Step 1- VPN and Remote Access/Remote Access Control
Turn on L2TP and IPSec.

PPP General Setup- PAP or CHAP and Optional MPPE (not sure if I actually set these or if they are the default)

Step 2- IPSec General Setup.

Put in a shared key (and turn off AH & DES, only use 3DES and AES)

Step 3- Remote Dial-in User.
Set up a user, enable it, set L2TP with IPSec as 'Must'. I didn't use 'specify remote node' or a static IP address. Set a username and password (I don't use OTP)

Step 4- Firewall.
Note- 3.3.5 seems to handle this for you anyway- am recording it here for posterity.
I set up a WAN->LAN rule to allow IPSec traffic through (TCP Dest. port 50 and 51 and UDP destination port 500) by setting up a service group for IPSec ESP, AH and ISAKMP respectively.

Step 5- The broken bit.
In order to get any traffic through the box when connected via VPN I had to set up a WAN->LAN rule to allow internal IP addresses (192.168.x.x as the source address), as otherwise I could connect the VPN but not get any traffic through it, which seemed daft (Note this seems still necessary with 3.3.5).

On the Mac I just added a L2TP VPN using the external hostname (I use DynDNS to give my external IP address a hostname) and then put in my username, password and shared secret. No mess, no fuss.

Your assistance is much appreciated, however can you expand on how you completed the following steps:


Step 4- Firewall.
Note- 3.3.5 seems to handle this for you anyway- am recording it here for posterity.
I set up a WAN->LAN rule to allow IPSec traffic through (TCP Dest. port 50 and 51 and UDP destination port 500) by setting up a service group for IPSec ESP, AH and ISAKMP respectively.

Step 5- The broken bit.
In order to get any traffic through the box when connected via VPN I had to set up a WAN->LAN rule to allow internal IP addresses (192.168.x.x as the source address), as otherwise I could connect the VPN but not get any traffic through it, which seemed daft (Note this seems still necessary with 3.3.5).

Regards,

Mike

ScreamingPict wrote: You, sir, are a legend. Firmware updated to 3.3.5, L2TP working and have had a close look at this iPhone utility that lets you use your iPhone as the 3G connection through the router. Spanky!

Also had a look at this mOTP (One Time Password) utility, but I'm happy with L2TP for now tbh.

Can I ask which version you downloaded? There seems to be a lot under 2820?

You need the revision 23201 firmware for the UK. It's all to do with slightly different variants of ADSL in use around the world.

Will try to put together a guide for the firewall rules. If I don't have time you can always have a look at the handy help guides put together in the support section of Draytek's UK website.