DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

[HELP] Multiple LAN-to-LAN VPN Connection Problems

gcp
Topic Author
Offline
Member

10 May 2010 22:40 #1 by gcp

[HELP] Multiple LAN-to-LAN VPN Connection Problems was created by gcp

Dear All, I have set-up a LAN-to-LAN VPN from a central office to 2 remote sites. All 3 sites use Vigor 2820 routers.

The main office (192.168.222.XXX) is set with 2 LAN-to-LAN DIAL-IN profiles, as follows:

Profile 1 name: "GarethLAN"
Enabled: YES
Call Direction: DIAL-IN
Allowed Dial-In Type: PPTP
Username: LinGP
Password: ****
Remote NW IP: 10. 12. 1.0
Remote NW Mask: 255.255.255.0
1st subnet to remote: ROUTE
RIP: Disabled

Profile 2 name: "MikeLAN"
Enabled: YES
Call Direction: DIAL-IN
Allowed Dial-In Type: PPTP
Username: LinMC
Password: ****
Remote NW IP: 10. 10. 1.0
Remote NW Mask: 255.255.255.0
1st subnet to remote: ROUTE
RIP: Disabled

Each remote office is set with 1 LAN-to-LAN DIAL-OUT profile.

At remote office 1 (10.12.1.XXX):

Profile 1 Name: "Linermark"
Enabled: YES
Call Direction: DIAL-OUT
Always ON
Enable Ping to Keep alive: ON
PING IP: 80.XXX.YYY.ZZZ
Type of Server I am calling: PPTP
Server IP: 80.XXX.YYY.ZZZ
Username: LinGP
Password: ****
Remote NW IP: 192.168.222.0
Remote NW Mask: 255.255.255.0
1st subnet to remote: ROUTE
RIP: Disabled

At remote office 2 (10.10.1.XXX):

Profile 1 Name: "Linermark"
Enabled: YES
Call Direction: DIAL-OUT
Always ON
Enable Ping to Keep alive: ON
PING IP: 80.XXX.YYY.ZZZ
Type of Server I am calling: PPTP
Server IP: 80.XXX.YYY.ZZZ
Username: LinMC
Password: ****
Remote NW IP: 192.168.222.0
Remote NW Mask: 255.255.255.0
1st subnet to remote: ROUTE
RIP: Disabled

Now my initial problem was that I was using the same username for both connections.
i.e. Instead of 'LinGP' and 'LinMC' I was just using 'Liner' for both profiles. This
caused no end of problems and indeed I believe there is a bug in the firmware because
even though one profile was disabled it was still attempting to connect to both.
Anyway changing to separate usernames resolved this.

My problem...

Remote sites 1 and 2 both connect okay, site 1 can ping and access computers on the
main office network with a remote desktop connection. However, remote site 2 can ping
computers on the main office network but it can't connect to anything with remote
desktop.

Is there some additional routing information I need to set-up somewhere?

Any help much appreciated.

Cheers,
Gareth.

Please Log in or Create an account to join the conversation.

howard2010
Offline
New Member

04 Jun 2010 07:38 #2 by howard2010

Replied by howard2010 on topic [HELP] Multiple LAN-to-LAN VPN Connection Problems

Sounds like a MTU issue

Do this:

ping -f x.x.x.x -l 1500

ping -f x.x.x.x -l 1400

ping -f x.x.x.x -l 1300

where x.x.x.x is a known working public IP

Until you get a ping response, this will tell you the MTU size

Then set your Draytek MTU to this size

Please Log in or Create an account to join the conversation.