I have several Draytek 2820s at remote locations, connected via IPSEC VPN tunnels to my central network. I’m having difficulties with traffic routing directly from one Draytek subnet to another – it doesn’t route, although I can route traffic to my central network subnets.
I have a range of VPN tunnels to different subnets. An example routing table looks like this:-

Current Running Routing Table | Refresh |
Key: C - connected, S - static, R - RIP, * - default, ~ - private
S~ 192.168.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN
* 0.0.0.0/ 0.0.0.0 via xxx.xxx.xxx.xxx, WAN1
* xxx.xxx.xxx.xxx/ 255.255.255.255 via xxx.xxx.xxx.xxx, WAN1
C~ 192.168.63.0/ 255.255.255.0 is directly connected, LAN
S yyy.yyy.yyy.yyy/ 255.255.255.255 via yyy.yyy.yyy.yyy.yyy, WAN1
S~ 172.aa.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN
S~ 172.bb.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN
S~ 172.cc.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN
S~ 172.dd.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN
S~ 172.ee.0.0/ 255.255.0.0 via zzz.zzz.zzz.zzz, VPN

All the routing works fine apart from the 192.168 routing. The local Draytek subnet is 192.168.63.0 – and all the other Draytek subnets (and one central subnet) are 192.168.?.0. But traffic is not routed from the .63 subnet to the other 192.168 subnets. Ping does not work – nothing works.

It is as though the generic 192.168.0 subnet is being ignored/overridden because of the specific local subnet – despite the subnet mask clarifying that.

We need direct traffic. We are just putting out MS Lync, and this establishes direct connections between the subnets for phone calls – at the moment these are not working. In addition, one of our central subnets is a 192.168 subnet. We are considering changing the whole of that subnet, just because of this problem with the Drayteks – I bet you can guess how much we would like to find a fix for this Draytek problem so we don't have to do that!

I have to confess we are currently using an old firmware – 2009 – I think it was 3.3.2.1. I thought it might be worth updating the firmware on one router, which I did by copying it to a local PC and updating from the local subnet – and in doing so I broke the router, so it now needs a visit to fix it.

So I thought I’d ask for advice – can anyone help?

Is it just me, or do these two threads describes the same problem, but one with a 2820 and one with a 2830?

Surely there must be someone out there who can explain how to setup IPSEC VPNs, allowing drayetks to ping other subnets with the same first two octets?

2830 - http://www.forum.draytek.co.uk/viewtopic.php?f=8&t=16316

2820 - http://www.forum.draytek.co.uk/viewtopic.php?f=8&t=16871