We help IT Professionals succeed at work.

Draytek (Site to Site VPN using IPSec)

Hi,

I have two Drayteks. One site has a Vigor 2860 (Site 1 - 192.168.2.0) and the other a Vigor2830 (Site 2 - 192.168.5.0).

I have attempted to create a site-to-site VPN, bit cannot get a connection. I have another site (Site 3) which can establish a site-to site VPN with Site 1.

I have replicated all settings from the successful site to site VPN (of course changing the relevant External IP address) but I still cannot get a connection. I have attached a screenshot of both VPN profiles (I have hidden the external IP addresses). is there anything I am missing?VPN-Site-1-to-Site-2_.jpgVPN-Site-2-to-Site-1.jpg
thanks in advance,
Col
Comment
Watch Question

Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
You have set up "AH" as security method. Don't! This is using only authentication, no encryption! Switch to ESP only.
Since this also set differently on initiator (Dial-Out) and responder (Dial-In), it might be the issue.
If it does still not work, you'll have to review the logs on both (!) sides while connecting.
Hi Qlemo,

I changed the security method to ESP (DES without Authentication). Is this correct? However this did not establish a connection. Where on a Draytek can I check the logs files?

Thanks for your help,
Col
Hi,

Does anyone know how to check the log files on a Draytek? I have looked at the 'Diagnostics' section but not sure what I should be looking for? Particularly on IPsec VPN site to site connections.

Thanks in Advance,
Col
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015
Commented:
Please do not use DES. You should also stay away from 3DES, which is not safe anymore. AES should be your choice for Draytek, and only AES - remove all other checkmarks.

For logging, see http://www.draytek.com/?a=resource/update&action=post/update&id=2733 .
Senior Technician
Commented:
I always set the encryption to "high" when doing lan 2 lan vpns.
Also, make sure that both routers are on the same firmware version; this has tripped me up a couple of times ;)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.