I have a 2865 configured with IPsec/IKE VPN connected via a BT FTTC connection.  Just upgraded to Virgin Media fibre, I've kicked the Virgin Media supplied hub into modem mode, after a couple of reboots that appears to be working fine.  The DrayTek is getting an external IP and traffic is flowing in both directions.  At the same time I've upgraded the firmware of the 2865 to 4.4.5.3_BT, in hindsight I should have tested the VPN before I did that.  Anyway....the issue is now the VPN doesn't work.  I can see it trying to connect in the SYSLOG but it doesn't complete.  On the Smart VPN Client I just get an error "Unknown Error" which isn't very helpful.  DrayDDNS is working fine and I've successfully renewed the LetsEncrypt certificate so I am confident that everything on that side is working.

So the question is, does anyone have a similar setup, either IPsec/IKE or SSL VPN, working OK?  I am trying to decide if the new firmware is to blame or there is something funky with the Virgin media implementation.

Any feedback gratefully received.

P.S. If anyone wants to see the log just shout and I'll post it.  I have also reached out to support so we'll see what they come back with.

Hi ctluk,

I have many sites running on Virgin Media modems, some business plans and others domestic plans and even both at certain locations.

We have 2862, 2866, 2927, 2962s across these locations and all are running the latest firmware, either official or release candidates.

The 2866 is running 4.4.5.3_rc2 with a Virgin modem with an IPsec IKE LAN to LAN tunnel, in fact all sites have this protocol running. Dial-in user works with IPsec on iPhones and SSL on Windows machines.

Modem mode is the easiest to set up, but it can be done via the modem in “router” mode as well, you just need to enable DMZ and set the IP to the Vigor Router which will allow direct pass-through. You’ll get a 192.168.0.* address shown in the Vigor dashboard for the WAN IP, but if you know the public IP assigned to the Virgin Modem (what is my ip) you can dial straight through to the Vigor using that public IP.

SSL is the easiest method on a Windows machine when dialling in using the Smart VPN Client, any other method is less secure and the IPsec is a PITA to get running with the Smart client, in fact, I have tried so many times and never succeeded, so revert to SSL which I know works well.