Background: We currently have a LAN2LAN VPN between 2 Draytek 2820's, however the connection goes up and down like an up and downy thing. I've just discovered the remote location (actually our head office where the servers are) has a second internet connection. I'm hoping I can set up a second LAN2LAN VPN to the Netgear router on the other connection, with the intention of leaving it disconnected and connecting when the primary vpn is down.

Here's the question: If I were to leave both connections up as always on would the router route through whichever is up/ most efficient, or would it just confuse everything? Is the fault tolerance worth it or should I just manually dial the alternate connection when I need it?

NOTE: I may yet connect the WAN2 of the remote 2820 to the Netgear on the second and run both VPN's on the Drayteks. This will depend on whether I can set up a VLAN on the Netgear, else WAN2 will be on the LAN subnet and will fail to route. This would be the easiest way as the server we use points at the Draytek for default gateway.

I am not sure if the 2830 will load balance a VPN but if that was me I would have a 2930 of similar that can handle VPN load balancing and create a GRE IPSEC trunk

OK, I'm more interested in failover so I can manually dial when needed.

Follow-up question, can the 2820 accept a VPN connection on a LAN port? I have the second router set up to port forward VPN connections to the LAN address of the 2820, but can't see in the log anything is being received. I'm waiting till I can take the main VPN down so I can test this.

Alternatively can the 2820 accept an IP address on the WAN2 port that is in the LAN subnet? My plan B is connect the WAN2 to a LAN port on the other router to use as if its a second Internet connection, but the other router is on the same subnet and doesn't do VLANs.

Update:
Netgear router log says it has received traffic that matches the VPN rule, said rule tells it to pass through to the LAN address of the 2820.
Log on the 2820 (accessed via telnet log -wt, flushed then attempted to connect) shows nothing.

I may try to reverse the dial-in /dial-out and see if they can connect that way round.