DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
NordVPN newbie question
- piste basher
- Topic Author
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
04 May 2022 14:16 #101089
by piste basher
NordVPN newbie question was created by piste basher
I've decided to give NordVPN a try since they're running a good discount deal at the moment. I'm not greatly familiar with VPN's so please bear with me.
If I set the VPN up on my 2927ax as per the instructions herehttps://www.draytek.com/support/knowledge-base/5371
(ignoring the "Select Remote Network Mask to "0.0.0.0/24" as that option is not available and instead setting it to 255.255.255.0/24 as is indeed shown in their figure)
it all appears to work and I establish an outgoing VPN connection. However, whilst I can connect to some sites - e.g. Google and this very forum, I cannot connect to others such as Amazon, the BBC, my bank and, perhaps weirdest of all, NordVPN.com
However, if I turn off the VPN on the router and instead run the NordVPN app on the same Windows 10 PC, I can connect to all of those sites without problem.
Is this expected and/or typical behaviour, and can it be altered? As Nord tout the ability to install it on a router as one of the great benefits it would seem a shame if it doesn't actually work...
If I set the VPN up on my 2927ax as per the instructions here
(ignoring the "Select Remote Network Mask to "0.0.0.0/24" as that option is not available and instead setting it to 255.255.255.0/24 as is indeed shown in their figure)
it all appears to work and I establish an outgoing VPN connection. However, whilst I can connect to some sites - e.g. Google and this very forum, I cannot connect to others such as Amazon, the BBC, my bank and, perhaps weirdest of all, NordVPN.com
However, if I turn off the VPN on the router and instead run the NordVPN app on the same Windows 10 PC, I can connect to all of those sites without problem.
Is this expected and/or typical behaviour, and can it be altered? As Nord tout the ability to install it on a router as one of the great benefits it would seem a shame if it doesn't actually work...
Please Log in or Create an account to join the conversation.
- piste basher
- Topic Author
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
05 May 2022 08:59 #101092
by piste basher
Replied by piste basher on topic Re: NordVPN newbie question
Another intriguing thing I notice - if I visit e.g. What Is My IP Address.com with the NordVPN tunnel up on the router, they cannot see my IPv4 address but they can see my IPv6 address.
If I turn that off and connect via the NordVPN app on the PC, the site returns a Nord VPN server as my IPv4 address and "not detected" for IPv6.
If I turn that off and connect via the NordVPN app on the PC, the site returns a Nord VPN server as my IPv4 address and "not detected" for IPv6.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
05 May 2022 14:48 #101093
by hornbyp
To my mind, that smacks of an MTU issue...
(decades ago, I tried to replace my brother-in-law's USB Speedtouch modem, with one of these new-fangled consumer Router affairs. It burst into life very easily, but I got very weird results: I could access EBAY.COM, but not EBAY.CO.UK - that sort of thing. I didn't solve it on the day and it's bothered me ever since.)
There is not (AFAIK) an MTU setting for a VPN itself - but I wonder if the main WAN MTU would still have a bearing?
Alternatively, those instructions say
Could that be the problem?
(I have no idea what that setting actually does - I've always enabled it).
Replied by hornbyp on topic Re: NordVPN newbie question
Piste Basher wrote:
it all appears to work and I establish an outgoing VPN connection. However, whilst I can connect to some sites - e.g. Google and this very forum, I cannot connect to others such as Amazon, the BBC, my bank and, perhaps weirdest of all, NordVPN.com
To my mind, that smacks of an MTU issue...
(decades ago, I tried to replace my brother-in-law's USB Speedtouch modem, with one of these new-fangled consumer Router affairs. It burst into life very easily, but I got very weird results: I could access EBAY.COM, but not EBAY.CO.UK - that sort of thing. I didn't solve it on the day and it's bothered me ever since.)
There is not (AFAIK) an MTU setting for a VPN itself - but I wonder if the main WAN MTU would still have a bearing?
Alternatively, those instructions say
Note: In order to accept large packets from NordVPN, Allow pass inbound fragmented large packets (required for certain games and streaming) should be enabled.Draytek wrote:
Could that be the problem?
(I have no idea what that setting actually does - I've always
Please Log in or Create an account to join the conversation.
- piste basher
- Topic Author
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
05 May 2022 15:13 #101094
by piste basher
Replied by piste basher on topic Re: NordVPN newbie question
I think I read somewhere on Nord about MTU not being higher than 1492, which is what I have always had it set as anyway. Discovery detect comes back with that figure.
Like you, I have always had accept large fragmented packets turned on as well.
I'm connecting to a UK server on both setups, so that shouldn't affect any blocking of sites on a regional basis.
I think I've already tried disabling IPv6 on the router but I'll try it again now.
Like you, I have always had accept large fragmented packets turned on as well.
I'm connecting to a UK server on both setups, so that shouldn't affect any blocking of sites on a regional basis.
I think I've already tried disabling IPv6 on the router but I'll try it again now.
Please Log in or Create an account to join the conversation.
- piste basher
- Topic Author
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
05 May 2022 15:26 #101095
by piste basher
Replied by piste basher on topic Re: NordVPN newbie question
OK IPv6 didn't make any difference.
I notice than when the VPN is up I no longer see the "Remote VDSL2 information from WAN1" information box on the Online Status page.
This makes me wonder if it's something to do with me using a virtual WAN to connect to the Vigor 130, so I can access it easily - but why that should affect some sites and not others is puzzling.
I notice than when the VPN is up I no longer see the "Remote VDSL2 information from WAN1" information box on the Online Status page.
This makes me wonder if it's something to do with me using a virtual WAN to connect to the Vigor 130, so I can access it easily - but why that should affect some sites and not others is puzzling.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
06 May 2022 12:03 #101099
by hornbyp
Replied by hornbyp on topic Re: NordVPN newbie question
Does "Diagnostics >> Route Policy Diagnosis " give the same results for the sites that work, as for the one that don't :?:
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek