HI

Has anyone tried to set up a lan to lan vpn tunnel when one of the routers is connected to the internet via 3G dongle?

Is this even possible?

Help would be greatly appreciated.

Kind regards,


Steve A

There is a strong possibility that the 3G provider will block this kind of traffic. The easiest way would be for the provider to give you a static/fixed IP.

I have used Wireless Logic before to provide a 3G connection via Vodafone with a real fixed IP, nothing blocked etc.

Also, Nucleus Networks have short term offerings.

I have also heard of some success with 'Three' but haven't had first hand experience of them yet.

Regards, Neal

If you have a router which can make use of the SSL protocol for VPN, there is no way anyone can block it (unless he forbids the customers to use SSL protected websites)

So, if you use the 2930 or 2950, it will work.

Keep in mind, that 3G connection are not as stable as wired connections. Also, the latency of the connection is times X that of a wire. VPN throughput will therefore be not as good as you might expect.

Thanks guys.

I have had a play and managed to get it up and running. Details below:

Head Office Draytek 2930
VPN and Remote Access -> LAN to LAN

Profile Settings (leave settings as default unless stated below)
1. Common Settings
Profile Name: Site name
Tick Enable this profile
Call Direction: Dial-in

2. Dial-Out Settings
Leave all settings as default

3. Dial-In Settings
Untick PPTP
Untick L2TP with IPSec Policy

4. GRE over IPSec Settings
Leave all settings as default

5. TCP/IP Network Settings
My WAN IP 0.0.0.0
Remote Gateway IP 0.0.0.0
Remote Network IP *.*.*.* (Replace the stars with the network address of the remote office)
Remote Network Mask 255.255.0.0 (or what ever the network mask is)
Local Network IP *.*.*.* (Replace the stars with the network address of the head office)
Local Network Mask 255.255.0.0 (or what ever the network mask is)

Click OK

---

Remote Office Draytek 2820
VPN and Remote Access -> LAN to LAN

Profile Settings (leave settings as default unless stated below)
1. Common Settings
Profile Name: Head Office Name
Tick Enable this profile
Call Direction: Dial-Out
Tick Always on

2. Dial-Out Settings
Tick IPSec Tunnel
Server IP address: *Static IP address of head office*
Enter the “IKE Pre-shared Key” (This should be the same at the head office)
Change IPSec Security Method to “High(ESP) DES with Authentication”

3. Dial-In Settings
Untick PPTP
Untick L2TP with IPSec Policy


4. TCP/IP Network Settings
My WAN IP 0.0.0.0
Remote Gateway IP 0.0.0.0
Remote Network IP *.*.*.* (Replace the stars with the head office IP network address)
Remote Network Mask 255.255.0.0 (or what ever the network mask is)

Click OK

That will work until the 3G IP changes (unless you've paid for a static IP?), I had one working for ages with Aggressive mode, guide here:
http://draytek.com/user/SupportAppnotesDetail.php?ID=155

Thanks Voodle I will take a read.

Can you just confirm what aggressive mode does different?

Thanks

Steve