DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN dropping all the time
- neil40
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
26 May 2010 01:02 #62127
by neil40
VPN dropping all the time was created by neil40
One of our customers has a Draytek 2900i for secure VPN connection to his head office in Scotland.
The WAN port connects to his ADSL router, which has replaced a Zyxel router last week due to ADSL failure.
They use BT Business as their ISP, we suspected a line fault until tracing the fault to the router.
Since this fault, the VPN light extinguishes many times a day resulting in dropped RDP sessions. A second Draytek at the Directors home was substituted but with the same effect. (Both work OK at his home without dropping VPN)
I was wondering where we turn to. It's been suggested upgrading firmware which I will do, but is this some kind of line problem that we need to push BT about?
How else would we troubleshoot this?
Thanks
Neil
The WAN port connects to his ADSL router, which has replaced a Zyxel router last week due to ADSL failure.
They use BT Business as their ISP, we suspected a line fault until tracing the fault to the router.
Since this fault, the VPN light extinguishes many times a day resulting in dropped RDP sessions. A second Draytek at the Directors home was substituted but with the same effect. (Both work OK at his home without dropping VPN)
I was wondering where we turn to. It's been suggested upgrading firmware which I will do, but is this some kind of line problem that we need to push BT about?
How else would we troubleshoot this?
Thanks
Neil
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
26 May 2010 09:03 #62131
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic VPN dropping all the time
Have you put the Zyxel into bridge mode so it just functions as a PPPoE modem? If not, what sort of connection to you have between the Zyxel and Draytek. A DMZ or port-forward will not work.
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- neil40
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
26 May 2010 15:37 #62135
by neil40
Replied by neil40 on topic VPN dropping all the time
It's configured as follows. The Draytek was supplied pre-configured by the customers head office, with instructions to set it up this way
Zyxel router now replaced with Netgear as stated BTW
Netgear Wireless router has DHCP, Internet working fine. LAN cable connects LAN port to WAN port on Draytek. LAN port on Draytek connects to office switch (8 port Netgear)
Draytek has fixed IP 192.168.14.1, picks up address from Netgear router
PC's all fixed IP 192.168.14.x
This has all been working fine for about 12 months until the internet down incedent, when VPN light will stay on for random periods of time then drop.
Have upgraded the firmware to no positive effect
Zyxel router now replaced with Netgear as stated BTW
Netgear Wireless router has DHCP, Internet working fine. LAN cable connects LAN port to WAN port on Draytek. LAN port on Draytek connects to office switch (8 port Netgear)
Draytek has fixed IP 192.168.14.1, picks up address from Netgear router
PC's all fixed IP 192.168.14.x
This has all been working fine for about 12 months until the internet down incedent, when VPN light will stay on for random periods of time then drop.
Have upgraded the firmware to no positive effect
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
26 May 2010 16:25 #62138
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic VPN dropping all the time
What sort of VPN are you running (IPSec, L2TP/IPSec or PPTP)?
Are you sure the Zyxel was not running in bridge mode, so no DHCP?
Is 192.168.14.1 the LAN or WAN address of the Draytek? If it is the LAN address, what is the WAN address?
Are you sure the Zyxel was not running in bridge mode, so no DHCP?
Is 192.168.14.1 the LAN or WAN address of the Draytek? If it is the LAN address, what is the WAN address?
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- neil40
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
26 May 2010 16:38 #62139
by neil40
Replied by neil40 on topic VPN dropping all the time
The Zyxel wasn't running in Bridge mode, I set it up originally before the VPN arrived, so was an ADSL router as standard, and Draytek VPN router was plugged in to it as per current set up, with no changes made.
I copied these settings earlier, before the Firmware update just in case, from various Draytek settings screens
Nat Usage
1st IP 192.168.14.1
1st Subnet 255.255.255.0
IP routing disabled
2nd IP 192.168.2.1
2nd Subnet 255.255.255.0
DHCP enabled
Start IP 192.168.14.10
Pool Counts 50
Gateway IP 192.168.14.1
PPTP Setup
PPTP Link disabled
PPP Auth PAP or CHAP
LAN2/WAN IP
Obtain an IP address auto
IP address 192.168.1.2
Sub 255.255.255.0
Remote access control set up
Enable L2TP VPN Service
PPP General
PAP or CHAP
Optional MPPE
Mutual Auth (PAP) no
IP address for dial in 192.168.14.255
VPN IKE
IPSec Medium
DES 3DES AES
LAN to LAN
Priofile 1 XXXXXXX
Enable profile
L2TP with IPsec Policy none
Dial number for ISDN or Server IP xx.xxx.xx.xxx (removed for security!)
Dial out always on
xxxxx
password=xxxxx
VJ Compression on
Dial In
ISDN
PPTP
IPsec Tunnel
L2TP with IPSec None
Username ???
VJ Compression on
TCP/IP
Wan 0.0.0.0
Remote Gate 0.0.0.0
Remote IP 192.168.16.0
Remote Mask 255.255.255.0
TX/RX Both
Ver. 2
Private IP
I copied these settings earlier, before the Firmware update just in case, from various Draytek settings screens
Nat Usage
1st IP 192.168.14.1
1st Subnet 255.255.255.0
IP routing disabled
2nd IP 192.168.2.1
2nd Subnet 255.255.255.0
DHCP enabled
Start IP 192.168.14.10
Pool Counts 50
Gateway IP 192.168.14.1
PPTP Setup
PPTP Link disabled
PPP Auth PAP or CHAP
LAN2/WAN IP
Obtain an IP address auto
IP address 192.168.1.2
Sub 255.255.255.0
Remote access control set up
Enable L2TP VPN Service
PPP General
PAP or CHAP
Optional MPPE
Mutual Auth (PAP) no
IP address for dial in 192.168.14.255
VPN IKE
IPSec Medium
DES 3DES AES
LAN to LAN
Priofile 1 XXXXXXX
Enable profile
L2TP with IPsec Policy none
Dial number for ISDN or Server IP xx.xxx.xx.xxx (removed for security!)
Dial out always on
xxxxx
password=xxxxx
VJ Compression on
Dial In
ISDN
PPTP
IPsec Tunnel
L2TP with IPSec None
Username ???
VJ Compression on
TCP/IP
Wan 0.0.0.0
Remote Gate 0.0.0.0
Remote IP 192.168.16.0
Remote Mask 255.255.255.0
TX/RX Both
Ver. 2
Private IP
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
26 May 2010 17:17 #62140
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic VPN dropping all the time
Correct me if I'm wrong, but this looks like an L2TP VPN with the Draytek dialling out.
In the Netgear do you have any setting which allows VPN passthrough or mentions UDP port 1701 or possibly protocol 47.
BTW, L2TP is pretty dead insecure on its own which is why it is normally combined with IPSec.
In the Netgear do you have any setting which allows VPN passthrough or mentions UDP port 1701 or possibly protocol 47.
BTW, L2TP is pretty dead insecure on its own which is why it is normally combined with IPSec.
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek