gateway servers to provide redundancy. eg virtual gateway IP: 194.67.242.1 Actual gateway servers are 194.67.242.2 , 3 and 4.
If I change to one of the real gateway IP addresses, everything works fine. The issue here is that if one of the gateways fails, by pointing to the virtual server, everyone else automatically switches to the working gateway. If I'm pointing to the gateway that fails, I lose access which is not really good enough.

Why does my router not like the virtual server? What can I do about it?

The IT people say that their gateway server setup is correct, and that only DrayTeks have this problem (a tp-link router works fine out of the box so I'm inclined to believe them.)

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
04 Sep 2021 18:40 #2 by hornbyp
Replied by hornbyp on topic Re: 2927ac gateway server issue

markaut wrote:
The IT people say that their gateway server setup is correct, and that only DrayTeks have this problem (a tp-link router works fine out of the box so I'm inclined to believe them.)



You might have to get 'stuck in', with Wireshark to see what's going on...

Please Log in or Create an account to join the conversation.

More
06 Sep 2021 11:26 #3 by admin3
Replied by admin3 on topic Re: 2927ac gateway server issue
DrayTek routers have some default-on protections for ARP spoofing, which is what most VRRP / virtual servers will be using to make the virtual IP work.
You can turn that off from the [Firewall] > [Defense Setup] > Spoofing Defense

It should be the "Decline VRRP MAC" option that will help, but check the syslog output from the router as that should give some more detail on what specific defense is triggering.
The IP spoofing defense "Block IP packet from WAN with inconsistent source IP addresses." may also need to be turned off.

Forum Administrator

Please Log in or Create an account to join the conversation.

  • markaut
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
07 Sep 2021 19:49 #4 by markaut
Replied by markaut on topic Re: 2927ac gateway server issue
Brilliant, many thanks this has been a headache for some time.
I'm not in the lab for a couple of weeks due to covid staff rotas, but will try then and report back.
thanks again.

Please Log in or Create an account to join the conversation.

  • markaut
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
26 Sep 2021 09:31 #5 by markaut
Replied by markaut on topic Re: 2927ac gateway server issue
This fixed it. Many thanks.

Please Log in or Create an account to join the conversation.