Hi,

I'm having trouble setting up (and finding the search terms sweet spot when googling) this VPN scenario:

Dial in VPN user (192.168.1.x) ---> Site 1 (VIgor 2860/VDSL) ---> LAN to LAN VPN ---> Site 2 (VIgor 2860/LTE) ---> Host on Site 2 LAN (192.168.2.x)

The LAN to LAN VPN is setup and working OK, I'm able to SSH to hosts to/from both subnets.
The Dial-In VPN works.

It's just once I'm VPN'ed into Site 1 i'm not able to contact any host (by IP) in the site 2 subnet from the dial-in VPN client (clients tested so far are iOS and Mac).

If anyone can help, that would be great.

Thanks
Wayne

Draytek support simply replied to my ticket with the one liner: 'Disable the Firewall on the clients', not really an option!

If anyone has any sensible solution I'm all ears, thanks.

Why isn't that sensible or an option; software/device firewalls do often block routing to reserved subnets...

Adding rules to a firewall to allow required traffic through is a valid option. Just turning a firewall off isn't (other than as a quick test).

I know nowt at all about IOS and Mac, so I can't offer any help though.

admin wrote: Why isn't that sensible or an option; software/device firewalls do often block routing to reserved subnets...

As 'hornybyp' wrote: "Just turning a firewall off isn't [sensible] (other than as a quick test)"

There is no option in iOS to turn of the firewall, AFAIK on a non-jailbroken iOS.

So is this an IOS or OSX client? Did you tick the box for 'send all traffic through connection' or similar?
Is the other subnet listed in the DrayTek VPN LAN as a secondary subnet so that the device knows to route to it internally?