DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN trunking/backup
- mpwox11
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 33
- Thank you received: 0
03 Apr 2012 17:27 #71779
by mpwox11
VPN trunking/backup was created by mpwox11
I'm just trying to set up VPN trunking for the first time on a pair of Vigor3200 routers.
The manual indicates that all VPN types are supported, but when I try to add my PPTP VPNs, I can't select anything.
Do they actually need to be IPSec VPNs?
The manual indicates that all VPN types are supported, but when I try to add my PPTP VPNs, I can't select anything.
Do they actually need to be IPSec VPNs?
Please Log in or Create an account to join the conversation.
- mpwox11
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 33
- Thank you received: 0
03 Apr 2012 19:31 #71782
by mpwox11
Replied by mpwox11 on topic Re: VPN trunking/backup
My mistake. You can add PPTP VPNs to a backup or load balancing VPN. My mistake was I was trying to set this up first on the server send rather than the client end.
Now I have done this, it is up and running. However it is very difficult for me to test the fallback remotely as I can't kill off a WAN connection (without rebooting the router).
One thing that I don't understand is why the VPN trunk is only setup on the client end and not the server Draytek too?
Now I have done this, it is up and running. However it is very difficult for me to test the fallback remotely as I can't kill off a WAN connection (without rebooting the router).
One thing that I don't understand is why the VPN trunk is only setup on the client end and not the server Draytek too?
Please Log in or Create an account to join the conversation.
- mpwox11
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 33
- Thank you received: 0
10 Apr 2012 10:55 #71835
by mpwox11
Replied by mpwox11 on topic Re: VPN trunking/backup
Has anyone used VPN backup here?
I enabled VPN backup the other day, so that there was two IPSec VPNs with WAN1 being the priority and the customer experienced drop outs all day and I had to delete the config and go back to a basic Lan-Lan VPN.
I also not clear in the manual what the GRE over IPSec is about and when you need it.
I'll have another go using a load balance VPN rather than a backup to see if this helps the drop outs, but if there is anyone here using VPN trunking, I would really like to hear from them.
I enabled VPN backup the other day, so that there was two IPSec VPNs with WAN1 being the priority and the customer experienced drop outs all day and I had to delete the config and go back to a basic Lan-Lan VPN.
I also not clear in the manual what the GRE over IPSec is about and when you need it.
I'll have another go using a load balance VPN rather than a backup to see if this helps the drop outs, but if there is anyone here using VPN trunking, I would really like to hear from them.
Please Log in or Create an account to join the conversation.
- sinrg
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
16 Apr 2012 12:01 #71907
by sinrg
Replied by sinrg on topic Re: VPN trunking/backup
I could be missing the mark on the resolution here, but my first suggestion would be to check you have "Keep VPN Alive with Ping" selected and enter the endpoint (host) IP. I leave Keep VPN alive on a few connections on another device and set it to ping once every 5 minutes. Generally I've never noticed the VPN offline/sleeping at this delay and it keeps IMCP (Ping) traffic minimum (as little traffic as it creates anyway)..
Also you could check your time-out settings on the VPN (Found in VPN Profile/Advanced). The max timeout is 86400 (24 hours) and you can set the timeout on both Phase 1 & Phase 2 of the VPN. This will lower the re-keying to once per day.
Also you could check your time-out settings on the VPN (Found in VPN Profile/Advanced). The max timeout is 86400 (24 hours) and you can set the timeout on both Phase 1 & Phase 2 of the VPN. This will lower the re-keying to once per day.
Please Log in or Create an account to join the conversation.
- mpwox11
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 33
- Thank you received: 0
24 Apr 2012 20:29 #72015
by mpwox11
Replied by mpwox11 on topic Re: VPN trunking/backup
Thanks for the reply.
The multiple drops I was experiencing looks like it was ISP/WAN issues. I've since been running various types of VPN trunk with some sort of success. However the automatic fall-back/switching has never worked well enough. I've now settled for two VPNs to be up and live constantly, one on each WAN port using different broadbands. I've added these two VPNs into a Load Balance VPN trunk. It all works ok until the point that one WAN drops and therefore one of the VPNs drop. There doesn't seem to be any switching or balancing! Some users on the site are still working unaffected and some users loose their connections or experience frozen sessions. It all depends on which VPN their traffic was going down at the time. The whole point of using VPN trunking is that the users can continue to work and are not interrupted if one WAN goes down.
In this case, the users are just using telnet over the VPN to telnet into a server at HQ. When a WAN port drops out, some users are still working ok (obviosuly users on the VPN tunnel that wasn't effected), but the users who were using the dropped tunnel experience a hung or frozen telnet sessions and dropped connections.
Is there not a way to make a VPN trunk completely seemless? Is this what GRE does? I'm still at a loss as to what GRE is?
Anyone else watching this who's used VPN trunking/backup?
The multiple drops I was experiencing looks like it was ISP/WAN issues. I've since been running various types of VPN trunk with some sort of success. However the automatic fall-back/switching has never worked well enough. I've now settled for two VPNs to be up and live constantly, one on each WAN port using different broadbands. I've added these two VPNs into a Load Balance VPN trunk. It all works ok until the point that one WAN drops and therefore one of the VPNs drop. There doesn't seem to be any switching or balancing! Some users on the site are still working unaffected and some users loose their connections or experience frozen sessions. It all depends on which VPN their traffic was going down at the time. The whole point of using VPN trunking is that the users can continue to work and are not interrupted if one WAN goes down.
In this case, the users are just using telnet over the VPN to telnet into a server at HQ. When a WAN port drops out, some users are still working ok (obviosuly users on the VPN tunnel that wasn't effected), but the users who were using the dropped tunnel experience a hung or frozen telnet sessions and dropped connections.
Is there not a way to make a VPN trunk completely seemless? Is this what GRE does? I'm still at a loss as to what GRE is?
Anyone else watching this who's used VPN trunking/backup?
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek