One of our customers has a Draytek 2900i for secure VPN connection to his head office in Scotland.

The WAN port connects to his ADSL router, which has replaced a Zyxel router last week due to ADSL failure.
They use BT Business as their ISP, we suspected a line fault until tracing the fault to the router.
Since this fault, the VPN light extinguishes many times a day resulting in dropped RDP sessions. A second Draytek at the Directors home was substituted but with the same effect. (Both work OK at his home without dropping VPN)

I was wondering where we turn to. It's been suggested upgrading firmware which I will do, but is this some kind of line problem that we need to push BT about?
How else would we troubleshoot this?

Thanks
Neil

Have you put the Zyxel into bridge mode so it just functions as a PPPoE modem? If not, what sort of connection to you have between the Zyxel and Draytek. A DMZ or port-forward will not work.

It's configured as follows. The Draytek was supplied pre-configured by the customers head office, with instructions to set it up this way
Zyxel router now replaced with Netgear as stated BTW

Netgear Wireless router has DHCP, Internet working fine. LAN cable connects LAN port to WAN port on Draytek. LAN port on Draytek connects to office switch (8 port Netgear)
Draytek has fixed IP 192.168.14.1, picks up address from Netgear router
PC's all fixed IP 192.168.14.x

This has all been working fine for about 12 months until the internet down incedent, when VPN light will stay on for random periods of time then drop.
Have upgraded the firmware to no positive effect

What sort of VPN are you running (IPSec, L2TP/IPSec or PPTP)?

Are you sure the Zyxel was not running in bridge mode, so no DHCP?

Is 192.168.14.1 the LAN or WAN address of the Draytek? If it is the LAN address, what is the WAN address?

The Zyxel wasn't running in Bridge mode, I set it up originally before the VPN arrived, so was an ADSL router as standard, and Draytek VPN router was plugged in to it as per current set up, with no changes made.

I copied these settings earlier, before the Firmware update just in case, from various Draytek settings screens
Nat Usage
1st IP 192.168.14.1
1st Subnet 255.255.255.0
IP routing disabled
2nd IP 192.168.2.1
2nd Subnet 255.255.255.0
DHCP enabled
Start IP 192.168.14.10
Pool Counts 50
Gateway IP 192.168.14.1


PPTP Setup
PPTP Link disabled
PPP Auth PAP or CHAP
LAN2/WAN IP
Obtain an IP address auto
IP address 192.168.1.2
Sub 255.255.255.0

Remote access control set up
Enable L2TP VPN Service

PPP General
PAP or CHAP
Optional MPPE
Mutual Auth (PAP) no
IP address for dial in 192.168.14.255

VPN IKE
IPSec Medium
DES 3DES AES

LAN to LAN
Priofile 1 XXXXXXX
Enable profile
L2TP with IPsec Policy none
Dial number for ISDN or Server IP xx.xxx.xx.xxx (removed for security!)
Dial out always on
xxxxx
password=xxxxx
VJ Compression on

Dial In
ISDN
PPTP
IPsec Tunnel
L2TP with IPSec None
Username ???
VJ Compression on

TCP/IP
Wan 0.0.0.0
Remote Gate 0.0.0.0
Remote IP 192.168.16.0
Remote Mask 255.255.255.0
TX/RX Both
Ver. 2
Private IP

Correct me if I'm wrong, but this looks like an L2TP VPN with the Draytek dialling out.

In the Netgear do you have any setting which allows VPN passthrough or mentions UDP port 1701 or possibly protocol 47.

BTW, L2TP is pretty dead insecure on its own which is why it is normally combined with IPSec.