DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Allow tethered clients to access LAN via SmartVPN Client

  • routintooter
  • Topic Author
  • User
  • User
More
26 Apr 2023 12:08 #1 by routintooter
Allow tethered clients to access LAN via SmartVPN Client was created by routintooter
Hi.

I'm attempting to set up a VPN connection from an Android phone, running SmartVPN Client (SSL connection) to a Draytek 2850n v1 SB router, that will allow client machines tethered to the phone to access resources on the LAN, via the VPN connection.

The SSL VPN connection from the phone works ok - though it does drop occasionally.

The clients tethered to the phone work fine, in that they can access resources on the internet when tethered.
This is the case with the VPN connected or disconnected.

From the phone I can access resources on the LAN and access the internet.

However, the tethered clients cannot access resources on the LAN

Watching the Draytek syslog output when attempting to access resources on the LAN from a tethered client, I dont seem to see anything on the "firewall" or "user access" tab.

This suggests that the tethered traffic is not going down the VPN (but I freely admit this is level 9 voodoo to me).

Setting "Use remote gateway on remote network" doesn't seem to cause any of the client traffic to be routed via the Draytek.

More details (example IPs):
The Draytek is connected to a Plusnet provided FTTC connection (211.100.20.22, static).
The phone is connected to the internet via BTMobile (UK) data connection (31.94.8.150, presumably dynamic).
The clients are connected via native Android Wifi hotspot functionality to the above phone (gateway as seen by clients 192.160.81.179, client ips 192.168.81.180, 192.168.81.181, etc. presumably dynamic).
The LAN resources are accessed via IP addresses, no resources on the LAN require DNS (LAN gateway 192.168.30.1, resources are static ips in range 192.168.30.0/24).
The mobile carrier (BTMobile) seems to employ IPv6/IPv4.
IPv6 is not used by any of the LAN resources (or the tethered clients).

When attempting to use the native Android VPN app on the same phone, either with PPTP or L2TP w/IPSEC, a VPN connection attempt can be seen in syslog but they are not successful.
The same connections/credentials work when via a 3g dongle connected via Linux machine using the carrier "three" - however, it being a dongle and Linux, there are not SSL clients available.
This model Draytek only seems to support,PPTP, L2TP, L2TP w/IPSEC and Draytek SSL VPNs.
TL,DR: The only VPN connection type that "works" from this phone to this Draytek on this carrier is Draytek SSL.

Q: How can I route the traffic from the phone provided "hotspot" clients, down the VPN, so that they can access resources on the LAN behind the Draytek router?

I think this setup is similar to a LAN to LAN connection topology, not a dial-in user topology, so I can entirely understand if the SmartVPN client is not capable of this functionality.

Thanks.

Please Log in or Create an account to join the conversation.