Hi,

Please help me before I lose my mind! I’m by no means a networking expert and am not 100% sure what I’m trying to achieve is even possible or if I simply have some kind of misconfiguration.

I have a double NAT configuration using the DrayTek Vigor 2860 and the Vigor 2830Vn-plus like so:

Code:

+------------+ | Internet | +------------+ | WAN: Public IP +------------------+ |Vigor 2860 | +------------------+ | LAN: 192.168.111.254 | | | | | WAN: 192.168.111.1 +------------------+ |Vigor 2830Vn plus | +------------------+ LAN: 192.168.1.254 DHCP: 192.168.1.1 - 192.168.1.50

And am trying to configure VPN as per the below guide:

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

If I follow the above on the first router (2860), it all works correctly. However I get a 192.168.111.0 address instead of a 192.168.1.0. I then configured IPSec L2TP passthrough on the 2860 as per.

https://www.draytek.com/en/faq/faq-vpn/vpn.others/how-to-set-up-vigor-router-to-pass-through-vpn-tunnel/

And then configured the 2830Vn-plus as the VPN server as per the first link. This is where it fails. The IPSec part does not seem to work. If on the Windows client I instead select just username and password, it works but I get an unencrypted L2TP connection showing on the second (2830) router. If however I select the pre-shared key, it fails!

Any ideas why this would be? Thanks.

Hello @crazzyfool,

Please take a chill pill. I think your issue with L2TP over IPsec on the 2860 is a bug which will be corrected in the next firmware version 3.8.9 which is available on the International site, but currently being tested with the BT modem code before release in the UK. Hopefully should be released in the next day or two.

Here are the release notes for 3.8.9

http://www.draytek.com.tw/ftp/Vigor2860/Firmware/v3.8.9/DrayTek_Vigor2860_V3.8.9_release-note.pdf

John.

:lol: Oh wow that's great news! Thanks John! That does indeed sound like the issue - I look forward to the release.

Version 3.8.9.1 is available now on the Draytek UK web site. (3.8.9 introduced a couple of issues, so it wasn't released in the UK :oops: )

John

Hmmm, I just upgraded but same issue unfortunately?! I think the issue is actually with the 2830 but I don't see a similar upgrade for that?

Some suggestions...

Is it possible to temporarily connect the 2830 directly to the internet and prove you can establish your L2TP/IPSec connection to it.? (Just to eliminate configuration (or compatibility) problems on the 2830)

or

Perhaps configuring the 2830 as the "DMZ Host" on the 2860 would do the trick?
( https://www.draytek.com/en/faq/faq-connectivity/connectivity.nat/how-to-set-dmz-host/ )