Blaming is a tad emotive, no?  Any piece of hardware could itself fail or the firmware could have bugs.  I hope you aren't suggesting that this cannot be the case.  Oh, and the VPN guides do not exactly reflect the 2927.   Just saying.

I have been trying to get a VPN service to show a glimmer of life for a month now.  I am looking to get another client (RPi) out to the WAN side of the router to see what that does.  I'm trying to isolate the problem.

I have had various flavours of VPN services activated in the router and, whenever this changes, you will know that the router needs a reboot.  So yes, I have rebooted it - there is no option.

I get the same response message I get every time and I'm seeing nothing in the VPN Syslog when I initiate a session - from being tethered to my iPhone."VPN Connection
The VPN server did not respond. Verify the server address and try reconnecting."

So, I'm wondering if I'm actually hitting the router / vpn port  as that being wrong would explain all.  - I know this is a MacOS message but do you have any insight.

I'm now going to look at DNS entries for my Domain.   They did work in pass-through more (in the router) to target VPN Server on Synology but perhaps they are getting in the way.In order to eliminate DNS from the equation though, am I right in trying the WAN IP address from the dashboard and should I add a port number (if so, what would the default be for IPSec-XAuth?)
I't be nice to know that a new VPN session request was actually getting to the router cos the VPN syslog suggests not.
Any assist most appreciated

OK.  FreeDNS
All I have is an A record for the Domain itself and a few CNAME records to allow the subdomains to follow the domain IP address since Virginmedia is not static.

And the IP address for the Domain is the same as the WAN IP address on my router dashboard.

DNS checker shows aitscot.uk (domain) and vpn.aitscot.uk (subdomain) point to my WAN IP address so that looks to be OK.

I'll go look at getting another different device out there now.

---

Obv. I'm being stupid as can't see anything in the ribbon buttons to add an image that isn't a link so, as there is very little to set in a MacOS Sequoia VPN config, here is the detail for my current settings per UK version of the guide:

VPN Type is set to: Cisco IPSecDisplay name: VPNServer address:   This is the WAN IP Address from DashboardAccount name:   MyUserName per dial-in user profile 1.Password:  secure-passwordAuthentication Type:  Shared secret *Shared secret:  *long and complex stuffGroup name:  Not setOn the DNS tab, I have had it blank and I have had 8.8.8.8. - seems to make no differenceOn the Proxies tab I have changed nothing

Dial-in user profile 1 is enabled, and has password and Shared Secret set (Copied - cmd-C, cmd-V to the Mac VPN profile to be sure of no typos).  
   The profile also has Allowed dial-in type IP-Sec Tunnel and all of: IKEv1/IKEv2;   IKEv2 EAP,  IPsec XAuth checked.

On the face of it, this whole thing should be a doddle to setup.

Hello Cliff,
Is there a chance you can upload the pictures to a temp server (remove any sensitive details)?
That would be for the client setup and the router's config pages?
You have mentioned that DrayTek support tried to help. Is there a ticket number?

As far as I know you don't need to add a port to your VPN request.
You say that you have tried an iPhone client - have you tried the Draytek SmartVPN app on it? That works fine from my iPhone to my 2927ax.

I've just setup an IPSEC VPN to your aitscot.uk address....just using a garbage username and password and it shows as being Status: Connected (but inactive)...so...can you see anything being connected?

EDIT  ** Disconnected at 19:24 **

Hey.  I really appreciate you taking the time to do this for me.
All I see in Syslog Explorer is:

Diagnostics >> Syslog ExplorerWeb SyslogUSB Syslog    Enable Web SyslogExport  |  Refresh  |  Clear |Syslog Type: VPN   Display Mode: Always record the new event TimeMessage 2024-12-19 12:45:01 cgiWebLogin ssl_group_idx 0 2024-12-19 12:43:16 cgiWebLogin ssl_group_idx 0 2024-12-18 19:28:04 cgiWebLogin ssl_group_idx 0 2024-12-18 11:13:44 cgiWebLogin ssl_group_idx 0 2024-12-17 13:22:27 cgiWebLogin ssl_group_idx 0 These appear to correlate only with my local logins from my domestic the LAN.

How bizarre that it should appear to connect.