We help IT Professionals succeed at work.

VPN - Draytek Router 2860

Medium Priority
292 Views
Last Modified: 2016-05-09
Hi Guys,

I have a draytek 2860 router with a VPN IPsec Tunnel 3DES. it is showing as 2 VPN connections instead of 1. you can drop the connection and then it establishes two. please see screen shot below.

is this normal for the router to have 2 or should it only have 1 connected?

it is a LAN-2-LAN VPN between 2 draytek 2860 used for IP phones.

Peggiegreg

EE.PNG
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
1. Is it working?

2. Can you delete one tunnel?  Not "drop" but delete.

3. I use Juniper and Cisco with Site to Site tunnels and each distinct tunnel shows up just once. What you see above may be peculiar to Draytek.

4. Can you update firmware on the routers?
PeggieGregInfrastructure Analyst

Author

Commented:
Hi John,

please find the answers to your questions below

1. Is it working?
Yes perfectly

2. Can you delete one tunnel?  Not "drop" but delete.
they are the same tunnel, I can only disable it (which would disable both) or drop it and then it establishes a second?

3. I use Juniper and Cisco with Site to Site tunnels and each distinct tunnel shows up just once. What you see above may be peculiar to Draytek.
this is exactly what I thought, and wanted some clarity. cant find anything online.

4. Can you update firmware on the routers?
Yes they are both up-to-date
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Try deleting both tunnels so no tunnels exist.

Now set up one tunnel and see if it behaves normally.

I could not find anything about Draytek either. If it is all working, then perhaps ignore it.
The L2TP/IPSec tunnels I've set up with these routers have each appeared singly.

Have you set up  the connection to be initiated at both ends? VPNs are normally initiated and maintained by one end only. If I remember correctly from the previous question you posted, this is a site-to-site connection that has a Draytek 2860 at each end.

As the connection is working even though it seems very odd to have it in duplicate, I'd suggest using Draytek's email support here:

http://www.draytek.co.uk/support/techquery

Responses can vary between fairly quick (occasionally same day if you submit early enough) and glacial, but when they arrive they are generally useful.
PeggieGregInfrastructure Analyst

Author

Commented:
@John Hurst
I was tempted to leave it as it was without altering the config as it was working perfectly fine regardless, all through traffic goes down both.

@Perarduaadastra
I e-mailed Draytek Support as you mentioned and I got a response quickly, they suggested the same as you, they suggested the connection was be initiated at both ends. It was! Each Router could either have the option call direction set to: Both, Dial-Out, or Dial-In.

I had the Connection on both ends set to 'Both'. All through this worked perfectly fine when the VPN was PPTP after changing it to IPsec it has caused it to initiate a connection on both sides which is why it showed twice. I changed the main site to Dial-Out, and the branch site to Dial-In, dropped both connections and on re-establishing them I only got one connection showing! tested and works perfectly.

Thanks for the help guys, And many thanks to Perarduaadastra
My pleasure.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.