Close

Results 1 to 17 of 17
  1. #1
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Personal VPN for Office - Not for IP Hiding etc.

    I've been asked to setup a personal VPN for a client that is simple (idiot proof).

    He wants to be able to remote on to his PC at the work place from his laptop at home and also be one the same network over the internet. I thought of using the standard Windows VPN, but I don't think that will be straight forward enough. A seperate - click this program that does it for you rather connecting to a VPN separately would be easier.
    His Desktop at work is usually switched off when he as at home (Remote Desktop is useless), but has a Server with profiles setup and can login onto any system as long as on the network (Active Directory/Domain/Roaming Profiles etc).

    Connecting to he VPN using his Username & Password from home and automatically logging him in to the User Account would be the preferred action (less steps & less agro to explain).

    Hardware wise, he has a Cisco Router that would use QuickVPN (it's shit and not really supported by Windows 10 any longer).
    He also has a Draytek Router (2760), but I've never dealt with the firmware setup for VPN - easy and simple for a wally to use/connect to?

    I can setup a Virtual Machine on his ESXI Server that could deal with it, but with VPN software, I'm a little green.... whats the preferred? FreeLan any good?
    Suggestions would be appreciated.


  2. #2
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,943
    Thanks
    3,559
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    VPN is pretty easy once you've done a few.

    I remember doing a few methods, using app, using windows normal features, I'm sure I even made a DOS script as well for some particular reason.

    Been a while, but I'm sure once you make a standard windows VPN you can put shortcut on desktop.

    Something that might become important to how you do things is whether he has a static or dynamic IP address for his office internet. IPSEC was my preferred method but you would want a static IP to set that up.

    Another question that's worth asking is his expected usage/throughput. If your client will be expecting high speeds maybe best to make a server/get something else but for low to moderate usage, the 2760 hopefully should do the trick (although off the top of my head I'm not even 100% sure if 27xx has VPN as I only really messed with 28xx/29xx.

  3. #3
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,622
    Thanks
    1,004
    Thanked:        2,996
    Karma Level
    1502

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    I swapped a 2760 over for a 2860 last week or else I would connect and take a look for you!

    With regards to the 2860, it's easy. Enter the web configure, remote/dial in section, add a remote dial in user. You may need to follow a Draytek guide, I used to use PPTP but this isn't too secure, recently I've been using L2TP over IPSEC. Draytek have a free utility (Smart VPN Client) and this makes the connection. I have successfully used IP and DynDNS to make these VPN connections. I can't remember if the 2760 has this feature or not.

    Looks like it may be possible:
    [Only registered and activated users can see links. ]

    Also see what FW it's using, the 2760 came in two FW flavours. The v1 series of FW was terrible, it may have improved but if you are on that it is possible to upgrade to the normal FW that most Draytek's use. If you want a hand with this I may have the info here still or by now it may be available on the web.

    Is RDP useless because his machine is off at work? If so then I'd consider setting up WOL as a VPN should be lower performance than RDP as data is transmitted across the VPN whereas with RDP it stays on the LAN. Depends what sort of work he will be doing and the speed of the connection at each end.


  4. #4
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    I'm having right problems setting this up! Can you offer assistance evilsatan?

    I have remote access to the Router now and have access the VPN section, filled in all the details, but doesn't want to play ball.
    Trying to connect using Windows VPN, but get turfed off. Will give the Smart VPN Client a try

    Edit.
    No go!
    I knew I'd have problems with this... Even though a static IP is in place!!

    Has a Cisco router beyond the Draytek one on a different subnet range. But just trying to Tunnel to the Draytek for now (there are also 2VLANs) but fails miserably.

    Can PM details to anyone willing to login and take a look at where I've gone wrong.

    Cisco router also does VPN, used to work, but since changing Brandband provider and them supplying the Draytek, it's not worked since.
    Last edited by DejaVu; 29th June 2017 at 05:39 PM.


  5. #5
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,622
    Thanks
    1,004
    Thanked:        2,996
    Karma Level
    1502

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    Is the Draytek what makes the WAN connection then passes that to the Cisco? If it stopped working when the Draytek was installed then wouldnt it be a case of forwarding the relevant VPN ports to the Cisco and use the system you had before?

    Im happy to connect for you and take a look, as I say I'm not certain the 2760 has this facility but will soon find out. Did you see which version FW it has on it?


  6. #6
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    I tried to pass it through to the Cisco, but didn't work. Kept timing out. I'll PM details to login if you don't mind taking a look at it. FW is v3 something.

    Sent from my SM-G935F using Tapatalk


  7. #7
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,943
    Thanks
    3,559
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    So you have Draytek connected to WAN, and VPN ports are forwarded to the Cisco, but this doesn't work?

    If so, you probably need to disable all VPN features on the Draytek to get VPN on Cisco working again.

    To sum up the issue I think you are describing, the Draytek should forward all traffic on specified ports to the Cisco to let the Cisco handle VPN connections.

    However the Draytek knows it's a VPN server and when it sees VPN traffic coming in, it assumes it should be handling this VPN traffic, so the traffic never gets forwarded to the Cisco as the Draytek thinks that the responsibility for VPN is still with Draytek.

