DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor 2960 / Smart VPN Client Configuration

More
27 Feb 2019 10:46 #1 by h3aly
Vigor 2960 / Smart VPN Client Configuration was created by h3aly
Hello All,

I've attempted to follow the manual with regards to configuration of the VPN and Remote Access but unable to get a successful connection. The Smart VPN client seems to be complaining about the port not being open, nMap seems to think the PPTP port is open but this also fails also. I'm not setting up a LAN-TO-LAN i just need remote clients to be allowed access to the network, i've attempted this via the VPN Server Wizard but this seems to be no different to configuring this through the VPN Profiles options under 'VPN and Remote Access'.

Vigor2960 Firmware: 1.4.1 (There is an update available 1.4.2.1 but at this point i'm currently unable to apply this).
Smart VPN Version: 5.0.1

Ideally I'd like to allow SSL Dial-In I've already defined SSL Usernames within 'User Management > User Profile' and allowed access to the 'SSL Tunnel' I've also enabled 'Internet Access Control' to allow HTTPS and defined a 'SSL VPN Port' under 'Management Port Setup' all within the 'System Maintenance > Access Control' group. 'SSL Tunnel Service' is also checked/enabled under the 'VPN and Remote Access > Remote Access Control' group.

So I can only assume I'm going wrong somewhere with the VPN Profile the 'Profile', 'Enable', and 'SSL User Name' are somewhat self explanatory which may be stumbling with the Local IP/Subnet Mask.

The guide states "Local IP / Subnet Mask Type the IP address and subnet mask of local host. " Does this need to be the local gateway IP and the equivalent subnet mask?

With regards to the Remote IP does this need to be the range to witch the remote client may be using locally such as '192,168.1.0'/'255.255.255.0'? Is there anyway to wild card this as if the user is using something like HYPER-V for their desktop this could be a bizarre range which i may not be able to account for such as '172.17.210.0'/255.255.255.240' depending on how they've setup their network adapter. Or am i completely off base and this needs to be their external IP? If so how are people getting around the potential issue of their IP address not being static?

Please Log in or Create an account to join the conversation.