DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN for redirection
- marcwilson
- Topic Author
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
25 Feb 2024 06:31 #103181
by marcwilson
VPN for redirection was created by marcwilson
Hi all.
I have a 2926 and I'm using it with two WAN feeds, WAN1 is a multi-NAT from Zen (8 IPs) and WAN2 is a backup from BT.
I'm not using their routers, but letting the Draytek manage both connections.
I have a number of clients where my IP address is baked into their firewall, for use with RDP etc.
Sometimes, when I'm not in my office, I have to use an alternative way into the server, which is less convenient.
I wondered if it's possible to use the Draytek as a relay - can I set up a VPN that I can connect to on another IP, and then route traffic to specific IPs to go out via a specific IP?
I'm using Windows 10, so I can use the MS VPN client or perhaps the Draytek one if it has any advantage.
In essence, I want to be in the same position I'd be in if I were in the office.
What's my best option?
I have a 2926 and I'm using it with two WAN feeds, WAN1 is a multi-NAT from Zen (8 IPs) and WAN2 is a backup from BT.
I'm not using their routers, but letting the Draytek manage both connections.
I have a number of clients where my IP address is baked into their firewall, for use with RDP etc.
Sometimes, when I'm not in my office, I have to use an alternative way into the server, which is less convenient.
I wondered if it's possible to use the Draytek as a relay - can I set up a VPN that I can connect to on another IP, and then route traffic to specific IPs to go out via a specific IP?
I'm using Windows 10, so I can use the MS VPN client or perhaps the Draytek one if it has any advantage.
In essence, I want to be in the same position I'd be in if I were in the office.
What's my best option?
Please Log in or Create an account to join the conversation.
- lesd
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
25 Feb 2024 18:42 #103184
by lesd
Les
Replied by lesd on topic Re: VPN for redirection
What I do when away from my PC is RDP into my PC and from there RDP to the client's machine.
Les
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 207
- Thank you received: 16
27 Feb 2024 06:33 #103187
by HodgesanDY
Replied by HodgesanDY on topic Re: VPN for redirection
Hi marcwilson
Yes, you can dial-in to your office router via VPN (dialling-in via any WAN) and then have a ‘Route Policy’ that connects your now established VPN client-IP to any of your outgoing public IPs at your office location.
In the ‘Routing >> Load-Balance/Route Policy’ settings, choose your VPN client IP as the ‘source’ and then simply assign a WAN connection for it to use, and also an alias IP; if your WAN has multiple public IPs aliased to it.
Note: I favour using the ‘Advanced’ option (radio button) for creating policies, rather than the wizard. You may also want to ensure your local client is passing all traffic via its established VPN connection, that option should be in the client software settings you’re dialling in from.
Also, if you wanted to connect to different “baked in” IPs, you could create several VPN dial-in profiles at the office Vigor end and several matching VPN profiles at your local client-end, to quickly connect to your office and establish specific public IP addresses for each use-case. In the VPN remote dial-in user settings, on the Vigor, you can statically assign a VPN IP too, so you can make sure your routing policies always correctly route the connected users.
Yes, you can dial-in to your office router via VPN (dialling-in via any WAN) and then have a ‘Route Policy’ that connects your now
In the ‘Routing >> Load-Balance/Route Policy’ settings, choose your VPN client IP as the ‘source’ and then simply assign a WAN connection for it to use, and also an alias IP; if your WAN has multiple public IPs aliased to it.
Note: I favour using the ‘Advanced’ option (radio button) for creating policies, rather than the wizard. You may also want to ensure your local client is passing all traffic via its established VPN connection, that option should be in the client software settings you’re dialling in from.
Also, if you wanted to connect to different “baked in” IPs, you could create several VPN dial-in profiles at the office Vigor end and several matching VPN profiles at your local client-end, to quickly connect to your office and establish specific public IP addresses for each use-case. In the VPN remote dial-in user settings, on the Vigor, you can statically assign a VPN IP too, so you can make sure your routing policies always correctly route the connected users.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek