I have set up a dial in SSL VPN into my 2765.

I use the Smart VPN client on my iPad Pro to connect. This works perfectly when the iPad is connected via hotspot created by my iPhone (EE 4G). I can ssh onto Linux servers from the iPad and also remote desktop on Windows and Ubuntu boxes.

However when the iPad is connected to another WiFi network, Smart Client connects and an IP address on my home network is issued to the remote iPad. But then I cannot connect to or ping any server on my network. It just times out. So far I have tested on a friend's home network, which coincidently has the same address schema (192.168.1.0/24), I cannot reach any of my servers.

The first time I tested I was rather rushed. Next time I will execute a trace route to see if that tells me anything. As I am not a professional networks guy, I'd appreciate hearing about anything else I could do to track down the issue; or thoughts on what the issue could be. I assume that my friends firewall isn't blocking the traffic as the VPN connection is successfully made and the disconnection is logged on the 2765

Many thanks

I don't believe it is possible to establish a VPN connection to a 2765, from a client connected to its WiFi. (This feature seems to be called 'hairpinning' and I don't think Draytek implement it. It definitely doesn't work on my 2860n).

Likewise, I think your attempts to use your friend's WiFi - with an identical subnet - are also doomed to failure. Draytek do have a cunning plan to get round that restriction - but only for LAN-to-LAN connections.

Happy to be proved wrong

Thank you. That's a pity if correct. I am using this in the context of a home network. But I assume that the dial in VPN functionality must be intended for home workers, who will be logged into their own home LAN and trying to establish a connection to an office network. If that use case that is not supported then it is a major omission, and makes the functionality next to useless for a business. It doesn't matter that much to me. To be honest I just wanted to see if I could make it work. This router is a retirement hobby for me. I will raise a ticket with Draytek UK support to get a definitive answer on this.

talkingcats wrote:
But I assume that the dial in VPN functionality must be intended for home workers, who will be logged into their own home LAN and trying to establish a connection to an office network. If that use case that is not supported then it is a major omission, and makes the functionality next to useless for a business.

The 192.168.0.0/24 and 192.168.1.0/24 subnets are widely used defaults, so you'd set the office end to use something other than those.

But it is an issue, in general; the point of those 'private' IP address ranges, is that they can be re-used many times over on many different sites. If two sites that chose the same addresses, subsequently need interconnecting, one of 'em has to change. I've lived through this pain

hornbyp wrote:
But it is an issue, in general; the point of those 'private' IP address ranges, is that they can be re-used many times over on many different sites. If two sites that chose the same addresses, subsequently need interconnecting, one of 'em has to change. I've lived through this pain

Thanks. I guess if I go for something like 192.168.11,0/24 -> 192.168.14.0/24 for my subnets then there is very little likelihood of any other home LAN having something like that? It will be a bit of work as I have a segmented LAN, managed switch and Unfi WAP, which will have to be migrated as well. I will need to plan it properly. I don't think I will do it any time soon as the network is working exactly just as I want at the moment. And it's not like I have an urgent need to VPN in