DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2850 <-> 2850 IPSEC VPN not working

  • linker3000
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Feb 2013 13:10 #75179 by linker3000
2850 <-> 2850 IPSEC VPN not working was created by linker3000
Hi,

Anyone else got a pair of 2850's linked OK via an IPSEC VPN?

Setup as follows:

SITE A 2850 <---> BT Broadband <--Internet-> BT Infinity <---> 2850 SITE B (plugged straight into the BT socket - not using their modem)

I can get PPTP+MPPE to work, but not IPSEC.

As a test, I HAVE successfully got IPSEC working from SITE C (with a Draytek 2820) to SITE B, so I am wondering whether it's either a 2850-to-2850 specific issue or something up with the BT broadband at SITE A. I found some notes about switching off BT's DNS helper functionality via their web site and I did that last week.

The 2850's are on firmware 3.6.3_RC1, which was sent to me by Draytek to fix a reboot loop problem with HTC One-X phones on wifi.

Please Log in or Create an account to join the conversation.

More
13 Feb 2013 14:35 #75182 by voodle
does the VPN not work if you set it up as per this guide? http://www.draytek.com/user/SupportAppnotesDetail.php?ID=154

Please Log in or Create an account to join the conversation.

  • linker3000
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Feb 2013 15:18 #75184 by linker3000
Replied by linker3000 on topic Re: 2850 &lt;-&gt; 2850 IPSEC VPN not working
Nope!

Spent two days on this - going mad!

Please Log in or Create an account to join the conversation.

More
14 Feb 2013 14:50 #75198 by voodle
try deleting and remaking the profiles, also reboot the routers but I'm guessing you've tried that many times :)

Please Log in or Create an account to join the conversation.

  • linker3000
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 Feb 2013 07:03 #75209 by linker3000
Replied by linker3000 on topic Re: 2850 &lt;-&gt; 2850 IPSEC VPN not working
Hi everyone,

Thanks for the suggestions. It turned out that IPSec passthrough had been enabled by accident on one of the routers!

A real forehead slapping moment.

Please Log in or Create an account to join the conversation.

More
15 Feb 2013 09:02 #75211 by voodle
ah I hate when that happens, at least it's sorted though :)

If you think it might be happening in future, get the output of "log -ct" and "lot -wt" through telnet, if you don't see anything ipsec related then you can tell it's not sending or receiving quite easily.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami