dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8784
share rss forum feed


blue_gsi

@2.28.175.x

Routing ALL internet Traffic through VPN (DRAYTEK)

Hi.

I am looking for some help with the following Scenario..

We have a villa in Spain which we regularly visit. We take our Sky box with us a lot but cannot access the On Demand Services as Sky's systems detect that we are on a Spanish assigned public IP address.

We are playing with it in the UK at the moment and we have managed to get a VPN running, as much as I could ping the router the other end (on a different network, 192.168.1.X *the UK Router* where as I was on 10.0.0.X*Spanish Router*), and also some devices on that network too. This scenario didn't result with the Public IP on the Spanish Router being the same as the UK Router, it was the one issued by Sky, or the Spanish IP).

We have also managed to set it up through Windows 8's own VPN software, and although that then showed my Public IP *Spanish Router* as being the same as the remote network *UK Router*, this wont help for the Sky box as Sky don't install a VPN feature on their boxes.

So, we have 2 X Draytek Vigor 2820 routers running. As previously mentioned, we had a Router to Router based VPN running as even the VPN lights both illuminated when connected and also the Connection Status page showed it, but the Public IP*Spanish Router* was still the local one *UK Router*.

So, what I would really like some help with (please) is what I need to do to route ALL internet traffic from the remote router*UK Router*, to my local one *Spanish Router*. Once we work this out, my router will be going to Spain and then tested.

Thank you to anyone who takes the time to read this and especially the ones that have some input and if you need any clarification on anything, just let me know.


eibgrad

join:2010-03-15
If the router-to-router VPN is active, the only way the public IP could remain the same is if clients on the VPN client side are not being forced over the tunnel. It’s not enough to establish the tunnel. That just makes the other network “available”, so you can access its resources. If you want that tunnel to also be the new default gateway, then you either have to update/reconfigure the VPN client on the router to make it the new default gateway (it’s usually a GUI option), or update the routing tables on individual clients (which may not always be possible or practical) to use that new default gateway.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to blue_gsi
Second eibgrad See Profile. This is not a VPN question / config but rather a routing question.

I don't own one myself, but dollars to donuts Draytek doesn't have much in terms of routing configuration options.
If it doesn't the only other option I can think of is to leave the Sky Box in the UK, and VPN in from Spain to
access the sky box that way.

My 00000010bits

Regards

broccoli

join:2007-11-29
Portland, OR
reply to blue_gsi
Click for full size
On the LAN-to-LAN VPN setup page of the 'local' router, make sure the Change default route to this VPN tunnel checkbox is checked. If this checkbox is disabled, go to WAN, General Setup and disable all but the one WAN port you are using.


blue_gsi

@skybroadband.com
MANY thanks for all your replies.

broccoli hit the nail on the head, ticking that box works, so the remote PC's now show the local PC's public IP.

Unfortunately, we seem to have a massive speed issue... so much so, if I go to whatsmyip.org the page wont load, I have to load the page with the tunnel off, then refresh the page and it will show the IP. speedtest.net just plainly fails...

Should we be using a IPSec tunnel rather than the PPTP Tunnel?

Again, thanks for ANY input, it is greatly appreciated.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to blue_gsi
From a security perspective, you couldn't pay me enough to go back to a PPTP tunnel.
For testing purposes, you could try it and see what your performance is.

I also recommend throughput testing -- iperf or xjperf is my personal favorite -- with
as few variables as possible to see if the hardware is limited in some way.

How fast are your links in the UK and in Spain?

Regards

HarryH3
Premium
join:2005-02-21
kudos:3
Reviews:
·Suddenlink
reply to blue_gsi
Keep in mind that when you use a VPN connection, the UPLOAD speed of the remote site now becomes the maximum DOWNLOAD speed of the local PC.

For example, I have 15 Mbps down and 1.5 Mbps up on my home ISP connection. When I VPN back to my house from a remote location and then tunnel over the VPN, my home router has to download all the data that my PC requests and THEN uploads the data to my PC at the remote location. That upload part of the circuit limits me to 1.5 Mbps max over the VPN.


blue_gsi

@skybroadband.com
Would this speed issue also cause time out errors?

What sort of speed do we think is required....?

Could someone help me with what settings I need to implement to make an IPSec tunnel? HELLFIRE... as you mentioned you couldn't be paid enough to go back to a PPTP tunnel, would you be so kind?

Thanks again, all and any input is appreciated...


broccoli

join:2007-11-29
Portland, OR
reply to blue_gsi
Changing the protocol is unlikely to result in any speed increase. You will likely get a slower connection with IPsec, depending on the encryption protocol used.

DrayTek's website has all the information you need to configure your router.

VPN - LAN-to-LAN VPN - Vigor to Vigor

Vigor Router to Vigor Router - IPSec Tunnel (Main mode)

Vigor Router to Vigor Router - IPSec Tunnel ( Aggressive mode )

Good luck.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to blue_gsi
said by blue_gsi :

Would this speed issue also cause time out errors?

Could be it. Could be something completely unrelated.... that, unfortunately is the nature of troubleshooting.

said by blue_gsi :

What sort of speed do we think is required....?

"Depends what you want to shove across the link." You mentioned skybox... so are we talking streamed videos?
Actual AVI / WMV / MKV files? SMB / CIFS?

Love to help ya blue_gsi but as I stated, I don't have / own a draytek to help you out. I would
try the links broccoli See Profile has supplied, and go from there.

Regards