dangermouse1977
asked on
DHCP problem over Draytek LDAP VPN
I have a Draytek Vigor 3900 device that I have set up a VPN service to allow staff to connect when they're not in the office.
After something of a battle, I managed to get LDAP authentication working, so that the VPN checks that a user is in a particular security group and that controls their access.
I've hit an issue at the last though, that I simply cannot fix.
Some users can log in and some cannot - the Draytek error logs reveal quite clearly that those who cannot log in are not being issued an IP address so the tunnel is dropping.
I cannot understand why they're not getting an address though, when other users are
For the avoidance of doubt, I'm changing nothing except the username and password when I'm doing this, so there are no other variables and the Draytek is logging
Vigor: pppd[16900]: DHCPC: Ignoring XID ab9059ed (our xid is 125a6928)
According to Draytek the XID should be the same, but they don't know why it wouldn't be.
We're a Server 2012 environment, with 2 x DCs in failover mode (that is working as far as I can tell - I paused the services on each one in turn and tried to login - got the same error.
I'm really stuck now, any thoughts or advice welcomed.
After something of a battle, I managed to get LDAP authentication working, so that the VPN checks that a user is in a particular security group and that controls their access.
I've hit an issue at the last though, that I simply cannot fix.
Some users can log in and some cannot - the Draytek error logs reveal quite clearly that those who cannot log in are not being issued an IP address so the tunnel is dropping.
I cannot understand why they're not getting an address though, when other users are
For the avoidance of doubt, I'm changing nothing except the username and password when I'm doing this, so there are no other variables and the Draytek is logging
Vigor: pppd[16900]: DHCPC: Ignoring XID ab9059ed (our xid is 125a6928)
According to Draytek the XID should be the same, but they don't know why it wouldn't be.
We're a Server 2012 environment, with 2 x DCs in failover mode (that is working as far as I can tell - I paused the services on each one in turn and tried to login - got the same error.
I'm really stuck now, any thoughts or advice welcomed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No full solution provided through EE but a user triggered something for me to look at that lead to the solution, I've updated my post in case anyone finds it in future.
I take it there's sufficient IP addresses available for all users to be on at once?