DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2860/2830 Port Forward over LAN-LAN VPN
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
21 Feb 2018 16:22 #90813
by hornbyp
Replied by hornbyp on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
I tried this the other way round, for good measure.
INTERNET -> 2860 ... OpenPort->>>VPN <<<< 2830 .
With the same result - no joy. Nothing logged in SYSLOG.
There's an interesting & cryptic exchange
HERE
, where the answer appears to be related to the NAT type (which I don't believe you can change on the Vigor).
I had a poke around in the Telnet interface (SRV NAT) and found (unrelated) support for passing IPSEC through, that I was unaware of - but nothing else that looks useful.
I tried putting specifying a DMZ address at the other end of the VPN; but to no avail. I also tried changing the LAN-LAN VPN setting from Route->NAT (and crashed the 2830 at the far end!). Fortunately, it came back online).
I've re-read Draytek's document and it all looks so straight-forward:?
I've clicked "NO" to 'was this page helpful' and added a link to this thread (FWIW)...
...no doubt an actual support call will be required to elicit a response from Draytek though.
With the same result - no joy. Nothing logged in SYSLOG.
There's an interesting & cryptic exchange
I had a poke around in the Telnet interface (SRV NAT) and found (unrelated) support for passing IPSEC through, that I was unaware of - but nothing else that looks useful.
I tried putting specifying a DMZ address at the other end of the VPN; but to no avail. I also tried changing the LAN-LAN VPN setting from Route->NAT (and crashed the 2830 at the far end!). Fortunately, it came back online).
I've re-read Draytek's document and it all looks so straight-forward
I've clicked "NO" to 'was this page helpful' and added a link to this thread (FWIW)...
...no doubt an actual support call will be required to elicit a response from Draytek though.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
21 Feb 2018 16:37 #90815
by hornbyp
:lol:
Replied by hornbyp on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
-- Automated Message --Draytek Support wrote:
Thank you for your e-mail. It has been created as ticket number 2018022210000019.
For fastest service, you may also wish to contact your local DrayTek representative by submitting your request atthey also wrote:
http://www.draytek.com/supports
In the UK and Ireland, please submit support requests athttp://www.draytek.co.uk/support/techquery
Please be sure to provide us with the following information:
- Serial Number (on the bottom of the device)
- The exact model name and the firmware version (you can obtain this information from the web
configurator).
If you need to follow up by email, please do not change the subject, or else your reply might not be received by the support technician.
Best regards,
DrayTek/Support Dept.
Please Log in or Create an account to join the conversation.
- ctjfb
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
22 Feb 2018 13:44 #90834
by ctjfb
Replied by ctjfb on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
Done
Your technical query has been submitted; it will be allocated to a support technician.
Your reference number is DQ298491
We will reply to you at as soon as possible.
Your technical query has been submitted; it will be allocated to a support technician.
Your reference number is DQ298491
We will reply to you at as soon as possible.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
22 Feb 2018 14:05 #90835
by hornbyp
Replied by hornbyp on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
The unofficial route seems much faster and is easier than the official one :wink:
I got a response @ 08:38 to say the "2830 doesn't do it, but the 2680 does - tested and working over PPTP ".
I will reply to say it doesn't work for me (over L2TP/IPSec) and cross-reference your fault no.
I got a response @ 08:38 to say the "2830 doesn't do it, but the 2680 does - tested and working over PPTP
I will reply to say it doesn't work for me (over L2TP/IPSec) and cross-reference your fault no.
Please Log in or Create an account to join the conversation.
- ctjfb
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
- Thank you received: 0
24 Feb 2018 11:24 #90864
by ctjfb
Replied by ctjfb on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
Response back from Draytek Support ...
I can't see that they are doing anything different, and it works in the lab ..
Hmmm
I have a spare 2850 and 2820 so of I get time I'll try a lab setup ..
Even more puzzled ...
Chris
Dear Chris,
Thank you for contacting technical support.
I have double checked the settings suggested in the article, and run this in our UK lab using PPTP connection.
Equipment:
Router 1 - 192.168.15.115 (pretending that this is its public WAN2 IP address)
LAN - 192.168.1.1/24
NAT/Open port will be configured on this router, pointing at the remote device responding on port 8080
VPN dial-in profile enabled
Router 2 - 192.168.15.116 (pretending that this is its public WAN2 IP address)
LAN - 192.168.2.1/24
NAT/Open port not required as we presumed that the WAN IP address is NATted by the ISP
VPN dial-out profile enabled
Server - any device listening on port 8080 can be used
IP Address set to static 192.168.2.12/24
Gateway IP 192.168.2.1
Testing:
I have run ping from Router 1 to Router 2 LAN IP of 192.168.2.1 - OK
Then another ping was send to the Server 192.168.2.12 - OK
This confirms that the VPN is working, and routing traffic.
Finally, the NAT/Open Port was applied so that Router 1 allows traffic on port 8080 to the Server (192.168.2.12) behind Router 2 (see attached screenshot).
Please note that the Open Port profile is applied on the router that has access to the 192.168.2.12 device over the VPN. Hence, the server can be accessed now by typing
192.168.15.115:8080,
and not 192.168.15.116:8080.
Please let me know if you've got any further questions regarding this.
Regards,
I can't see that they are doing anything different, and it works in the lab ..
Hmmm
I have a spare 2850 and 2820 so of I get time I'll try a lab setup ..
Even more puzzled ...
Chris
Dear Chris,
Thank you for contacting technical support.
I have double checked the settings suggested in the article, and run this in our UK lab using PPTP connection.
Equipment:
Router 1 - 192.168.15.115 (pretending that this is its public WAN2 IP address)
LAN - 192.168.1.1/24
NAT/Open port will be configured on this router, pointing at the remote device responding on port 8080
VPN dial-in profile enabled
Router 2 - 192.168.15.116 (pretending that this is its public WAN2 IP address)
LAN - 192.168.2.1/24
NAT/Open port not required as we presumed that the WAN IP address is NATted by the ISP
VPN dial-out profile enabled
Server - any device listening on port 8080 can be used
IP Address set to static 192.168.2.12/24
Gateway IP 192.168.2.1
Testing:
I have run ping from Router 1 to Router 2 LAN IP of 192.168.2.1 - OK
Then another ping was send to the Server 192.168.2.12 - OK
This confirms that the VPN is working, and routing traffic.
Finally, the NAT/Open Port was applied so that Router 1 allows traffic on port 8080 to the Server (192.168.2.12) behind Router 2 (see attached screenshot).
Please note that the Open Port profile is applied on the router that has access to the 192.168.2.12 device over the VPN. Hence, the server can be accessed now by typing
192.168.15.115:8080,
and not 192.168.15.116:8080.
Please let me know if you've got any further questions regarding this.
Regards,
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
26 Feb 2018 09:28 #90877
by hornbyp
Replied by hornbyp on topic Re: 2860/2830 Port Forward over LAN-LAN VPN
I finally got this to work, from 2860n -> 2830n . It doesn't work with NAT Loopback though (unlike redirection to addresses on the local LAN) - which is why my first test failed.
It doesn't work at all from 2830n -> 2860n .
It doesn't work at all from 2830n
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek