mbames wrote:
If I have "use default gateway" enabled on the L2TP connection on my Surface then I can reach 2x 2860s and my 2925.
If I have "use default gateway" disabled on the L2TP connection on my Surface then I can only reach my 2925 (which is the termination of the L2TP connection).

There's not enough detail in the OP's post to tell, but yours just looks likes a lack of Routing Information.

You should find that a couple of "Route -p add" commands on the DUN client does the trick, without sending all your traffic down the VPN link. There's no equivalent of the Site-to-site's "MORE" option for "Remote Dial-in users", which is really what is required.

Code:

route -p add 192.168.102.0 mask 255.255.255.0 192.168.100.x and route -p add 192.168.112.0 mask 255.255.255.0 192.168.100.x

I don't seem to be getting a default gateway via DHCP when connecting.

I have tried the option within the Draytek Client "Use default Gateway on remote network" but nothing.

I also tried downgrading the firmware back to 4.3.2 but I still have the same issue, once connected I am unable to connect to any resources on the remote side. Routing all appears to be ok on the pc when checking.

Thanks

Tracert also looks correct

Server 192.168.20.15

192.168.20.1 - Draytek server side

It has to be something really dumb that I have missed.

Wow, I feel dumb now!

I now have it working. It appears to be an issue with the dial in user I used. I had a call with support and they had the same issue until they created a new user and boom it worked without an issue. I think the issue was the password I was using for the user... it had a * in it and now I know it's now an allowed character!

Thanks all.