I am trying to get a teleworker vpn to work using IPSEC. I want the teleworker to get a DHCP address from our DHCP server. Under LAN-> General Setup, i have marked the circle for Relay Agent: 1st subnet, and have specified the DHCP Server IP Address for Relay Agent. I try to create the VPN connection on the teleworker, but it fails with the following being printed in the log:


[2007 August 29 13:59:57] ** Status: Active DHCP policy
[2007 August 29 14:00:02] ** Status: DHCP conversation...
[2007 August 29 14:00:22] ** Status: Releasing assigned IP...
[2007 August 29 14:00:22] ** Status: Inactive DHCP & IPSec SA
[2007 August 29 14:00:23] ** Status: DHCP timeout
[2007 August 29 14:00:23] ** DHCP Timeout

Any idea's?

Thanks
BioHazard

Hi,

I am having the same problem did this ever get fixed?

Regards

Joolz

Hi! the same problem no dhcp trough ipsec? for teleworkers.

Same issue on my 2820n.

Followed this guide http://www.draytek.com/user/SupportAppnotesDetail.php?ID=136

Have enabled virtual IP (on the draytek vpn client) and set to automatically obtain IP. I was hoping this would query the drayteks DHCP pool and lease an address from there over the VPN. However the DHCP conversation over the VPN doesn't work and follows the same points as those listed in the original post.

Any help?

With the Vigor2820 the VPN Client needs to not be behind NAT. ie it needs to have a public IP Address.

The reason is that DHCP over IPSEC isn't compatible with NAT-T.