I tried this the other way round, for good measure.

INTERNET -> 2860 ... OpenPort->>>VPN <<<< 2830.

With the same result - no joy. Nothing logged in SYSLOG.

There's an interesting & cryptic exchange HERE , where the answer appears to be related to the NAT type (which I don't believe you can change on the Vigor).

I had a poke around in the Telnet interface (SRV NAT) and found (unrelated) support for passing IPSEC through, that I was unaware of - but nothing else that looks useful.

I tried putting specifying a DMZ address at the other end of the VPN; but to no avail. I also tried changing the LAN-LAN VPN setting from Route->NAT (and crashed the 2830 at the far end!). Fortunately, it came back online).

I've re-read Draytek's document and it all looks so straight-forward :?

I've clicked "NO" to 'was this page helpful' and added a link to this thread (FWIW)...
...no doubt an actual support call will be required to elicit a response from Draytek though.

Draytek Support wrote: -- Automated Message --

Thank you for your e-mail. It has been created as ticket number 2018022210000019.

they also wrote: For fastest service, you may also wish to contact your local DrayTek representative by submitting your request at http://www.draytek.com/supports
In the UK and Ireland, please submit support requests at http://www.draytek.co.uk/support/techquery

Please be sure to provide us with the following information:
- Serial Number (on the bottom of the device)
- The exact model name and the firmware version (you can obtain this information from the web
configurator).

If you need to follow up by email, please do not change the subject, or else your reply might not be received by the support technician.

Best regards,
DrayTek/Support Dept.

:lol:

Done
Your technical query has been submitted; it will be allocated to a support technician.

Your reference number is DQ298491

We will reply to you at as soon as possible.

The unofficial route seems much faster and is easier than the official one :wink:

I got a response @ 08:38 to say the "2830 doesn't do it, but the 2680 does - tested and working over PPTP".

I will reply to say it doesn't work for me (over L2TP/IPSec) and cross-reference your fault no.

Response back from Draytek Support ...

I can't see that they are doing anything different, and it works in the lab ..

Hmmm

I have a spare 2850 and 2820 so of I get time I'll try a lab setup ..

Even more puzzled ...

Chris


Dear Chris,
Thank you for contacting technical support.

I have double checked the settings suggested in the article, and run this in our UK lab using PPTP connection.
Equipment:
Router 1 - 192.168.15.115 (pretending that this is its public WAN2 IP address)
LAN - 192.168.1.1/24
NAT/Open port will be configured on this router, pointing at the remote device responding on port 8080
VPN dial-in profile enabled

Router 2 - 192.168.15.116 (pretending that this is its public WAN2 IP address)
LAN - 192.168.2.1/24
NAT/Open port not required as we presumed that the WAN IP address is NATted by the ISP
VPN dial-out profile enabled

Server - any device listening on port 8080 can be used
IP Address set to static 192.168.2.12/24
Gateway IP 192.168.2.1

Testing:
I have run ping from Router 1 to Router 2 LAN IP of 192.168.2.1 - OK
Then another ping was send to the Server 192.168.2.12 - OK
This confirms that the VPN is working, and routing traffic.

Finally, the NAT/Open Port was applied so that Router 1 allows traffic on port 8080 to the Server (192.168.2.12) behind Router 2 (see attached screenshot).

Please note that the Open Port profile is applied on the router that has access to the 192.168.2.12 device over the VPN. Hence, the server can be accessed now by typing
192.168.15.115:8080,
and not 192.168.15.116:8080.


Please let me know if you've got any further questions regarding this.

Regards,

I finally got this to work, from 2860n -> 2830n. It doesn't work with NAT Loopback though (unlike redirection to addresses on the local LAN) - which is why my first test failed.

It doesn't work at all from 2830n -> 2860n.