Draytek VPN issue

One of our clients uses the Draytek vigor 2960 and the Vigor 2830, and we have been having ongoing intermittent issues with VPN where when connected it cannot find devices on the remote LAN. Restarting the routers appears to fix the issue for a day or so, but then repeats. We have the most up to date firmware and have tried SSL VPN's to see if that makes a difference, but it has not.
Martyn SpencerManaging DirectorCommented:
Have you checked the VPN logs? Have you also confirmed that when devices appear to not be visible that the VPNs are actually established? How long have they been active for when the problem shows? It may be that the VPNs are dropping. Have you set them to be always on? How long do they usually remain active for (my router maintains them constantly and without failure)?

Sorry, lots of questions but this may lead us to a solution.
jon_eccomputersAuthor Commented:
Martyn, VPN's will always connect.. have tried PPTP and SSL, SSL are better but problem still occurs.. sometimes you can ping but not have access to files on remote servers and sometimes will not ping... The firewall always sees the connection.
Once a connection and access is made then everything remains ok until you connect another time..
We have updated to latest firmware... Draytek have released a new firmware but still the same.
We have also tried with remote gateway on and off... no real improvement either way.
Initially we thought it was only the 2960 but now we are having to put users on to the backup 2830 this is also seeing the issue but not as much (this unit can be rebooted with out much impact.... the 2960 has site-2-site lans with VoIP so not always convenient to restart during the day.
The system connects by IPV4 but we are now wondering if IPV6 is an issue and next test is to disable this on the clients...
Open to any other suggestions....
Martyn SpencerManaging DirectorCommented:
I use 2860s and the connections rarely if ever give me issues and remain constant for as long as the connection is active, so hopefully there will be a way for you to achieve the same.

I will ask questions about each of your comments one at a time to keep this as simple as possible. You say that once a connection is made it is OK until you connect another time. Could you explain this, please? Are you referring to a VPN connection, or a connection between two machines across the VPN? Since the VPN should remain stable and active unless the Internet connection is interrupted (and even then it should reconnect), why would you refer to connecting "another time"?
jon_eccomputersAuthor Commented:
We also have had very good success and reliability with 2860s, its only since this client had to have a a 2960 as 30+ potential vpn connections..

Site-2-Site work fine... no problems...
Remote users:  If they connect by VPN and gain remote access then generally they will work all the time they are connected, even if the vpn drops momentarily (not proved)
If they connect by VPN and a VPN is established but don't have access to the remote LAN then they can not then connect until we restart the router... Occasionally persistent users have tried 5-6 times, left it for an hour and tried several times again they may be lucky and get access.
In general, once one user has the issue there is a trend that other users will also have the issue more frequently, but not all... some can connect ok!!  Next time round it can affect different users...
They connect to 3 servers via mapped drives and most of the time if the problem is occurring no drives can be accessed although there have been reports that some drives have worked and not others (not proved) - their SQL database is also affected
Martyn SpencerManaging DirectorCommented:
OK. From what you are saying, we are talking about remote users rather than a LAN to LAN VPN? I tend not to use Drayteks this way, but I will see if I can guide you through the same trouble shooting that I would, if that's OK?

Assuming that this is remote users rather than LAN to LAN, what client OSes are connecting? Are they all Windows, or are some Windows and some Linux? Are you using a VPN client at all, or just the client built into the OS (Windows)? If using Linux, is that stable or problematic too?

When the client drops the connection, do you see a corresponding drop on the router, or does it appear to remain active?
Soulja53 6F 75 6C 6A 61 Commented:
I'd leave Site to Site VPN on the drayteks and move the SSL off to another appliance or internal Server/vm. OpenVPN is a good option.
jon_eccomputersAuthor Commented:
Thanks... to reconfirm clients do not drop. Problem occurs when they connect on a windows laptop via windows client...

Soulja... initially a second device, Draytek 2830 worked ok but has started to have same issue but less often
Martyn SpencerManaging DirectorCommented:
So, to confirm, a Windows client connects, all works. Then after a period of time it stops working. The Windows client shows it is still connected. Does the Draytek also confirm it as connected? What happens if you terminate the connection on the Draytek? The Windows client should also terminate. Does redialling then work or do you have to reboot the router?

Out of interest, have you tried the Draytek VPN client? It used to be a little flakey, but it was improved.
jon_eccomputersAuthor Commented:
We are having a greater success in setting ipv4 as preferred over ipv6 and disabling ipv6 on all VPN users NIC/WIFI....  We have left ipv6 active on servers

