I successfully set up a dial-out SSL connection from my 2862 to a dial-in 2866.

I'm now trying to replicate that from my 2862 to a 2860 router.

The two routers do not have exactly the same setup pages but I think I have followed the original setting carefully - obviously using a different user name.

It is failing to connect.  Looking at the Syslog Explorer the error I see is 

SSLTunnel (VPN-2, DAtoZS) <== Protocol:CHAP(c223) Failure Identifier:0x01 E=691 R=1 C=91459A7187858891B585BEF9ABF59CE9 V=0 M=Good luck! ##
CHAP Login Failed (VPN : L2L Dial-out, Profile index = 2, Name = DAtoZS, ifno = 12)
[SSL TUNNEL][L2L][2:DAtoZS][@xx.xx.143.232] CHAP failure: username/password error

I am certain the user/password settings are the same on both.  I have even tried to change both users/passwords to simply AAAA/123456 with the same result.

Are the two routers compatible?

Hi

In the routers system maintenance, under management what does it say in the TLS/SSL Encryption Setup section.  Are the same versions of ssl selected?

Regards

Andrew

Both ends have TLS 1.0/1.1/1.2 ticked.
I have set up a VPN using IPsec Tunnel IKEv2 but would prefer to get SSL working.

Hi Leslie,

How comes you’re opting for SSL over IPSec?

IPSec is more secure and faster, and also DrayTek’s recommended method between their routers (@AES256):

https://www.draytek.com/solutions/working-from-home-vpn-solutions/

But obviously other factors may apply to your circumstance; just mentioning.

I bow to your superior knowledge.
Some time back I also had issues setting up and was advised to use SSL.

I'm happy to leave it as is.

One thing that surprises me about IPSec is that there seems to be only a single shared-secret at the incoming end.

So if there are several different sites setting up VPNs to the incoming server they all use the same secret.

Have I misunderstood it?