DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Limit VPN to one way only
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 208
- Thank you received: 16
19 Mar 2024 21:15 #103234
by HodgesanDY
Replied by HodgesanDY on topic Re: Limit VPN to one way only
No, you don’t need to go the ‘Remote Dial-in User’ route, it’s just easier to setup, but not better in the long run.
Also, will the remote site be using a Vigor router too, for the LAN-to-LAN?
Also, will the remote site be using a Vigor router too, for the LAN-to-LAN?
Please Log in or Create an account to join the conversation.
- lesd
- Topic Author
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
20 Mar 2024 04:58 #103235
by lesd
Les
Replied by lesd on topic Re: Limit VPN to one way only
I don't yet know which model but it is a Draytek router.
Les
Please Log in or Create an account to join the conversation.
- lesd
- Topic Author
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 208
- Thank you received: 16
20 Mar 2024 08:56 #103237
by HodgesanDY
Replied by HodgesanDY on topic Re: Limit VPN to one way only
Ok great.
So I guess you can prep your end now, ready for the LAN-to-LAN connection whenever they’re ready to try and connect.
You can do this without worrying too much about VLANs right now but, you will need to enable the VLAN feature as Draytek routers don’t allow multiple LANs without at least one VLAN assignment anymore; they used to, but they disabled that ability for some reason.
So enable VLAN, and tick every box across the entire top row (VLAN0), this will be your ‘Native LAN’, basically, it’s the one that devices will be placed into, if no other VLAN configuration is in place for them to be assigned to.
With all that done. You can now create a new, additional LAN, in the ‘LAN >> General setup’ page. Give it a different subnet, meaning, one that is different from any existing subnets. So if you have a generic 192.168.1.1/24 network, make the new one 192.168.2.1/24 for example; the gateway setting would be 192.168.2.1 in this scenario. This new LAN will need assigning to, at least, one port(s) or SSID(s) in the VLAN page for it to be useable ‘Enabled’; this is what didn’t need to happen before Draytek changed the code (via a firmware update) some years ago.
The VLAN tick-box you choose for this new LAN should be different from the native LAN/VLAN, so let’s say VLAN2 - just to make life easier you should match the VLAN number with the LAN number, trust me, it’s a pain when they’re all one digit off from their LAN number, so just leave VLAN1 unused and use VLAN2. Also, you don’t need to choose an active port or SSID, in fact, for this purpose, it’s probably better if the port or SSID isn’t used, as all we really want is the ability to enable the new LAN (LAN2).
With all that done, you should now have two LAN subnets which, you can assign one of, to the LAN-to-LAN profile you’ll need to build for their connection.
So I guess you can prep your end now, ready for the LAN-to-LAN connection whenever they’re
You can do this without worrying too much about VLANs right now but, you will need to enable the VLAN feature as Draytek routers don’t allow multiple LANs without at least one VLAN assignment anymore; they used to, but they disabled that ability for some reason.
So enable VLAN, and tick every box across the entire top row (VLAN0), this will be your ‘Native LAN’, basically, it’s the one that devices will be placed into, if no other VLAN configuration is in place for them to be assigned to.
With all that done. You can now create a new, additional LAN, in the ‘LAN >> General setup’ page. Give it a different subnet, meaning, one that is different from any existing subnets. So if you have a generic 192.168.1.1/24 network, make the new one 192.168.2.1/24 for example; the gateway setting would be 192.168.2.1 in this scenario. This new LAN will need assigning to, at least, one port(s) or SSID(s) in the VLAN page for it to be useable ‘Enabled’; this is what didn’t need to happen before Draytek changed the code (via a firmware update) some years ago.
The VLAN tick-box you choose for this new LAN should be different from the native LAN/VLAN, so let’s say VLAN2 - just to make life easier you should match the VLAN number with the LAN number, trust me, it’s a pain when they’re all one digit off from their LAN number, so just leave VLAN1 unused and use VLAN2. Also, you don’t need to choose an active port or SSID, in fact, for this purpose, it’s probably better if the port or SSID isn’t used, as all we really want is the ability to enable the new LAN (LAN2).
With all that done, you should now have two LAN subnets which, you can assign one of, to the LAN-to-LAN profile you’ll need to build for their connection.
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 208
- Thank you received: 16
20 Mar 2024 10:41 #103238
by HodgesanDY
Replied by HodgesanDY on topic Re: Limit VPN to one way only
Once this is all setup, remind me to go over a few of the questions you asked earlier, as they’ll make more sense once it is up and running, or at least, when it’s ready to be connected to at your end.
Apologies if I’m teaching-you-to-suck-eggs at any stage in this process, just considering someone else stumbling across this thread at a later date.
Apologies if I’m teaching-you-to-suck-eggs at any stage in this process, just considering someone else stumbling across this thread at a later date.
Please Log in or Create an account to join the conversation.
- lesd
- Topic Author
- Offline
- Member
Less
More
- Posts: 130
- Thank you received: 0
20 Mar 2024 10:53 #103239
by lesd
Les
Replied by lesd on topic Re: Limit VPN to one way only
The more detail the better! I have never used VPNs till a few weeks ago when I managed to set up a lan to lan between two of our sites. So its all new.
In fact, if you are glutton for punishment you might want to look at a thread I started which ended with an open question: why was the remote end which was forwarding port 25 connections arriving with the source IP of the remote router rather than the device that was connecting?
Maybe you have an answer.
https://forum.draytek.co.uk/viewtopic.php?t=25169
PS: I've made the changes you suggested but can't re-boot the router at the moment as all our phone calls go that way.
In fact, if you are glutton for punishment you might want to look at a thread I started which ended with an open question: why was the remote end which was forwarding port 25 connections arriving with the source IP of the remote router rather than the device that was connecting?
Maybe you have an answer.
PS: I've made the changes you suggested but can't re-boot the router at the moment as all our phone calls go that way.
Les
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek