Hi all.

I have a 2926 and I'm using it with two WAN feeds, WAN1 is a multi-NAT from Zen (8 IPs) and WAN2 is a backup from BT.
I'm not using their routers, but letting the Draytek manage both connections.

I have a number of clients where my IP address is baked into their firewall, for use with RDP etc.

Sometimes, when I'm not in my office, I have to use an alternative way into the server, which is less convenient.

I wondered if it's possible to use the Draytek as a relay - can I set up a VPN that I can connect to on another IP, and then route traffic to specific IPs to go out via a specific IP?

I'm using Windows 10, so I can use the MS VPN client or perhaps the Draytek one if it has any advantage.

In essence, I want to be in the same position I'd be in if I were in the office.

What's my best option?

What I do when away from my PC is RDP into my PC and from there RDP to the client's machine.

Hi marcwilson

Yes, you can dial-in to your office router via VPN (dialling-in via any WAN) and then have a ‘Route Policy’ that connects your now established VPN client-IP to any of your outgoing public IPs at your office location.

In the ‘Routing >> Load-Balance/Route Policy’ settings, choose your VPN client IP as the ‘source’ and then simply assign a WAN connection for it to use, and also an alias IP; if your WAN has multiple public IPs aliased to it.

Note: I favour using the ‘Advanced’ option (radio button) for creating policies, rather than the wizard. You may also want to ensure your local client is passing all traffic via its established VPN connection, that option should be in the client software settings you’re dialling in from.

Also, if you wanted to connect to different “baked in” IPs, you could create several VPN dial-in profiles at the office Vigor end and several matching VPN profiles at your local client-end, to quickly connect to your office and establish specific public IP addresses for each use-case. In the VPN remote dial-in user settings, on the Vigor, you can statically assign a VPN IP too, so you can make sure your routing policies always correctly route the connected users.