V. VPN (Virtual Private Networking)
ExpiredTroubleshooting the Smart VPN client
If you are having trouble establishing a VPN tunnel to the vigor router using the Smart VPN client, here are some common causes as well as general advice for VPN configuration.
- Make sure you are using the latest version of the Smart VPN client
Found here https://www.draytek.co.uk/support/downloads/software
- If the connection to the VPN server is unsuccessful, the issue could be that the VPN protocol is being blocked by a company's router/firewall. In these cases try using a different VPN protocol to see if it resolves your issue. SSL VPN is based on TCP port 443 so is normally not blocked by firewalls in some situations there L2TP or IPSEC might be so SSL VPN is a good choice for a dial-in user where the environment can't be controlled.
-
The ports for VPN Service are not opened on the VPN server.
On a NAT device such as a DrayTek routers, we need to open the ports which VPN service requires for VPN tunnel to be established. For DrayTek Routers, enable the VPN service via [VPN and Remote Access] > [Remote Access Control Setup] page will open the required ports automatically. And please also make sure that the required ports are not redirected or opened for the LAN clients. Only enable the specific VPN service which is required.
- If using SSL VPN check that the SSL VPN port on the router matches the one you are using on the Smart VPN client. For vigor routers this can be found on the [SSL VPN]>>[General setup] page.
-
If the VPN is connecting but you cannot access the router or any resources (servers, email, etc.) behind it, check that the VPN client's LAN IP subnet does not match the subnet on the router as this would cause an IP conflict. If you are connecting to the resource using a host name (e.g. server.example.com), please try using the resource’s IP address instead. If the connection works when using the IP address, but not when using a host name, please make sure that your computer's DNS server is able to resolve this host name to an IP address.
-
Check that the IP address you are connecting to is the VPN server's IP address. On the Draytek router's you can check the router's WAN IP address on the [Online Status] > [Physical Connection] page.
- If you are using PPTP, L2TP or SSL VPN the most common error is the password so it's worth double checking that you are using the correct authentication details (i.e. the username and password). The Smart VPN client will display the error message in the image below if there has been an authentication error with the VPN server. If you are using MoTP then as a test try without MoTP and use just a username / password as a test so identify if the configuration issue is specific to the MoTP configuration.
- When using MoTP ensure that the router and PC have the correct time and date set. It is best to set the routers time using NTP instead of browser time.
- For IPSEC double-check that the IPsec preshared key is correct. Check that the pre-shared key you have entered on the Smart VPN client matches that of the VPN server.
The Smart VPN client is updated regularly. These updates includes improvements to make the application more user friendly, other updates includes improvements in functionality of the Smart VPN client. To find out if your software is up to date check the version you are running against the current version on our downloads page.
If you have followed all these steps are you still cannot get the VPN connection working raise a support query and our engineers will assist.
How do you rate this article?
- First Published: 28/06/2019
- Last Updated: 22/04/2021