DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
LAN-LAN VPN work both ways?
- mikehughesc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
05 Jun 2015 18:02 #83552
by mikehughesc
LAN-LAN VPN work both ways? was created by mikehughesc
I have a Vigor 2820 at location A and a 2830 at location B. I have a working LAN-LAN VPN between the two.
Location A has a network of devices on 192.168.2.x
Location A has a network of devices on 192.168.4.x
From Location B, I can see devices on Location A's network - for example, I can VNC to a computer on 192.168.2.18 and get to the 2820 router on 192.168.2.1. (I assume that this works because on the 2830 I have a Load Balance / Route Policy which directs 192.168.2.xxx through the VPN).
But it doesn't work the other way round: when I am physically located at Location A, I cannot "see" anything at all on 192.168.4.x -- presumably because the 2820 doesn't have a "Load balance / Route Policy" option! Is there another way of doing it on the 2820?
Location A has a network of devices on 192.168.2.x
Location A has a network of devices on 192.168.4.x
From Location B, I can see devices on Location A's network - for example, I can VNC to a computer on 192.168.2.18 and get to the 2820 router on 192.168.2.1. (I assume that this works because on the 2830 I have a Load Balance / Route Policy which directs 192.168.2.xxx through the VPN).
But it doesn't work the other way round: when I am physically located at Location A, I cannot "see" anything at all on 192.168.4.x -- presumably because the 2820 doesn't have a "Load balance / Route Policy" option! Is there another way of doing it on the 2820?
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
07 Jun 2015 05:43 #83559
by admin
Forum Administrator
Replied by admin on topic Re: LAN-LAN VPN work both ways?
The term 'see' is a bit ambiguous.... You say you're using VNC which sends a connection request and (hopefully) gets a response - it doesn't ''see' the network. Do you mean that one LAN cannot VNC to a device on the other ?
Presumably VNC works locally on both LANs.
You do not need any router,policy or LB rule. A router will automatically route traffic through a VPN if the destination subnet falls within range. Check VPN settings at both ends.
Presumably VNC works locally on both LANs.
You do not need any router,policy or LB rule. A router will automatically route traffic through a VPN if the destination subnet falls within range. Check VPN settings at both ends.
Forum Administrator
Please Log in or Create an account to join the conversation.
- mikehughesc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
07 Jun 2015 19:34 #83563
by mikehughesc
Replied by mikehughesc on topic Re: LAN-LAN VPN work both ways?
Sorry, by "see" I simply meant "am able to connect to". The VPN setup is:
Location A - Vigor 2820 - LAN-to-LAN VPN setup page:
Call Direction: Dial-In
Allowed Dial-in type: PPTP
Remote Network IP 192.168.4.0
Remote Network Mask 255.255.255.0
Local Network IP 192.168.2.0
Local Network Mask 255.255.255.0
Location B - Vigor 2830 - LAN-to-LAN VPN setup page:
Call Direction: Dial-Out
Type of Server: PPTP
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0
Local Network IP 192.168.4.0
Local Network Mask 255.255.255.0
Connection up and running, showing active on the "Connection Management" page of both Vigors.
When I am physically located in Location B, I can VNC to a machine in Location A using the IP address - for example 192.168.2.20. I can also go in my browser to 192.168.2.1 which is the address of the 2820 at Location A - and the router config pages come up OK.
When I am physically located in Location A, I cannot do the same in reverse - for example if I retry to VNC to a computer on 192.168.4.40, I just get a timeout. Or if I go in my browser to 192.168.4.1, there is no response.
You're right about not needing the route policy - I've removed that rule and it still works as above.
So ... what could I be doing wrong for this not to work both ways?
Mike
Location A - Vigor 2820 - LAN-to-LAN VPN setup page:
Call Direction: Dial-In
Allowed Dial-in type: PPTP
Remote Network IP 192.168.4.0
Remote Network Mask 255.255.255.0
Local Network IP 192.168.2.0
Local Network Mask 255.255.255.0
Location B - Vigor 2830 - LAN-to-LAN VPN setup page:
Call Direction: Dial-Out
Type of Server: PPTP
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0
Local Network IP 192.168.4.0
Local Network Mask 255.255.255.0
Connection up and running, showing active on the "Connection Management" page of both Vigors.
