cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Draytek IPsec VPN, anyone have any experience?

oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 4:34 PM

Just hoping someone out there might have some practical idea whats going on?
I have two LANs bridged via IPsec. I originally used Billion routers but between the 7500GL firmware not supporting SP3 and the 7402G's squirrely wireless I've gone off Billion these days.
Anyway I thought I had things working but I've had some extremely odd windows networking issues and I wondered if anyone else was running the same configuration (2 subnets bridged)?
Message 1 of 9
(2,261 Views)
0 Thanks
8 REPLIES 8
MisterW
Superuser
Superuser
Posts: 14,755
Thanks: 5,527
Fixes: 394
Registered: ‎30-07-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 5:33 PM

Yep, I've got a pair of 2820's running an IPSec VPN between 2 offices. They link a 192.168.0,x subnet to a remote 192.168.1.x subnet if that helps ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 2 of 9
(1,478 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 6:21 PM

Might do, currently I'm runnig a fairly bog-standard windows network, with a Linkstation server at the work end, and an NSLU2 at the home end. I've been getting some really wierd stuff with the naming service, computers at the home end appearing on the work workgroup. There seems to be some "Leakage". Things came to a head today when a laptop just wouldn't stay on. I tried a different AP same again, tried cable and things still went wierd.
I don't know what should happen with netbios and subnets? I'm not running WINS and I don't have a domain controller. I'm wondering if renaming the home "workgroup" might help. There never used to be any cross-over apart from using the IP.
Message 3 of 9
(1,478 Views)
0 Thanks
MisterW
Superuser
Superuser
Posts: 14,755
Thanks: 5,527
Fixes: 394
Registered: ‎30-07-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 6:32 PM

TBH I've never had a lot of success using Netbios over VPN's. In my case, fortunately I don't need to as the remote machines are always accessed via IP directly.
Not quite sure what you mean here
Quote
There never used to be any cross-over apart from using the IP

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 4 of 9
(1,478 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 7:49 PM

Quote from: MisterW
TBH I've never had a lot of success using Netbios over VPN's. In my case, fortunately I don't need to as the remote machines are always accessed via IP directly.

I always took it for granted I'd have to access by IP, or set HOSTS file lines for the remote system. Thats how it used to be.
Today my home system's name appeared on the work network, and recently the home network has been unbrowsable. Its like the netbios records have somehow merged and all ended up on the work side.
Message 5 of 9
(1,478 Views)
0 Thanks
MisterW
Superuser
Superuser
Posts: 14,755
Thanks: 5,527
Fixes: 394
Registered: ‎30-07-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 8:12 PM

Quote
I always took it for granted I'd have to access by IP, or set HOSTS file lines for the remote system. Thats how it used to be.

Ah!, I suspect that the Billion setup maybe didn't support NetBios by default, I've just checked my 2820 VPN setup and it seems to have Netbios pass-though on by default ( at least I didn't put it on  deliberately! ). Maybe that's why its different now. If you've not got a Domain Controller or a WINS server then I'm not sure what will happen with determining the Master browser when Netbios is broadcast across the VPN.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 6 of 9
(1,478 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎16-11-2010 8:53 PM

That sounds right, maybe I need to look again for options, killing off passthrough or enabling it fully might cure it. Also I can't find any way to determine which machine is browse-master, it all seems hidden. I tried forcing one samba server by setting its priority really high.
Currently I'm trying changing the workgroup name so any name leakage will be obvious, apart from that I can't find any way to control netbios behavior on the 2800 unless I can use firewall options, or something in the CLI.
Message 7 of 9
(1,478 Views)
0 Thanks
MisterW
Superuser
Superuser
Posts: 14,755
Thanks: 5,527
Fixes: 394
Registered: ‎30-07-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎17-11-2010 8:34 AM

Quote
Also I can't find any way to determine which machine is browse-master, it all seems hidden.

It is, the master browser is automatically negotiated by the Windows browser.

On my 2820 there is an option 'Netbios Naming packet' on the Lan->Lan VPN settings ( see attached )

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 8 of 9
(1,478 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Draytek IPsec VPN, anyone have any experience?

‎17-11-2010 9:20 AM

Can't find a similar option on the 2600. Yesterday I disabled the bridge and today I can't access home any way at all, even PPTP, so it'll all have to wait till I get home again.
Only change I have noticed is I think on the Billion setup I had left RIP disabled, on the Drayteks I left it enabled. I wonder if this affects whether broadcasts are forwarded, if so that might account for the difference.
Message 9 of 9
(1,478 Views)
0 Thanks