I've setup the 2820n as below and can connected a W7 client using Smart VPN but when i look in connection management the dial-in user shows as not encrypted and if i put the IPsec policy on the use as "must" it fails to authenticate with the generic 'problem with user / password' message.

IPsec General Policy:
Preshared key - 12 characters long
3DES only ticked (also tried ticking and unticking the other options makes no difference)

Remote dial-in user:
Account enabled
IPsec Tunnel ticked
L2TP with IPSec Policy / Nice to have (as above if i say must it fails to connect)

Client PC using Smart VPN 4.0.0.5
L2TP over IPSec
Authentication method CHAP (tried unticking this option and each from the drop down box)
DH Group 1 (also tried 2)
Security Method High(ESP), 3DES (also tried with MD5 and SHA1)

I can connect fine but no encryption. If i select PPP as the protocol and connect it shows as connected with encryption.

Latest firmware on the router as well.

Pulling my hair out!

Have you tried 3.3.7 firmware from the Draytek.com site?

g6ifs wrote: Have you tried 3.3.7 firmware from the Draytek.com site?

Not yet, i'm using the latest from the UK site as i have an annexM line.

v3.3.5.2_2471201

Tried the firmware from the US site still the same, no encryption.

Router Name : 2820n
Model Name : Vigor2820n
Firmware Version : 3.3.7_2471201
Build Date/Time : Oct 27 2011 11:23:41

Resolved of sorts. If the Windows Firewall service is disabled the tunnel isn't encrypted, with it enabled (and started) it is. Now i'm trying to get DNS through the VPN as i can get to IPs but not resolves names. Doing an nslookup on the client brings up the Vigor on the remote end as the DNS but all queries fail.