I'm currently trying to connect a Draytek Vigor 2830 on a remote site, to our main office PPTP VPN Server, which is windows 2008 server.

So far it looks like the VPN is active/connected on the Draytek and my windows 2008 VPN server can see the Draytek is connected.

From the main office(ip address range 192.168.8.0 /21), I can ping the VPN address of the Draytek router( IP Address 10.10.10.1).

When I log in to the Draytek and go to diagnostics and use the ping client on it, I can ping our main office internal IP addresses. (Although It shows up as using WAN8 as the port its sending the ping from)

My issue is my laptop when connected to the Draytek, doesn't allow any access at all to the main office network, no pings nothing at all.

What am I doing wrong?!?!?!?

So you are using Routing and Remote access on the 2008 server, if so then you have to disabled the PPTP VPN option on the Draytek


Once the above is done you need to open port 1723 to the 2008 server and then the PPTP will pass to it

I think you misunderstood my issue.

I'm trying to get the Draytek to handle the VPN. If I untick PPTP on the settings of the Draytek, it no longer connects to the Windows VPN server or even attempts to connect.

I'm trying to get the Draytek to dial out to the Windows 2008 server PPTP VPN and then anything I connect to the draytek will become part of my lan or be able to access my lan.

So far I've got the following working:
Draytek will dial out and connect to my 2008 VPN server, I can ping from the Draytek to my lan. But I can't get any computers to work.

sorry, I definitely misunderstood there.

In that case wouldn't it be easier to create a IPSEC between what's in front of the 2008 server and the Draytek?


Ive just tested it and I cant get the client inside the Draytek to ping the LAN inside the 2008 server.
The RAS on the server shows that the user I used to connect the draytek up with is not NAP capable.
The actually connection does come up though

ive done it, it just didn't know the route back to the Draytek

From the server 2008 I added the route for the LAN inside the draytek to go via the ipaddress that the server had handed out to the drayek


ie route add 192.168.0.0 mask 255.255.255.0(lan inside Draytek) 192.168.100.221 (IP address give to Draytek by 2008 server)


traffic goes both ways now

Hi,thanks for your help I'm up and running now. Ended up doing IPsec tunnel.

We run untangle for our firewall and I forgot about IPsec module they had, was only using the windows 2008 server because we had that setup for users to VPN in, as untangle only supports open VPN for users.

But once you said IPsec and the device infront of the server, it reminded me untangle supports IPsec VPN site to site.

I was up and running with the draytek in about 15mins using IPsec!! So simple!