DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN's Die f/w 3.3.2.1_232201

  • iamq-yesiam
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
29 Oct 2009 17:03 #37 by iamq-yesiam
Replied by iamq-yesiam on topic VPN's Die f/w 3.3.2.1_232201
All still working - both PPTP VPN's connected and passing data without any problems.

Please Log in or Create an account to join the conversation.

More
01 Nov 2009 11:47 #38 by dbames
Replied by dbames on topic VPN's Die f/w 3.3.2.1_232201

scotty1000 wrote: Since PPTP's beyond the first one were not working and stopped the first once established working too, I switched them all to IPSec and so far everything has been fine.

What's the advantage (if any) of using IPSec over PPTP? I've always used PPTP for my site-to-site connections, but if there's a good reason for switching...

Please Log in or Create an account to join the conversation.

More
01 Nov 2009 12:37 #39 by njh
Replied by njh on topic VPN's Die f/w 3.3.2.1_232201

dbames wrote: What's the advantage (if any) of using IPSec over PPTP? I've always used PPTP for my site-to-site connections, but if there's a good reason for switching...


Security. IPSec with a strong PSK is better than PPTP. IPSec with certificates is better still.
2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

More
01 Nov 2009 15:37 #40 by dbames
Replied by dbames on topic VPN's Die f/w 3.3.2.1_232201
And is IPSec (almost) as easy to set-up for a site-to-site tunnel when compared to PPTP? Any gotchas to watch out for when setting it up?

Please Log in or Create an account to join the conversation.

More
01 Nov 2009 15:50 #41 by njh
Replied by njh on topic VPN's Die f/w 3.3.2.1_232201

dbames wrote: And is IPSec (almost) as easy to set-up for a site-to-site tunnel when compared to PPTP? Any gotchas to watch out for when setting it up?


I don't know. I've never set up PPTP and IPSec was pretty easy.

Generally speaking:
Static IP's are better than dynamic, but both work. The setup is slightly different depending which you use.
Do not allow AH, only ESP (for security)
Allow PFS (for security)
Do not allow DES (3DES is fine, AES is better - I believe)
Drayteks seem to profer one end to be dial-in and one to be dial-out rather than both.
Use a strong PSK - say 30 characters or more, mixed upper and lower case, numbers and funny characters (no space). You could generate one from here .
Better than a PSK would be certificates but I have no idea how they work. I only have a 2600 and a 2900.
2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

More
07 Dec 2009 14:38 #42 by pzoo
Replied by pzoo on topic VPN's Die f/w 3.3.2.1_232201
I think I am having a similar error although I cant get any traffic at all.

Remote dian in user connects to the VPN fine but cant explore anything on the network. I have 2 Drayteks on different connections, the 1st one I set up a while ago and Remote dial in was working fine back then. Installed a 2nd router last week and did the same setup for the VPN and now get no traffic. Went back to the old router which is on different f/w and have the same problem.

I cant see anything that could be wrong so I am probably missing something simple either on the network or rouers so any advice would be appreciated.
Jay

Please Log in or Create an account to join the conversation.