DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2820n 3.3.4 and VPN Issues (UDP)
- gmegson
- Topic Author
- Offline
- Junior Member
-
27 Jul 2010 12:09 #63010
by gmegson
2820n 3.3.4 and VPN Issues (UDP) was created by gmegson
Hi, upgraded my 2820n to v3.3.4 all going well apart from the company VPN session. These sessions use UDP encapsulate over port 501.
I could establish the session and then Outlook kept failing to download larger emails. The VPN would heartbeats would timeout and drop the VPN session regularly.:shock:
Solution -
1. In the firewall settings (DoS defence Setup) - increase the UDP flood defence to 650 (in my case) and 10 seconds (default)
2. Disable 'enable Strict Security Firewall' under Firewall>>general
I could establish the session and then Outlook kept failing to download larger emails. The VPN would heartbeats would timeout and drop the VPN session regularly.
Solution -
1. In the firewall settings (DoS defence Setup) - increase the UDP flood defence to 650 (in my case) and 10 seconds (default)
2. Disable 'enable Strict Security Firewall' under Firewall>>general
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
-
27 Jul 2010 12:24 #63011
by voodle
Replied by voodle on topic 2820n 3.3.4 and VPN Issues (UDP)
It should just be that first setting that made the difference, strict security firewall apparently just blocks internet access if the web content filter server can't be contacted.
That UDP flood detection isn't a bug so much as a default setting that causes problems
That UDP flood detection isn't a bug so much as a default setting that causes problems
Please Log in or Create an account to join the conversation.
- gmegson
- Topic Author
- Offline
- Junior Member
-
- gmegson
- Topic Author
- Offline
- Junior Member
-
- liam_03_99
- Offline
- New Member
-
- gmegson
- Topic Author
- Offline
- Junior Member
-
04 May 2011 23:49 #67588
by gmegson
Replied by gmegson on topic Re: 2820n 3.3.4 and VPN Issues (UDP)
While finally found a way over my problems with my ipsec vpn client
I have now upgraded to 3.3.5.2_232201 the official UK release from Draytek after being on the RC6 beta code for 3.3.5.2 for over two weeks. The fix for me was to move my vpn client from UDP encapsulate to standard ipsec UDP port 500.
On my 2820n modify the following...
1. Firewall / DoS defense - enble all except for 'block UnkownProtocol'
2. Firewall / General - uncheck 'Enable Strict Security Firewall'
3. Telnet to the 2820n and issue 'srv nat ipsecpass on'
:arrow: Possibly...
4. Disable the ipsec options in the "vpn and remote access" settings.
On number 4 - I had this disabled in the RC6 code but have just realised that most of today the option has been enabled in the 3.3.5.2 full uk release and it has not impacted my vpn stability at all - so possibly a red herring on that one......:o
I hope this can help others
I have now upgraded to 3.3.5.2_232201 the official UK release from Draytek after being on the RC6 beta code for 3.3.5.2 for over two weeks. The fix for me was to move my vpn client from UDP encapsulate to standard ipsec UDP port 500.
On my 2820n modify the following...
1. Firewall / DoS defense - enble all except for 'block UnkownProtocol'
2. Firewall / General - uncheck 'Enable Strict Security Firewall'
3. Telnet to the 2820n and issue 'srv nat ipsecpass on'
4. Disable the ipsec options in the "vpn and remote access" settings.
On number 4 - I had this disabled in the RC6 code but have just realised that most of today the option has been enabled in the 3.3.5.2 full uk release and it has not impacted my vpn stability at all - so possibly a red herring on that one......
I hope this can help others
Please Log in or Create an account to join the conversation.
Moderators: Sami