My customer has a Vigor 2762 on their internet circuit.
They have a VPS in the cloud running Windows Server 2019
I would like to give their LAN access to the VPS using an L2TP + PSK LAN-to-LAN VPN
Now, the 2762 does not allow LAN-to-LAN dial in, only dial-out so I need to call up the VPS from the Draytek
--
RRAS is configured on the server
It has a demand-dial interface configured for L2TP and a user account created for dial-in
L2TP + PSK client connections can be made to the VPS (but not LAN-to-LAN)
--
LAN-to-LAN profile setup on the 2762 seems correct to me. It uses the correct destination IP, routes etc.
But nothing at all happens when I "dial" from the Draytek
Looking at syslog output, the DrayTek initiates, but then appears to timeout in the initial IKE conversation.
Nothing at all is logged in Event Viewer on the VPS server.
The Windows firewall on the VPS is open for all traffic from the DrayTek's public interface IP (and we know client connections work).
--
So...
Any hints as to what to look at next?
I have a similar setup working with a 2865 router where RRAS dials out to the router.
Any tricks for making a Draytek Lan-to-Lan dial a RRAS server ?
(Phase 1 negotiation is set to Auto, IPSec config is Basic, AH is off)
--
Surely I'm not the only person in the world to want to dial up a Windows VPS to enable LAN access to it?
Grateful for any help.

Simon

I guess no one else has been able to suggest anything. Or maybe didn't understand my explanation.
Anyway I've come up with a solution, not very elegant, but it works.
--
I realised that because I don't want to access a network behind the VPS (there isn't one), I don't actually need a LAN to LAN VPN at all.
So I have a dial-in user configured on the DrayTek for L2TP+PSK, and a matching Client VPN config on the VPS.
With that connected I can "see" the server from PCs on the network behind the Draytek. Hurrah!
...
But this is where it got a bit tricky.
I need the VPN on all the time, ready for RDP connections from behind the DrayTek, but you can't specify "always-on" with a Windows _client_ VPN profile, so I created a scheduled task "at startup" doing a rasdial command.
So far so good, except that it then kept disconnecting randomly e.g. when clients logged out of RDP sessions or even when they logged in!.
Even putting rasdial in a loop to constantly reconnect still suffered strange VPN drop issues, e.g. when a different user to the one running the task connected to RDP. Windows tries to close VPNs when you log out, not entirely surprisingly. Okay so I realised it's a user thing. Running as Administrators (group) didn't work - it wouldn't run at all at startup with a strange error implying Ctrl-C had been pressed. Spooky.
To make it work, the task "at startup" (with 1 minute delay), runs as SYSTEM user, executing a batch file as follows: with a loop that checks every 15 seconds whether it can ping the other end of the VPN.
(Running as SYSTEM has the fringe benefit that RDP users can see the connection, but cannot disconnect it!).
The batch file retry loop is simple:
:START
ping -n 1 <some address on the LAN> || rasdial <vpn name> ...
timeout 15
goto START

(also with std out and std error sent to trash - what the Linux guys call /dev/null. Why MS didn't think a silent timeout would be a useful idea I know not.)

Happy VPN-ing everyone.