I have a remote 2762 dialling in to a 2860. I have a stable connection not which has taken some doing!

The problem is the speed across the VPN is so slow it's not usable, and basic webpages like the router login screen will not completely load.


2860 is home, BT Broadband, 74 down/18 up.
2762 is remote, using Huawei E3372H dongle with a BT SIM, 28 down/15 up.
Speeds are from fast.com (netflix) and feels correct.

I'm hoping I've mad a mistake in my configs, so am posting in the hope i can be corrected please.

Here's my home configs
my wan 0.0.0.0
remote gateway ip 0.0.0.0
remote network ip 10.1.1.0
remote network mask 255.255.255.0
Local network ip 192.168.1.0
Local network mask 255.255.255.0
Rip direction - Disabled
From first subnet to remote network you have to do ROUTE
IPsec VPN with same subnets = unchecked
Change default route to this VPN tunnel = unchecked


Here's my remote configs
my wan 0.0.0.0
remote gateway ip 0.0.0.0
remote network ip 192.168.1.0
remote network mask 255.255.255.0
Local network ip 10.1.1.0
Local network mask 255.255.255.0
Rip direction - Disabled
From first subnet to remote network you have to do ROUTE
IPsec VPN with same subnets = unchecked
Change default route to this VPN tunnel = unchecked


On the 'Lan-to-Lan profiles' page, there a check box under the profiles for ' Pass Routing LAN to VPN' what is this for?

Any help greatly appreciated!

Colin

Your settings look to be in line with Draytek's recommendations. For some reason, I ignored Draytek and placed an actual IP address in the "Remote Gateway IP" box, but I don't think it actually makes any difference (and I can't remember why I did it )

The fact that SSL is slower than a slow thing is not unusual, but it is normally fine for low bandwidth operations - such as accessing a remote device GUI. Why yours is going so slow it's unusable, is a bit mysterious.

My only recommendation, would be to try L2TP/IPSec in place of SSL. (It's not too hard to setup and is much faster (10x ?). Just ensure you don't use the "AH" security method, because it's not encrypted - the resulting link should show in green in the Connection Management screen)

As for the 'Pass Routing LAN to VPN' option, is this the equivalent of 'Change default route to this VPN tunnel' on the 2860? (which is rather more obvious)

Thanks for the reply.

For the past 2 hours I've tried to setup both IPSEC and L2TP with IPSEC and cant get either to work.

it just doesn't connect at all. The log on the calling router is:

2020-05-10 11:23:00 Delete exist flowstate of VPN ifno: 9 ....
2020-05-10 11:23:00 PPP Drop VPN : L2L Dial-out, Profile index = 3, Name = l2tp, ifno = 9
2020-05-10 11:23:00 [L2TP][L2L][3:l2tp][@81.153.175.209] pppShutdown
2020-05-10 11:23:00 [L2TP][L2L][3:l2tp][@81.153.175.209] IKE link timeout: state linking
2020-05-10 11:22:47 IKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2020-05-10 11:22:47 [IPSEC/IKE][L2L][3:l2tp][@81.153.175.209] Initiating IKE Main Mode
2020-05-10 11:22:47 Initiating IKE Main Mode to 81.153.175.209
2020-05-10 11:22:47 Dialing Node3 (l2tp) :

"Main mode" requires fixed IP addresses - and the one shown in the log looks dynamic, from its Reverse Lookup.

Does this guide help?

https://www.draytek.co.uk/support/guides/kb-lantolan-ipsec

(It's IPSEC only, but can easily be changed to L2TP/IPsec when you get it up and running)