Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[g3uiss]

Trying to set up a failover DHCP agent  via a VPN to VPN ( Lan to LAN) using a Draytec 2925. Have added DHCP remote server IP  in LAN setup and in VPN confection setup but no DHCP requests forwarded to remote sever. The remote sever is replicating DHCP scopes in a load balanced failover configuration. I suspect a missing confirmation on the Draytec that’s isn’t obvious.

Tony

[niemand]

Unless you've an IP Helper / DHCP Relay capability there the DHCP discovery broadcasts probably aren't going to cross the VPN. Unless it's a VPN specifically to extend the layer 2 domain, so encapsulating Ethernet frames not just IP packets, the discovery messages aren't going to get across.

If there's DHCP relay capability there you're good to go - the local kit will catch the broadcast and unicast it to the remote server.

[d2d4j]

Hi gui3ss

Please see this link for layer 2 vpn and each draytek should have option for dhcp relay I think but it’s early after a long week...

Hope that helps a little but sorry if I’m wrong

Many thanks

John

http://kb.networksystemssolutions.info/index.php/Draytek_L2TP_VPN

[g3uiss]

Thanks for feedback, the 2925 is supposed to provide the really option and I have configured it, but it doesn’t work. I guess it’s a Draytec problem. I was able to get it to work with a Cisco router, but that was just for test purposes. I was hoping it might have been tried and a solution found, as generally a Draytec documents are not always correct !

[d2d4j]

Hi gui3ss

Is the L2TP up and running

Have you set the dhcp relay on the draytek (think this is in lan menu but could be wrong sorry)

Have you used wireshark to try to see what’s been passed - you may need to do port mirror on a switch/draytek port

Are you using draytek for dhcp or a server

Many thanks

John

[d2d4j]

Hi gui3ss

Sorry to be sure, did you set allow multicast as well

Have you restarted the draytek

Many thanks

John

[niemand]

Is broadcast support dependent on multicast support on those things?!?!

That's very, very wrong.

[niemand]

As an addendum L2TP doesn't forward DHCP broadcasts unless it's L2TPv3 and supports pseudowire mode. Sure the Draytek can do this?

Yes, yes, it's called Layer 2 Tunneling Protocol. It doesn't actually tunnel layer 2 out of the box, which is rude, needs to form pseudowires to encapsulate Ethernet frames.

DHCP relay is going to be the way to go if it doesn't.

[d2d4j]

Hi carlt

Many thanks

Plenty of information on draytek dhcp over vpn on lan to lan

Many thanks

John

[g3uiss]

Hi gui3ss

Is the L2TP up and running

Have you set the dhcp relay on the draytek (think this is in lan menu but could be wrong sorry)

Have you used wireshark to try to see what’s been passed - you may need to do port mirror on a switch/draytek port

Are you using draytek for dhcp or a server

Many thanks

John

Yes LT2P up and running set DHCP forwarding in the VPN profile, and in the LAN IP setup. No the local DCHCP is Server 2019 as is the remote DHCP. They were in sync, using failover its just the DHCP requests that didn't go over the VPN. Yes did a reboot on everything in sight. Not familiar with "Wireshark" tho 

Tony

[g3uiss]

DHCP relay is going to be the way to go if it doesn't.

Suggestions ?

[Moderator edited to fix a broken [quote] tag.]

[g3uiss]

Would Ipsec be a better option for the tunnel ?

[d2d4j]

Hi g3uis

Yes, you need to set L2TP over IPSec for vpn

Setup is in the link I posted earlier

Many thanks

John

[g3uiss]

Hi John

The penny dropped looking at the config again, it’s just IPsec not with LT2P ! Stupid never looked just assumed that’s how I set it up originally or rather I didn’t someone else did.

Tony and thanks all

[d2d4j]

Hi g3uis

Many thanks... happens to me a lot

Glad you spotted it and hope it goes well

If you have multi wan, if you have not, you may want to create vpn trunks for failover

Many thanks and hope you have a lovely weekend

John