... because it is a nightmare whatever the router one uses, or just because the DrayTek user interface makes it more difficult than it is?

I've been a Draytek customer for many years, as I've always appreciated the control it gives me on aspects of the router's work that would otherwise be hidden to me. I never found myself with a task I could not study for myself and solve... until now. I've been trying for several weeks to setup my 2860 to run a simple but robust VPN I can use with my Linux laptop and Android phone when on the move, without any success. I once managed to get PPTP working... and then broke it while attempting to move to IPSec and never managed to go back What I hate in particular is how all settings for all four VPN types are always offered to me, whatever my choice of VPN, with little or no indication of which settings applies to which (apart from the two "IPSec something" menu sections).

Is it just me or setting up a VPN on the DrayTek is a nightmare? Or perhaps I'm simply trying to do something that is well beyond my understanding of networking and VPN protocols?

Any advice for me? Should I simply give up the DrayTek and downgrade to something simpler? Thanks,

Giacecco

If you're using the built-in VPN client, it's usually best to use L2TP with IPsec, especially now that PPTP is considered to be less secure. Either of those should work with Linux / other operating systems.
With the Android phone, I recommend using the SmartVPN client for SSL, but L2TP with IPsec would also work.

Hi Giacecco,
I run VPN sessions to my 2925 router(s) on Macs, Windows 10 devices, iPads & iPhones with no problems.
On each of these devices, I use whatever the "native" VPN client is, so no additional software (only because I like to use what's already there, unless I find I can't do something with it)
I fully agree with admin3's (always) sagely advice about L2TP with IPsec (it's what I'm running) - I've got the Draytek iOS app, but haven't really used it yet.
It shouldn't be too hard to get working properly, can you give us some details of what the problem is and what you've got configured please ?
Cheers
Simon

Thank you for offering your help. Before reading you I was trying setting up the VPN on the Vigor 2860 as "IPSec VPN Service", now I am focusing on "L2TP VPN Service" as you suggested.

On the Linux side (Fedora 24), I've created the VPN settings as "IPsec based VPN". The gateway is the external dynamic DNS name of my router, username and password are the same as the ones I've set on the Vigor in "Remote Dial-in User" section plus the DrayTek's IPsec "Pre-Shared Key" as the "secret" in the Linux settings. I set nothing as "group name" and in the "Advanced" section (Phase1 and 2 algorithms and domain).



The settings for the user in the Vigor are - I believe - consistent: the user is enabled and allowed to do L2TP with "none" IPsec policy. Most stuff is disabled anyway.



To test, I disconnect from the Vigor and use my mobile phone's hotspot, in case the odd routing in-and-out-and-back-in could be an issue. The connection is attempted and fails. I don't get any error message on the Linux side and I have no entries in:

Code:

$ sudo journalctl -u NetworkManager -- No entries --

which is odd.

My only guess is that the problem is on the Vigor side, caused by some dirt I may have left in the other half dozen pages of settings that may be "disturbing" what I've described above. Resetting the router to factory settings is not an option, unfortunately.

What do you suggest?

You're using two incompatible configurations. I think that the implementation of IPsec that you're trying to set up on the Linux box is possibly not what the DrayTek router uses.

Please try using L2TP with IPsec and on the router set the profile to L2TP with IPsec Policy set to "Must".

No change