hello,

i have created a remote dialin vpn connection on the draytek and use osx on my macbook to connect to the draytek. i get an ip address and i can do everything i want, because i get an ip address in the dmz range (router lan range) and from there i can connect to other subnets on my internal lang using a bsd router on my internal network. all as expected.

there is only one problem.... the vpn connection drops after one hour. when i look at the ppp logfile on my mac i see that the vpn client gets an lifetime of 3600 seconds from the draytek. but i want it to be always on. i cannot configure it in the draytek, so please can anyone help. draytek support in the netherlands is not very helpful....

thanks in advance.

---

hmmm i did some research..... when connecting via pptp instead of ipsec/l2tp i gen an infinite lifetime.... perfect.
although it would be nice if l2tp did the same, but pptp is second best...

I have 2 answers.

The first is that we also use 2820s, and for 80% of them, we also get hourly disconnects, and it is driving us mad trying to fix it - if anyone has an answer, I'd love to hear it.

The second answer is to have a look under your VPN setup (for me it is one of the connections under VPN & Remote Access, Lan to Lan). Under there, in the section IPSec Security method, there is an Advanced button. There are 2 boxes for IKE key lifetimes (this is the length of time the encryption key lasts before it is changed and the VPN dropped and re-established). If you can find a box like that, you could make it 1 day (86400).

Personally, I think it is a bug with the 2820 firmware - I think it ignores this and just restarts the VPN every hour. But if anyone has an idea how to stop it, that would be just wonderful.

bb193 wrote: I have 2 answers.

The first is that we also use 2820s, and for 80% of them, we also get hourly disconnects, and it is driving us mad trying to fix it - if anyone has an answer, I'd love to hear it.

The second answer is to have a look under your VPN setup (for me it is one of the connections under VPN & Remote Access, Lan to Lan). Under there, in the section IPSec Security method, there is an Advanced button. There are 2 boxes for IKE key lifetimes (this is the length of time the encryption key lasts before it is changed and the VPN dropped and re-established). If you can find a box like that, you could make it 1 day (86400).

Personally, I think it is a bug with the 2820 firmware - I think it ignores this and just restarts the VPN every hour. But if anyone has an idea how to stop it, that would be just wonderful.

as i have edited in my post: l2tp ppp connections suffer from 1 hour disconnect which cannot be altered. ppp connections via pptp doesn't suffer from the one hour disconnects.

if you want to use l2tp, then use lan-2-lan

I'm seeing this too, but my VPN is a client connection from an NCP client through the 2820 to a Cisco IPSec connectio back at base - the VPN connects and runs perfectly but disconnects after exactly one hour. I then need to reset the router before I can remake the connection.

I can't try bb193's suggestion as the VPN connection is not controlled by the router, so I would concur with HJR that this looks like a bug.

How do we get this raised with Draytek?

Scott