Community home

We have a Draytek 2750 (VDSL) router which has similar issues with Sure Signal, except in our case when the SS is running my wife cannot establish VPN back to her office - which kind of messes up her day if she's working from home. The only option is to pull the LAN cable or power out of the SS.

Since we have a static WAN IP I also had L2TP VPN configured on our router (so I can connect to my home LAN from anywhere) and that stopped working once the SS was installed. PPTP VPN (which uses different IP ports, but is less secure) works fine. Out of interest when I was using L2TP VPN into the router, we had no troubles establishing L2TP VPN at the same time to my wife's office. Its definiately the SS which messed things up.

At first I suspected it was a Draytek issue but doing some quick searches revealed that others have similar issues when trying to use a second VPN, usually homeworking to a corportate office, with the SS running.

Did Vodafone even test SS with homeworker VPN I wonder? it strikes me as more than a bit of an oversight.

They could have then chosen another port for their task-specific Sure Signal's VPN, keeping it clear of homeworkers & those few of us who might want to VPN back into our own routers.

I'll try some stuff - 2nd LAN as suggestd here etc - and report back.

Cheers,

Ashley

Been playing around a bit - indeed the SS stops remote VPN (from home to work) dead in its tracks. Certainly here if you're going to use IPSEC - either L2TP or Cisco - forget the Sure Signal.

Unplug the LAN from the SS to the router, wait for the router to adjust its routing tables (and the remote VPN tunnel at Vodafone to give up, I guess) and magically outgoing VPN from my laptop works again.

What I can't understand is how the SS is different from, lets say, two people at home each VPN'ing into their respective work locations - which should, and does, work. What does the SS do differently? I'm giving up for the moment and will just unplug the SS when anyone needs to VPN from inside my LAN.

As we know routers work by keeping a routing table of what traffic goes where, its why you can browse this website (port 80) while someone else is browsing BBC news (port 80) and someone else is googling a recipie for a pasta dish (port 80)

Its why several phones, tablets, laptops & desktops can all get email at the same time even though there is only one real-world (WAN) IP address connected to the internet.

Its a v2 box if that helps. I just can't figure out how, or why, its not happy to play nicely with other (different destination) VPN tunnels. Either way, its a big FAIL.

As for VPN back to my router (admitedly not many people do this..) I'll just stick with PPTP to save headaches and remembering to disconnect the SS when I leave the house.

Regards,

Ashley

Just to say I've solved my issue at home, with the helpful suggestion of grolschuk I created a 2nd LAN subnet on my Draytek router for routing the SureSignal. After doing that, both our VPN's to our respective offices work fine without having to disocnnect the SS.

To enable a 2nd LAN subnet on a Draytek 2750 (infinity fibre/VDSL router) requires firmware v1.5.3 - not all routers are going to support this feature, though, but its times like this when you appreciate spending a litttle bit more on a decent router!

My main LAN subnet is: 192.168.45.* with a standard home LAN class C subnet of 255.255.255.0

To that I've added a 2nd subnet for routing use, which i've designated 192.168.46.* again class C.

I then set up a DHCP server on the 2nd subnet with 1x address to lease: 192.168.46.252, and then entered a static lease to the MAC (hardware) address of the SureSignal for 192.168.46.252.

The reason I chose .252 is that is what the SS was using for the main (192.168.45.*) subnet.

Note if you've set up a static DHCP lease for the SS on the main subnet remember to remove it first!

Hopefully that might help some people - its a bit technical & beyond what should be expected of an end user, I couldn't tell whether it was the Draytek not playing nicely or the SS but am very much suspecting the SS.

Just to recap this solved the problem with the SS preventing outgoing VPN from home to a remote office site, using Cisco comptatible IPSEC VPN clients.

Thanks again to grolschuk for the suggestion,

Regards,

Ashley

Great stuff!

Am glad it helped and everything is working now.

Sorry I had missed your earlier comment and updates on how it was going at the start of the month, but it doesn't seem like any extra input was needed from me

Any VDSL enabled draytek should be ready to do the VLAN setup out of the box, it is a feature that has been around on their ADSL/Cable routers for years.

The reason IPSEC VPN tunnels struggle is because it does not just use TCP or UDP packets, and most routers really don't like handling requests for that more than once... although the VPN Passthrough settings can sometimes fix that.

I have a simillar issue, i've got port forwarding set on BT homehub to the suresignal and lookng at the Cisco VPN client ports that my work laptop needs at least 2 are the same (4500 and 500)

anyone know if the BT homehub can handle running more than one network?

Hello

Just to say that I had some later issues with my "fix", namely convincing the rotuer not to just hand out DHCP on the 1st LAN to the SS - its a case of which one gets there first.

As I pointed out in the first place it shouldn't be that we have to fiddle arould with our routers to "make it work" and play nicely with other kit.

Talkling of which our Hive (remote heating cotrol) works fine - it uses HTTPS and establishes an outgoing connectiion without screwing anything else up in the process. There are plenty of other bits of kit around which also work fine and don't interfere with other services.

To be honest I'm gettig a bit sick and tired of the SS - I certainly would not recommend buying one due to the stupid technical oversight by the software developers.

Not being able to work from home OR not being able to use the SS when working from home because the idiots who designed it decided to use the same TCP/IP ports is ridiculous and shows incompetence or lazyness - or both - on the part of the developers.

All they had to do was choose a port, for their VPN service, whcih wasn't comon. They could have even regisitered their own port via the relevant registration authorities so that its listed & helps other developers avoid it in the future.

Until Vodafone update the software in the SS to stop using the same TCP/IP port as Cisco L2TP VPN its absolutely useless to people who may be working from home.

Vodafone FAIL

Since having a look at it i've had some success, 

wasnt sure about the idea of having a second network, as far as i could see the homehub doesnt support it, too lazy to go into the loft and get an old cisco router i have spare i meddled a bit with the hub settings. 

Firstly removed the original port forwarding rule i'd added for the SS box as this was taking all the traffic hitting the external interface on the router for TCP ports 500 and 4500 (which appear to be the 2 that conflict if you use cisco VPN at least) and fowarding it to the SS, i reckon that the fight for these ports was causing my issues of slowness and even the phone disconnecting when i unlocked my laptop and F9'd outlook, one of the more impressive symptoms!! also turned on port locking and rebooted everything so laptop/SS/hub had a fresh start. suresignal works happily now allongside the laptop on VPN so now i can use the phone and work connection without any issues. i'll be working at home a couple of days this next week so will see if it ok or just a fluke!

for your DHCP issue, do we know if its possible to connect to an interface on the SS box itself and configure it? maybe there you could add a static IP (i'll do a port scan and see if there's anything open on the SS that a terminal could connect to via telnet etc.)