When I am physically located in Location B, I can VNC to a machine in Location A using the IP address - for example 192.168.2.20. I can also go in my browser to 192.168.2.1 which is the address of the 2820 at Location A - and the router config pages come up OK.
When I am physically located in Location A, I cannot do the same in reverse - for example if I retry to VNC to a computer on 192.168.4.40, I just get a timeout. Or if I go in my browser to 192.168.4.1, there is no response.
You're right about not needing the route policy - I've removed that rule and it still works as above.
So ... what could I be doing wrong for this not to work both ways?
Mike
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
08 Jun 2015 12:40 #83568
by admin
Forum Administrator
Replied by admin on topic Re: LAN-LAN VPN work both ways?
When you are in location A, can you VNC to a PC on the same LAN ?
When you are at B can you ping the PCs at A ?
I DONT THINK YOU NEED THE LOCAL SUBNET ON THE VPN settings...it deduces it.
(Oops, caps not intended).
Can you try RDP instead?
Call out/in direction shouldn't make any difference.
When you are at B can you ping the PCs at A ?
I DONT THINK YOU NEED THE LOCAL SUBNET ON THE VPN settings...it deduces it.
(Oops, caps not intended).
Can you try RDP instead?
Call out/in direction shouldn't make any difference.
Forum Administrator
Please Log in or Create an account to join the conversation.
- mikehughesc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
08 Jun 2015 13:31 #83570
by mikehughesc
Replied by mikehughesc on topic Re: LAN-LAN VPN work both ways?
Yes, VNC works fine within each network and from B to A - just not A to B.
I can ping PCs on B from a machine at A, but I cannot ping PCs on B from a machine at A.
I didn't enter the subnet details - the Draytek did it automatically.
Not sure what you mean by "try RDP instead"? - you mean Remote Desktop instead of VNC? - I'm sure this is nothing to do with whether it's VNC or RDP ... because it's not just VNC that fails:
- ping doesn't work from A to B (but does work within B, and from B to A)
- the router at B (192.168.4.1) doesn't work from A, but does work within B
- the router at A (192.168.2.1) works from both A and B
Mike
I can ping PCs on B from a machine at A, but I cannot ping PCs on B from a machine at A.
I didn't enter the subnet details - the Draytek did it automatically.
Not sure what you mean by "try RDP instead"? - you mean Remote Desktop instead of VNC? - I'm sure this is nothing to do with whether it's VNC or RDP ... because it's not just VNC that fails:
- ping doesn't work from A to B (but does work within B, and from B to A)
- the router at B (192.168.4.1) doesn't work from A, but does work within B
- the router at A (192.168.2.1) works from both A and B
Mike
Please Log in or Create an account to join the conversation.
- mikehughesc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
08 Jun 2015 13:39 #83571
by mikehughesc
Replied by mikehughesc on topic Re: LAN-LAN VPN work both ways?
PS just to clarify when I said "the router at 192.168.x.1 works" I meant that the admin config interface comes up - so
from a PC in either A or B you can go to http://192.168.2.1:port and get the 2820 router config pages
from a PC in B if you go to http://192.168.4.1:port then you get the 2830 config pages
BUT from a PC in A if you go to http://192.168.4.1:port then you get zilch
Essentially the problem is that every request from network A for a device on 192.168.4.x (i.e. network B) is not getting through: but it works fine vice-versa.
from a PC in either A or B you can go to http://192.168.2.1:port and get the 2820 router config pages
from a PC in B if you go to http://192.168.4.1:port then you get the 2830 config pages
BUT from a PC in A if you go to http://192.168.4.1:port then you get zilch
Essentially the problem is that every request from network A for a device on 192.168.4.x (i.e. network B) is not getting through: but it works fine vice-versa.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek