Hi there,

Please can anyone here help me?

I have a property in Italy, broadband is provided by Eutelia, the connection (fixed IP) is WiMax which is a WiFi dish/router unit on the roof pointing to a local antenna.

The connection is very good, and gives me 6.5mb, which is a lot faster than I get in London.

I e-mailed Eutelia and explained that I wanted to create a Lan to Lan VPN to my office in London, and could they give me the login info to my router. They replied that "they" would configure their router to allow VPN pass-through....... and asked me what was the IP address of my internal router that would hold the VPN?

Their router is set with the internal IP address 192.168.1.1 , so I suggested that the internal router could be 192.168.1.2 They e-mailed again stating that they had now configured their router to allow VPN pass-through to the internal router address 192.168.1.2.

I installed my 2900 and gave it the IP address of 192.168.1.2, then pointed it to their router 192.168.1.1 (gateway).

So all so good so far, all the pc's and devices on the network point to my internal 2900 (192.168.1.2) which in turn can see their router and the outside world (gateway 192.68.1.1). Internet connection is good and all working well.

Whilst I was in Italy I did try to create a Lan to Lan VPN to my London office (Draytek 3300v - with fixed IP address), no luck....., however I thought I would try to sort it from this (London) end as I was running out of time.

My question is... should I be able to login from London to my (internal router) 2900 at the Italian end? and if so how would I do that?

The setup is outside fixed IP address 12.12.12.12 (for example), inside (WiMax router) address 192.168.1.1, then inside router (Draytek 2900) 192.168.1.2

Can any one help me with this, and advice would be most appreciated..

Many thanks,

Nick.

Hello,

I understand that VPN's WiMax can be tricky, as the connections may have high latency / ping times.

However, let's have a go anyway...

Because there is another device between your Italy 2900 and the WAN, the header information in the IP packets is changed slightly, and this causes a "mismatch/authenmtication failure" from what the London 3300 is expecting to see.

You should be able to get around this by:

1) changing from Main Mode to Aggressive Mode

2) using Perfect Forward Secret Peer ID's (since this takes away the problem of changed IP packet header information for verification)

So, for example on the London 3300 set this to dial out with a Peer ID of london@example.com [this does not need to be a valid email address, but it helps my head]

Then on the Italy 2920 to append the existing incoming VPN Dial In profile to include expecting to see the Peer ID london@example.com

Similarly on the Italy 2920 set this to dial out with a Peer ID of italy@example.com

And on the London 3300 append the existing incoming VPN Dial In profile to include expecting to see the Peer ID italy@example.com

Now to answer your specific question:

NickLyne wrote: ...should I be able to login from London to my (internal router) 2900 at the Italian end? and if so how would I do that?...

In the same way that you asked the IP to open up VPN ports from their unit to your 192.168.1.2, you would ask them for, for example port 80 and 443 to be opened and pointed to 192.168.1.2.
Assuming of course that these are the management ports which you have enabled on the Italy 2920 - it could be that http is on 8080 instead of 80, but https is likely to be 443.

Good luck, please do let us know how you get on.

Best regards,


Neal.