Hi -

Apologies in advance for my rudimentary level of knowledge.

I want to set up a LAN-to-LAN VPN between work and home. Only traffic to specific IPs will go through the VPN. I have a Vigor 2820 at work and at the moment I use the Draytek VPN client on my PC at home, and that works fine, but obviously it only works for my PC. I need other devices - e.g. my phone, when on Wifi - to connect through the VPN also.

I have a spare Vigor 2830 which I could use at home. But at home I have no choice but to use my ISP's supplied router (for complicated reasons).

So I'm wondering if I can install the 2830 between the ISP's router and my home network, and use it JUST as a VPN gateway - so apart from VPN traffic, it's totally transparent - while still using the Livebox as my router/firewall etc. And if I do this, are there likely to be performance or other issues?

Finally - if this is possible, can anyone point me in the direction of instructions on how to do this?!

yes, you can do it in two ways.

A) replacing your home router with the 2830 because this router has dsl connection. This is possible only if you have an ADSL connection at your home.
B) letting your home router do the dsl connection or fiber connection and behind put this 2830 routing all traffic to your home's router.

First is to put the 2830 router and try to get internet access with it. After that, second phase is to make the branch office vpn lan-to-lan tunnel that is what you need.

If you have a dsl connection at your home, try to enter to your router, check the configuration (for example if it is pppoe... get the user, password, the vpi, vci parameters, etc... everything you need to get an adsl work). Try to configure your 2830 setting this to dsl wan1 port. Configure the lan interface with dhcp if needed (usuallly yes at home), etc... Remember that you must have different ip subnet range in your home and in office. Get in mind this when you configure the lan interface of your 2830 at home. I don't know if your 2830 is the version with wifi support or if it doesn't have it. If it has, nice, configure it with wifi parameters. If not, for sure you'll need your home's router only to make the wifi part... connect your home's router in a lan port Then configure it in the same lan with a different fixed ip different of the draytek's ip of course... and out of the dhcp range. Turn the dhcp server of in your home's router. I think you know you must have only one dhcp server on the same physical segment of network. Finally, if you replaced successfully your home's router, you can try the second phase to make the branch office vpn lan-to-lan tunnel.

The B) scenario is different... because if you don't replace your home's router, you must open all ports (DMZ) to your draytek 2830. The physical connection must be, from lan port of your home's router to wan port of your 2830 (wan2 with rj45 cable), and then your home's pcs to the draytek 2830 lan ports.

Hope it helps!

Many thanks for your reply. It has to be the B scenario: as I said, I have no choice but to use the ISP's router for the ADSL connection.

But your B suggestion isn't quite what I was looking for - if I've understood it correctly, it would have me using the Draytek as my router, DHCP server, etc. What I was wondering is whether it's possible to use the ISP's box as router, DHCP server, Wifi, etc. etc., and ONLY use the Draytek for its VPN capabilities, nothing else. Just like a standalone VPN gateway.

Mike

I think it's not possible.. as far as i know. :? because vpn goes through wan ports on draytek.

I actually have this setup, here's how mine works:

VM Superhub (192.168.0.1) >> LAN >> Vigor 2820's WAN2 port (192.168.0.5)

The Vigor 2820 is set up with an internal subnet of 172.16.1.1, the SuperHub has IPSec ports forwarded to the 2820's WAN2 IP.
The remote router connects to that subnet for the VPN, but has a More Subnet added (because it's another DrayTek) with 192.168.0.0/24 in there - this is NATting which may or may not work for you but for my requirements it's fine since it's just for remote desktop