    So once you turn off VPN features in the Draytek, then you should find the VPN port forwards suddenly start working perfectly as the traffic isn't being intercepted before being forwarded.

  8. #8
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    The VPN on the Cisco was flakey at best so looking to just use the Draytek.

    VPN ports were forwarded to Cisco, but didn't work due to the Cisco client being so shit. Tried using Windows Client and that didn't work either... Windows Client didn't work even when the Cisco QuickVPN did.

    Ports no longer forwarded and just trying to assign an IP to a remote client connecting the Draytek router now. Simply needs a 192.168.1.* address.

    My home network is 172.16.0.* so figure it should work.

    Cisco should be ignored at present because I'm looking to dispose of it soon. It's quite old now and QuickVPN hasn't been updated from Windows 7.

    Sent from my SM-G935F using Tapatalk


  9. #9
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    So, I finally got somewhere. I'm connected to the Draytek Router VPN via PPTP. Now I'm even more confused.

    The LAN Table I'm trying to access is organised by the Cisco router. The IP I'm trying to reach/remote to is 192.168.1.11.
    The IP Address auto assigned is 172.16.10.200. So the Draytek is acting as the WAN and Cisco as a LAN... sound about right?

    From being connected to the WAN, am I right in saying there is no way to connect to internal IP Address through the Cisco Router from this connection and the Cisco Router needs to go completely?


  10. #10
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,943
    Thanks
    3,559
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    Sorry maybe just because I'm tired but I don't quite follow. Any chance of a little network diagram? (even a quick and crude one would help).

  11. #11
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    You wanted Crude... lol!

    [Only registered and activated users can see links. ]

    It is a bit more complicated as the Vigor has 2 VLANS's too. One off to the Cisco and another that leads off to another network elsewhere in the building.
    Last edited by DejaVu; 30th June 2017 at 12:04 AM.


  12. #12
    DF Super Moderator Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    12,943
    Thanks
    3,559
    Thanked:        1,575
    Karma Level
    1251

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    So from it sounds like to me, only reason Cisco is still there is because it always was there?

    If it is not serving any function, maybe best to ditch the Cisco.

    Ignoring the other VLAN going to another network somewhere in the building, on the LAN side of the Vigor is there anything else apart from the Cisco?

    If not, then just ditch the Cisco and change the LAN settings in the Vigor as appropriate.

    If there are other devices apart from the Cisco, then you may need to setup a 3rd LAN on the Vigor (providing that model supports 3 LANs).

    Thanks to Over Carl

    DejaVu (30th June 2017) 


  13. #13
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    19,622
    Thanks
    1,004
    Thanked:        2,996
    Karma Level
    1502

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    I was about to post the same as OC, sounds like the Cisco is now redundant. I'd go through it and note down all the subnets and other settings then program the Draytek accordingly. Is everything DHCP/static on client or is there any MAC binding on the Cisco? If the switch is anything above unmanaged then check the config is valid with the Draytek but by cloning the LAN settings from the Cisco you should be good to go.

    Let me know if you still needed any help, I had to get some rest last night when you PM'd as I started at 5 today. You should be able to dictate which LAN the VPN user connects to so you would select the LAN assigned to the appropriate VLAN then the dial in user should essentially be connected straight to the switch (once the Cisco goes).

    Thanks to evilsatan

    DejaVu (30th June 2017) 


  14. #14
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    Thanks lads - Will decommission the Cisco and just go with the Draytek. Up there Sunday so will get it done. Hopefully all will be good in the world after that.


  15. #15
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    Been unable to get to the office lately with work getting in the way.

    Since, the VM Server in place has now gone down. I can remote onto the Draytek Router and also the Cisco Router, but I now need to remote on urgently to ESXI to restart this bloody VM Server!

    I used to have direct access via the app to do so, I'm now going to have to forward ports twice, just to try to get this program here to connect to the ESXI Server... ! Fun.

    I've got to map a port map through both routers to a subnet only accessible internally to try to connect to it....

    Any pointers?


  16. #16
    DF PiMP Copex's Avatar
    Join Date
    Nov 2000
    Location
    the net
    Posts
    392
    Thanks
    29
    Thanked:        42
    Karma Level
    246

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    VPN to the Draytek then port forwarded the the cisco to the esxi then ssh to Esxi via the wan port on the cisco via the vpn or if the cisco has the port forwading in for the app try the app on 172.16.10.x

    your home network can not be on any of the remote subnets.... :-) you issue is probably down to double NAT, as others have suggested bin the cisco i would also bin the draytek 2760 and replace it with a draytek 2860 ( it has better vpn support )
    Last edited by Copex; 11th July 2017 at 09:38 PM.

  17. #17
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    8,932
    Thanks
    1,747
    Thanked:        3,874
    Karma Level
    934

    Default Re: Personal VPN for Office - Not for IP Hiding etc.

    I've got SSL VPN access finally. I've had to come into the office this evening (there now) and am now in the process of removing the Cisco Router.

    Far from easy to persuade to upgrade the Vigor as he has only just got it. I'm hoping I can sort it now I'm here. Fingers crossed.

    Sent from my SM-G935F using Tapatalk


Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •