DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Router to Router VPN Issues

  • leighwhitling
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
02 Jan 2025 15:09 - 02 Jan 2025 15:17 #104391 by leighwhitling
Router to Router VPN Issues was created by leighwhitling
Hi All

I have a strange issue that i have been trying to resolve but to no avail.

My DrayTek VPN Tunnels have been working fine for the past couple of years but for some reason they have partually stopped working.

The Tunnels still show as online and i am able to access our office router, printer and SQL Server via their private IP's but when it comes to a few other devices such as PO Systems, Domain Controller and all my Hyper-V machines that sit on my SQL Server, it has stopped working.

I have disabled the Router to Router VPN link and created a Dial in user which then i can access everything perfectly fine so the issue is isolated to the Router VPN Tunnels...

Office Router
IP Range 10.12.24.1/24
Router IP: 10.12.24.1
Subnet: 255.255.255.0

VPN to VPN Details
Dial In Profile
PPTP Authentication
Local Network IP: 10.12.24.1
Mask 255.255.255.0
Remote Network IP 192.168.1.250
Mask 255.255.255.0

Home Router
IP Range 192.168.1.1/24
Router IP: 192.168.1.250
Subnet: 255.255.255.0

VPN to VPN Details
Dial Out Profile
PPTP Authentication
Local Network IP: 192.168.1.250
Mask 255.255.255.0
Remote Network IP 10.12.24.1
Mask 255.255.255.0

Has anyone else had this issue and can you see anything wrong with the above settings ?

Thank you in advanced




 
Last edit: 02 Jan 2025 15:17 by leighwhitling.

Please Log in or Create an account to join the conversation.

More
03 Mar 2025 15:02 #104663 by richhh
Replied by richhh on topic Router to Router VPN Issues
Have you ruled out firewall settings?

I'd create a firewall rule with 192.168.1.0/24 to 10.12.24.0/24 allow all services and see if that helps

Please Log in or Create an account to join the conversation.

More
01 Apr 2025 20:26 #104789 by m_d
Replied by m_d on topic Router to Router VPN Issues
When you say you cannot access other machines, can you ping them?

Wondering if it is just specific services which are struggling to traverse the tunnel, or all traffic to certain machines / IP's.

Please Log in or Create an account to join the conversation.

More
04 Apr 2025 19:32 - 04 Apr 2025 19:39 #104805 by John
Replied by John on topic Router to Router VPN Issues
If you can access some office devices from home but not others, that suggests that the VPN is probably okay.

The dial-in test case client will get an IP address allocated from the Office router. The problem seems to be access from an IP address allocated by the Home router

A couple of thoughts ...

Firewalls
Check the firewalls on the DC and SQL server to make sure that they're not blocking connections from 'Home' IP addresses. Also check FWs on VMs if configured.

Routing
I've seen something similar where with routing not working as expected and some devices didn't know where to send the replying packets.
I'd test as follows (with ping, traceroute and tcpdump)
(a) confirm that packets from a Home network client actually reach the destination
(b) confirm that packets from an office device correctly reach the home network source. I'd test from the DC in the first instance since this machine has a simpler configuration than the SQL server / hypervisor.

Also, it is implied that there are multiple VPN tunnels. Is only one problematic?

PS - Also check any Load-Balance/Route Policy settings on the Office router.
Last edit: 04 Apr 2025 19:39 by John.

Please Log in or Create an account to join the conversation.

Moderators: Chris