Kitz Forum
Computers & Hardware => Networking => Topic started by: g3uiss on January 24, 2020, 09:06:36 PM
-
Trying to set up a failover DHCP agent via a VPN to VPN ( Lan to LAN) using a Draytec 2925. Have added DHCP remote server IP in LAN setup and in VPN confection setup but no DHCP requests forwarded to remote sever. The remote sever is replicating DHCP scopes in a load balanced failover configuration. I suspect a missing confirmation on the Draytec that’s isn’t obvious.
Tony
-
Unless you've an IP Helper / DHCP Relay capability there the DHCP discovery broadcasts probably aren't going to cross the VPN. Unless it's a VPN specifically to extend the layer 2 domain, so encapsulating Ethernet frames not just IP packets, the discovery messages aren't going to get across.
If there's DHCP relay capability there you're good to go - the local kit will catch the broadcast and unicast it to the remote server.
-
Hi gui3ss
Please see this link for layer 2 vpn and each draytek should have option for dhcp relay I think but it’s early after a long week...
Hope that helps a little but sorry if I’m wrong
Many thanks
John
http://kb.networksystemssolutions.info/index.php/Draytek_L2TP_VPN
-
Thanks for feedback, the 2925 is supposed to provide the really option and I have configured it, but it doesn’t work. I guess it’s a Draytec problem. I was able to get it to work with a Cisco router, but that was just for test purposes. I was hoping it might have been tried and a solution found, as generally a Draytec documents are not always correct !
-
Hi gui3ss
Is the L2TP up and running
Have you set the dhcp relay on the draytek (think this is in lan menu but could be wrong sorry)
Have you used wireshark to try to see what’s been passed - you may need to do port mirror on a switch/draytek port
Are you using draytek for dhcp or a server
Many thanks
John
-
Hi gui3ss
Sorry to be sure, did you set allow multicast as well
Have you restarted the draytek
Many thanks
John
-
Is broadcast support dependent on multicast support on those things?!?!
That's very, very wrong.
-
As an addendum L2TP doesn't forward DHCP broadcasts unless it's L2TPv3 and supports pseudowire mode. Sure the Draytek can do this?
Yes, yes, it's called Layer 2 Tunneling Protocol. It doesn't actually tunnel layer 2 out of the box, which is rude, needs to form pseudowires to encapsulate Ethernet frames.
DHCP relay is going to be the way to go if it doesn't.
-
Hi carlt
Many thanks
Plenty of information on draytek dhcp over vpn on lan to lan
Many thanks
John
-
Hi gui3ss
Is the L2TP up and running
Have you set the dhcp relay on the draytek (think this is in lan menu but could be wrong sorry)
Have you used wireshark to try to see what’s been passed - you may need to do port mirror on a switch/draytek port
Are you using draytek for dhcp or a server
Many thanks
John
Yes LT2P up and running set DHCP forwarding in the VPN profile, and in the LAN IP setup. No the local DCHCP is Server 2019 as is the remote DHCP. They were in sync, using failover its just the DHCP requests that didn't go over the VPN. Yes did a reboot on everything in sight. Not familiar with "Wireshark" tho
Tony
-
DHCP relay is going to be the way to go if it doesn't.
Suggestions ?
[Moderator edited to fix a broken [quote] tag.]
-
Would Ipsec be a better option for the tunnel ?
-
Hi g3uis
Yes, you need to set L2TP over IPSec for vpn
Setup is in the link I posted earlier
Many thanks
John
-
Hi John
The penny dropped looking at the config again, it’s just IPsec not with LT2P ! Stupid never looked just assumed that’s how I set it up originally or rather I didn’t someone else did.
Tony and thanks all
-
Hi g3uis
Many thanks... happens to me a lot
Glad you spotted it and hope it goes well
If you have multi wan, if you have not, you may want to create vpn trunks for failover
Many thanks and hope you have a lovely weekend
John
-
John
Thanks, glad its not just me. Same to you, enjoy
Tony