Hi all,

I've been experiencing some weirdness with my 2927 which I also experienced with my older 2862 and I'm wondering if anyone else has come across the same.

We have 2 different laptops with 2 completely different dial up VPN clients (Windows 10 OS). Both have different destinations (basically mine and my partner's work laptops). One client is Watchguard VPN and the other is Cisco. As far as I'm aware they both use IPSec.

Both will connect and work fine through the Draytek when my modem is connected to WAN1, but if you move the modem to WAN2 then they'll show as connected to the destination but there's no throughout at all. Everything else works on WAN2 other than the VPN's.

I've tried setting load balance/route policy so all traffic is forced through WAN2 and have disabled all of Drayteks VPN services (though why wouldn't this affect WAN1?) in case that was affecting things but no go.

Like I say, this also happened on a 2862 I had but I didn't think much about it at the time. But now I'm hoping to utilise WAN2 as a failover so this apparent bug is now a problem for me.

If someone else was able to test this scenario that would be interesting to see. Your assistance is appreciated

Just double checked and MTU values are the same for both ports. Bearing in mind I'm using the same modem swapped between WAN ports, what else can be different that means VPN works on one WAN port but not the other?

I've never done this, but didn't you have to 'Open some ports' on WAN1 to get this to work?

As per this article: https://www.draytek.com/support/knowledge-base/5288

Draytek wrote: IPsec: UDP 500 and UDP 4500 if NAT-T is used (the router will also forward ESP IP50 automatically)

In which case, they would need to configured the same for WAN2...

No that looks like more for if you're hosting a VPN server behind the router, I'm making outbound connections to remote VPN servers, but thanks anyway.

Yes, when I look more closely at the diagram, I see what you mean.

I think I've figured it out - I went through disabling every option I could think of - flooding/spoofing etc etc, it was only when I disabled hardware acceleration that I could use our 3rd party VPN's on WAN2.

This is odd for a couple of reasons, firstly why does acceleration not affect WAN1? It's supposed to give performance increases to all WAN interfaces equally so you'd assume any bug/error/limitation of having acceleration enabled would happen on WAN1 also. Secondly what is it about hardware acceleration that allows the VPN to connect but then not able to pass traffic?

As always, any help is appreciated