DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Bizarre VPN Problem - 2820

  • moo1969
  • Topic Author
  • User
  • User
More
22 Jul 2010 13:53 #1 by moo1969
Bizarre VPN Problem - 2820 was created by moo1969
Hi all,

I'm having a really strange issue with my routers in a VPN configuration and hope somebody can shed some light on this. I'm emailing Draytek support about this problem but thought it would be a good idea to post the problem here in the hopes that somebody has run up against this one before.

I have 4x 2820 routers, all running 3.3.3 firmware. 2 of the routers (which I'll call routers A and B) are in my head office (Site 1), and the other 2 routers (routers C and D) are in a remote site (Site 2). All routers use individual ADSL lines.

Router A = 192.168.1.x
Router B = 192.168.70.x
Router C = 192.168.6.x
Router D = 192.168.65.x

Site 1 internal network = 192.168.1.x
Site 2 internal network = 192.168.6.x

There is an IPSec LAN to LAN VPN connection between routers A and C used by Site 2 to access the terminal servers at Site 1. This connection has working fine for a long time.

My company has recently implemented a VoIP system and we wish to split voice and data traffic over 2 separate ADSL lines between sites. This is where the problem starts.

There is an IPSec LAN to LAN connection between routers B and D for the voice data which is ok as long as you don't connect the second set of routers at each site to their own respective internal network.

As soon as routers B and D are connected to their respective internal networks, with the VPN link between these 2 routers active, all hell breaks loose! The network activity on all switches at both sites goes mental, as do the LAN activity lights on routers B and D. Both routers B and D are showing around 5000+ Bps Rx rate under the VPN and Remote Access Connection Management tab for the VPN link but neither router shows Tx traffic being generated.

The only way to stop this happening is to down the VPN link between routers B and D or disconnect one of them from their internal network.

We did some testing last night and completey isolated all 4 routers from their internal networks to rule out anything on the internal network being the cause. Routers A and B were disconnected from the internal network at Site 1 and connected directly to each other with a network lead. We did the same to Routers C and D at Site 2. Both VPN connections were enabled. The same thing happened in this configuration with routers B and D showing massive network activity and both routers showing high Rx rate but neither showing any Tx rates.

Routers A and C were unaffected.

The problem appears to be a network loopback and our tests last night rule out the internal network as being the problem. I've checked the routing tables of all routers when all are connected on the network and both VPNs are up and all looks ok, i.e, the routing table for router A shows 192.168.1.0 directly connected by LAN and 192.168.6.0 connected via VPN. There is no mention of the 192.168.65.0 or 192.168.70.0 subnets showing in Router A routing table and the routing tables of router B, C and D are all correct.

I've spoken to Draytek Premium support who've run through the VPN configuration (which is correct) and they informed me this configuration is supported by the routers.

Is this the case? Is this configuration supported?

By the way, there is a good reason why the voice network needs to be connected to the data network before anybody suggests isolating them :wink:

Any suggestions or help would be much appreciated.

Thanks,

Paul

Please Log in or Create an account to join the conversation.