Unsolved EdgeRouterX - Draytek - Draytek VPN issues
-
OK so in the office here we have VLAN1 10.0.1.X and VLAN15 172.20.0.X controlled by a Cisco Switch 10.0.1.220.
I have a DrayTek 2860 router connected to the LAN with Trunk port sewtup to the switch. The draytek can ping both networks.
I have two sites (well more but if I get this site working I can copy the config/fix) one has a DrayTek the other a EdgeRouterX
I've set-up VPN connection from the DrayTek to DrayTek and DrayTek to EdgeRouter, in the VPN settings of the remote sites added a secondary subnet for VLAN15 172.20.0.X
Draytek Shop Settings - Working
!EdgeRouter WHS Settings - Not working
However the site with the EdgeRouter can't ping the VLAN15 network on our site, But! the DrayTek site can???
-
Can you show us the settings for the EdgeRouter?
FYI - if you use greenshot to take screen captures, you can use their built in editor to obfuscate things more nicely.
-
Are you allowing both VPN tunnels access to both networks in the Main Network? Adding site names would make it easier to refer to them.
-
*Edited the original post to add Site names to referencing too
-
@Dashrender How do you mean "Allowing" all I've done with the "shop" network is set-up the VPN and it worked. Tried to do the same with the WHS Site and it doesn't
-
I haven't setup a VPN tunnel on my EdgeRouter stuff yet, but by default, when you setup tunnels, you have to explicitly say what traffic exists on the other side of the tunnel so it knows to route it over the tunnel, otherwise it routes the traffic to the internet interface.
Your Draytek's might have some type of autoconfig that takes care of that for you, some type of routing protocol. I'm guessing you could set that up on the EdgeRouter as well, but it's probably not there by default.
-
@Dashrender any idea how to check the config?
That was what I was hoping to happen when I added the subnet to the VPN on EdgeRouter like the DrayTek
-
Downloaded the Config file of the EdgeRouter and it has this :-
peer OFFICEIP{ authentication { mode pre-shared-secret pre-shared-secret MySecert } connection-type initiate description LSF ike-group FOO1 local-address WHS-IP tunnel 1 { allow-nat-networks disable allow-public-networks disable esp-group FOO1 local { prefix 192.168.123.0/24 } remote { prefix 10.0.1.0/24 } } tunnel 2 { allow-nat-networks disable allow-public-networks disable esp-group FOO1 local { prefix 192.168.123.0/24 } remote { prefix 172.20.0.0/24 } } } -
You should sanitize your post
-
@Dashrender is that better
-
From my driving on the road point of view that configuration looks correct
-
@JaredBusch stop reading your phone while driving!
-
@hobbit666 said in EdgeRouterX - Draytek - Draytek VPN issues:
@JaredBusch stop reading your phone while driving!
Why?
-
I used to read books while driving
-
@hobbit666 He means change your pre-shared-secret in your config.
-
@Mike-Davis said in EdgeRouterX - Draytek - Draytek VPN issues:
@hobbit666 He means change your pre-shared-secret in your config.
Right - you don't want the world to know the password for your VPN.
-
@Dashrender said in EdgeRouterX - Draytek - Draytek VPN issues:
@Mike-Davis said in EdgeRouterX - Draytek - Draytek VPN issues:
@hobbit666 He means change your pre-shared-secret in your config.
Right - you don't want the world to know the password for your VPN.
12345
-
@Dashrender @Mike-Davis oops but that's not the final one it's only while I test it'll be a random one once I got it working
*Changed anyway -
@hobbit666 said in EdgeRouterX - Draytek - Draytek VPN issues:
@Dashrender @Mike-Davis oops but that's not the final one it's only while I test it'll be a random one once I got it working
*Changed anywayOk, at least there was an understanding to your post.
-
So what happens when you try to ping the main network VLAN? do a tracert and tell us the results.
