Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Ronski]

Hi John, had seen the client so will use that - thanks for testing.

Only wanted to use the HG612 so that I can just switch the units over quickly. That would leave the  Zyxel configured (although could just create a config backup) in case of any issues and a quick swap back.

[Chrysalis]

Ok thanks for explaining appreciated.  Hopefully you have better luck with the draytek.

[Ronski]

Well I've ordered a 2926AC, just need to wait for it to arrive.

[g3uiss]

@ronski You will need to ensure work subnet is different to home as the VPN will issue a work IP to the remove PC if on the same subnet clashes very problematic. 

The Draytec setup alows you to allocate IP’s to be given to the remote users. I would issue 2 away from the normal range.

Tony

[Ronski]

We use a different subnet at work to the usual residential one's. If I set the Draytek to issue IP's away fromt the normal range wouldn't that stop remote desktop from being accessible?

PS. I've found a spare HG612 at home, so if I can't find the one at work I'll simply use that.

[d2d4j]

Hi ronski

@g3uiss is correct but as your work is on different range to home users I would just let draytek dhcp assign

You could of course tell draytek to assign from any of the 4 lan (if you set them different but draytek default is say 192.1)8.1.1 lan 1 192.168.2.1 lan 2 etc) but to access lan 1 if assign from lan 2 for vpn, you would need to tell draytek to have access to lans

So set lan1 to match your current lan at work, let vpn assign dhcp from lan1 and to access RDP from vpn, you would use internal IP address of the computer your connecting to because your connected internally to work lan

There though many ways to setup, but above is basic and easy

Many thanks

John

[g3uiss]

@ronski sorry I wasn’t very clear. Let’s say the IP range in the work location is 192.168.2.x

Then I would perhaps set the IP,s to be 192.168.2.253/4

You then logon to the RDP using its normal machine address / IP.

The Draytec just gives your home machine an address on the work LAN so you have direct access. No port forward etc.

When the VPN is running your Home pc will have another “virtual” adapter whose IP is 192.168.2.253, just like it was plugged in at work.

I hope I’ve not been too simplistic and offended   

[Ronski]

The Draytec setup alows you to allocate IP’s to be given to the remote users. I would issue 2 away from the normal range.

I interpreted this to mean if we use the range 192.168.2.x to instead allocate 2 addresses from a different range such as 192.168.3.x, thus being away from range 192.168.2.x. I would of allocated addresses which were in the same range but not in the DHCP pool or in use elsewhere. We allocate static IP's on devices, and just restrict the DHCP range say to 192.168.2.2 to 192.168.2.100

@ronski sorry I wasn’t very clear. Let’s say the IP range in the work location is 192.168.2.x

Then I would perhaps set the IP,s to be 192.168.2.253/4

Up until just now I was thinking the above was CIDR notation which I've never really got my head around, although have just found a really useful CIDR calculator, but have now realised you literally mean 192.168.2.253 and 192.168.2.254 

I hope I’ve not been too simplistic and offended   

Not at all, thanks for the help.

[g3uiss]

Sounds fine and glad your happy with the potential setup.

Hope to hear how it goes.

Tony

[Ronski]

I will of course keep you updated.

The new router arrived yesterday, the day after ordering which was good as I opted for the 7 days free carriage, rather than next day.

Started setting it up today, doing the simple things and reading Draytek's online 'Getting Started' guide. Have updated the firmware to the latest version. I'm pleased with the feel of the device, and the amount of options is rather overwhelming, but taken one step at a time its a lot easier.

One minor snag I hit was when setting up port forwarding for our CCTV which uses port 80 is the router complains that this port is used in the management interface. But when checking there I don't have enabled, and have no intention of enableing access to the router management interface from the WAN, so should the router really be complaining about me setting up a port forward for port 80?

I realise I can change the management interface to say port 8080, which is fine for me but someone else may not realise should I not be around.

PS. Also got my eye on an AP900 access point, with the aim of having the guest wireless network available at our end of the building as well.

@Weaver -the AP900 doesn't have AC wireless but does support both 2.4GHz & 5Ghz, so some of Drayteks older kit is dual band without AC

[d2d4j]

Hi ronski

Excellent news

We normally stop port 80 and use port 443 (which we change port to a different port as some servers behind need 443), so say 8443

You maybe best advised to have at least your home network allocated to external router login as it does help when diagnosis issues. Eg if you need to confirm if your work pc is responding to internal network if you could not RDP/vpn etc...

Also, Drayteks have used a,b,g,n and some ac. The way to tell is from model code eg 2860n or 2860ac etc... also v for voip

Look forward to how you find Drayteks and last point, we use 2 cable for monitoring to hg612 for easy setup

Many thanks

John

[Chrysalis]

Do you really want to be using port 80 for your CCTV or management interface tho ronski? a common port.

[g3uiss]

I will of course keep you updated.

The new router arrived yesterday, the day after ordering which was good as I opted for the 7 days free carriage, rather than next day.

Started setting it up today, doing the simple things and reading Draytek's online 'Getting Started' guide. Have updated the firmware to the latest version. I'm pleased with the feel of the device, and the amount of options is rather overwhelming, but taken one step at a time its a lot easier.

One minor snag I hit was when setting up port forwarding for our CCTV which uses port 80 is the router complains that this port is used in the management interface. But when checking there I don't have enabled, and have no intention of enableing access to the router management interface from the WAN, so should the router really be complaining about me setting up a port forward for port 80?

I realise I can change the management interface to say port 8080, which is fine for me but someone else may not realise should I not be around.

PS. Also got my eye on an AP900 access point, with the aim of having the guest wireless network available at our end of the building as well.

@Weaver -the AP900 doesn't have AC wireless but does support both 2.4GHz & 5Ghz, so some of Drayteks older kit is dual band without AC

Glad you found it comprehensive. There are so many options, many of no use in normal configurations, but there isn’t much you can’t do with it. Like John, we change the management port to avoid conflict and to a less common port for security.

Tony

[Ronski]

Do you really want to be using port 80 for your CCTV or management interface tho ronski? a common port.

Probably not, and something I have been wondering about. There are three ports open for CCTV, I'll email the guy that installed it and see what he says when back at work on Monday. I may just shut the ports down one by one and see what happens, I'm pretty sure we all access it via an app anyway and that app does not even know our ip address. If I try and log in via our ip address I can't even enter my login details as it says I need to install some add on I've never been able to install. It's possible the port redirects were left from an older system.

[d2d4j]

Hi ronski

CCTV normally require 3 ports open

You should be able to lock the cctv to user logins only

The software the browser wants to load is normally uploaded directly from your cctv server

So closing the ports may break app viewer and be careful as it’s cctv, there are I believe insurance implications if not working and fitted.

One point I was going to mention, you can set dns domains to internal/external so say for your cctv, you could duplicate the external dns for cctv (lets call it cctv.mydomain.com) to 192.168.1.234 (lets say this is your cctv internal IP address), and when anyone connected to work network usss the app, then it is an internal connection but when off the work network, the dns would then resolve to its external IP address (lets say 222.333.444.555)

It speeds things up

Many thanks

John