I'm struggling, hoping someone can help me get two Draytek routers connected together.

HOME:
Static WAN IP Address
Draytek Vigour 2860n, firmware 3.7.4.1
Router's IP Address: 10.1.1.1
ISP: Demon Internet

COTTAGE:
Dynamic WAN IP Address
Draytek Vigour 2820n, firmware 3.3.7.3
Router's IP Address: 192.168.1.1
ISP: Talktalk

I can login to my router at home from the cottage to make configuration changes.

Trying to get these two routers connected up so that i can access data on a Linux Network share within the HOME network and i'm failing miserably.

Hoping that someone can guide me through the process step by step.

Mark

To help point you in the right direction:

-You'll want to create an IPsec Tunnel
-You'll need to create a LAN to LAN profile on both routers
-The HOME router should be set to allow "Dial-In" (set the Call Direction in the top right, and fill in the appropriate details below)
-The COTTAGE router should be set to "Dial-Out" (set the Call Direction in the top right, and fill in the appropriate details below)
-Unless you know what you're doing and you need the extra security that certificates provide, use Pre-Shared Key for authentication
-Since one of your IPs is dynamic, you might need to use Aggressive Mode rather than Main Mode
-In the Remote Network IP and Local Network IP boxes, ensure you set the IP as X.X.X.0

Here's a step by step guide:

http://www.draytek.com/index.php?option=com_k2&view=item&id=1989&Itemid=293&lang=en

The only thing you'll have to do differently than the guide is in the HOME router's configuration; instead of specifying the "Remote VPN Gateway" IP (since you can't, since it's dynamic), set a Peer ID instead. Then set the Peer ID on the COTTAGE router (by clicking on the IKE Pre-Shared Key button) to be the same value.

Thank you for your reply but I'm still failing to get this working though I'm afraid.

I have noticed a couple of things that are different though.

1: Within the HOME Router or VPN Server settings when I select "Dial in" the "Dial out" settings are not disabled, does this matter?

2: When filling in the settings for "Dial In" do I need to remove the ticks out of the boxes for PPTP and L2TP with IPsec Policy. If I leave these boxes ticked on clicking OK to save the profile I'm asked to enter additional Username & Password?

HOME (VPN SERVER) Settings entered
I have selected "Dial In" with a timeout setting of 0
PPTP: Ticked
IPsec Tunnel: Ticked
L2TP with IPsec Policy: Ticked
Username & Password entered
IKE Authentication Method ticked and a Pre-Shared Key created
Specify Remote VPN Gateway: Ticked and a Peer ID entered
Within the TCP/IP Network settings I'm asked for:
My WAN IP: Left as 0.0.0.0
Remote Gateway IP: Left as 0.0.0.0
Remote Network IP: I have entered 192.168.1.0
Remote Network Mask: Which has auto filled as 255.255.255.0
Local Network IP: I have entered 10.1.1.0
Local Network Mask: Which has auto filled as 255.255.255.0

COTTAGE (VPN Client)
I have selected "Dial Out"
Type of server calling is set to: IPsec Tunnel
I have entered the Static IP address of the WAN HOME router
Entered the same Username and Password used for PPTP & L2TP with IPsec Policy
With IKE Authentication Method ticked and the same Pre-Shared Key created
Advanced settings created and Aggressive mode chosen and Peer ID enabled and entered

Within the TCP/IP Network settings I'm asked for:
My WAN IP: Left as 0.0.0.0
Remote Gateway IP: Left as 0.0.0.0
Remote Network IP: I have entered 10.1.1.0
Remote Network Mask: Which has auto filled as 255.255.255.0
Local Network IP: I have entered 192.168.1.0
Local Network Mask: Which has auto filled as 255.255.255.0

When I visit the Connection Management page within the COTTAGE (VPN Client) router my profile is listed within the General Mode box, when I click Dial, I wait and nothing happens.

On the VPN and Remote Access >> LAN to LAN page the created profile remains "Offline" on both routers.

Where am I going wrong?

On the HOME (VPN Server) router (2860) under "VPN and Remote Access" I also have "IPsec General Setup" which asks for "Dial-in Set up for Remote Dial-in users and Dynamic IP Client (LAN to LAN)." separately and gives me the option for entering the "IKE Authentication Method" again. Do I ignore this or re-enter the same info here.

Mark

Using Draytek's Syslog Utility connected to the HOME (VPN Server) Router under the VPN tab I get the following messages repeated every few seconds.

1412014-09-22 12:00:26Sep 22 12:00:28HOMEServerResponding to Aggressive Mode from 92.XX.XX.27
1412014-09-22 12:00:29Sep 22 12:00:31HOMEServerIKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x4, Message ID = 0x0

if this helps at all

Logged into the VPN Server (Home) router using putty and offered the command log -ct

I get the following result:

CHAP Login Failed (VPN: L2L Dial Out, Profile Index = 1, Name = COTTAGE, ifno = 10)
Incoming Call Failed: No Such Entry For Henry

Who or what on earth is Henry!?
Not knowingly entered the name / word Henry at all. Does anybody know where this entry may be within the setup?

akwe-xavante wrote: 1: Within the HOME Router or VPN Server settings when I select "Dial in" the "Dial out" settings are not disabled, does this matter?

No. You may wish to feature request it since I found it slightly confusing too, but it's fine that way.[/quote]

akwe-xavante wrote: 2: When filling in the settings for "Dial In" do I need to remove the ticks out of the boxes for PPTP and L2TP with IPsec Policy. If I leave these boxes ticked on clicking OK to save the profile I'm asked to enter additional Username & Password?

Please remove the username and password from both devices, and then untick PPTP and L2TP with IPsec.

akwe-xavante wrote: On the HOME (VPN Server) router (2860) under "VPN and Remote Access" I also have "IPsec General Setup" which asks for "Dial-in Set up for Remote Dial-in users and Dynamic IP Client (LAN to LAN)." separately and gives me the option for entering the "IKE Authentication Method" again. Do I ignore this or re-enter the same info here.

Please enter the same information here (not entirely sure what that page is about but it was important in my setup too).