Draytek 2820 DHCP questions
I have two issues that I can't seem to find a solution for.
1. I have a LAN with a DHCP server running on a Windows Server. I created a PPTP server on the Draytek so employees can VPN into the LAN. The problem is that there does not appear to be a way to enable the DHCP server on the DrayTek ONLY for VPN clients, and the DHCP relay option does not work for VPN connections. So in order for DHCP to work properly with VPN clients, it appears I'd also have to use the DrayTek for DHCP for the LAN as well as VPN. Which takes me to
2. We have a remote office as well. I placed another DrayTek there and built a PPTP tunnel between the two points. I *AM* using DHCP on the DrayTek at that remote location as there are no servers of any sort. The problem is we have a Fonality phone system and the endpoint are configured using DHCP Option 66. The DrayTek does not appear to support option 66.
So I'm in a jam. I could set up a DHCP server in the remote office, but that's $$, but it's an option. Perhaps DHCP over VPN is an option, I've never tried that, so not sure how that will work. Maybe it will work fine with the DHCP Relay option in this case, or maybe it won't work over the VPN at all. In problem #1 above, I can't move the LAN DHCP server to the DrayTek because then I lose Option 66 for the phones in the main office.
It seems I've sort of screwed myself by going with Draytek. I'd heard so much good about them and Sonicwall was beyond the price point of my customer. Short of returning these things, does anyone have some suggestions? The big issue with #1 is that the VPN clients were not being assigned DNS servers that I wanted. It was grabbing the DNS servers set for the WAN. I needed the first DNS server assigned to the client to be the LAN DNS, so I changed the WAN primary DNS to an internal DNS server. This slows down name resolution but it's working as a bandaid for now. The VPN clients are now getting an internal primary DNS server assigned.
Much thanks for any input or ideas.
Sounds like you want the remote office to be integral to your main LAN. In that case, you would normally configure the DHCP server with a second sub-net to be used at the remote site with the various settings your want (option 66 etc).
Then, configure the remote Draytek to relay the DHCP request to the main DHCP server. This does rely on the VPN already being up and running properly. Do that first if it is not already done.
The packet will arrive with the remote Draytek as the source IP which indicates this is a relayed request. The DHCP server makes and assignment and sends it back to the remote Draytek (normally when it is a local LAN, it is broadcast to the MAC address but not here).
The Draytek should pass it on to the original requester (via a local broadcast reply) and it should then work.
I've multiple sites and locations using DHCP back to a central server (some are Windows DHCP servers and some are Linux DHCP servers so I know both these support it).
Way easier with someone knowledgeable enough on networks at each end as you WILL need to mess about to get it working. Also invest in a small linux laptop with tcpdump to allow packet inspection. [You can do it in Windows but it is a bit trickier.]
e.g., if your draytek is IP 192.168.9.1, your DHCP subnet should be 192.168.9.0/24 with leases starting at say 192.168.9.33 (i.e. 33 > Draytek IP of 1 so there are no collisions). When a packet comes from 192.168.9.1 it is known this refers to subnet 192.168.9.0/24 and that is where the assignment will come from. It gets sent back to 192.168.9.1 (the draytek) which broadcasts it locally to the requesting client.