DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

L2TP VPN from iPhone into Draytek 2820

  • screamingpict
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
20 Dec 2010 11:39 #65317 by screamingpict
Replied by screamingpict on topic L2TP VPN from iPhone into Draytek 2820
Step 1- VPN and Remote Access/Remote Access Control
Turn on L2TP and IPSec.

PPP General Setup- PAP or CHAP and Optional MPPE (not sure if I actually set these or if they are the default)

Step 2- IPSec General Setup.

Put in a shared key (and turn off AH & DES, only use 3DES and AES)

Step 3- Remote Dial-in User.
Set up a user, enable it, set L2TP with IPSec as 'Must'. I didn't use 'specify remote node' or a static IP address. Set a username and password (I don't use OTP)

Step 4- Firewall.
Note- 3.3.5 seems to handle this for you anyway- am recording it here for posterity.
I set up a WAN->LAN rule to allow IPSec traffic through (TCP Dest. port 50 and 51 and UDP destination port 500) by setting up a service group for IPSec ESP, AH and ISAKMP respectively.

Step 5- The broken bit.
In order to get any traffic through the box when connected via VPN I had to set up a WAN->LAN rule to allow internal IP addresses (192.168.x.x as the source address), as otherwise I could connect the VPN but not get any traffic through it, which seemed daft (Note this seems still necessary with 3.3.5).

Please Log in or Create an account to join the conversation.

  • screamingpict
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
20 Dec 2010 11:46 #65318 by screamingpict
Replied by screamingpict on topic L2TP VPN from iPhone into Draytek 2820
On the Mac I just added a L2TP VPN using the external hostname (I use DynDNS to give my external IP address a hostname) and then put in my username, password and shared secret. No mess, no fuss.

Please Log in or Create an account to join the conversation.

  • mike.lawson@valeway.com
  • Offline
  • New Member
  • New Member
More
20 Dec 2010 15:50 #65325 by mike.lawson@valeway.com
Replied by mike.lawson@valeway.com on topic Expansion
Your assistance is much appreciated, however can you expand on how you completed the following steps:


Step 4- Firewall.
Note- 3.3.5 seems to handle this for you anyway- am recording it here for posterity.
I set up a WAN->LAN rule to allow IPSec traffic through (TCP Dest. port 50 and 51 and UDP destination port 500) by setting up a service group for IPSec ESP, AH and ISAKMP respectively.

Step 5- The broken bit.
In order to get any traffic through the box when connected via VPN I had to set up a WAN->LAN rule to allow internal IP addresses (192.168.x.x as the source address), as otherwise I could connect the VPN but not get any traffic through it, which seemed daft (Note this seems still necessary with 3.3.5).

Regards,

Mike

Please Log in or Create an account to join the conversation.

  • mike.lawson@valeway.com
  • Offline
  • New Member
  • New Member
More
20 Dec 2010 16:25 #65326 by mike.lawson@valeway.com
Replied by mike.lawson@valeway.com on topic L2TP VPN from iPhone into Draytek 2820

ScreamingPict wrote: You, sir, are a legend. Firmware updated to 3.3.5, L2TP working and have had a close look at this iPhone utility that lets you use your iPhone as the 3G connection through the router. Spanky!

Also had a look at this mOTP (One Time Password) utility, but I'm happy with L2TP for now tbh.



Can I ask which version you downloaded? There seems to be a lot under 2820?

Please Log in or Create an account to join the conversation.

  • screamingpict
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
21 Dec 2010 01:19 #65331 by screamingpict
Replied by screamingpict on topic L2TP VPN from iPhone into Draytek 2820
You need the revision 23201 firmware for the UK. It's all to do with slightly different variants of ADSL in use around the world.

Will try to put together a guide for the firewall rules. If I don't have time you can always have a look at the handy help guides put together in the support section of Draytek's UK website.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami