VPNs with Multiple Draytek
Vigor Routers
Typically a
network has a single router to handle its eMail,
Internet and VPN work. You can add additional routers to improve performance or
increase the number of remote users, but as the Terminal Server will have a
single “Default Gateway” for the Internet, the additional router may not
function correctly until you set-up static routes on it pointing to the extra
router/s.
The first
step is to decide on the IP addresses to be used by each VPN router for the
remote users. Under “VPN and Remote Access” there’s a sub-section for “PPP
General Setup” where by default these start at 200, as shown below (i.e. the
first VPN would be allocated IP 192.168.16.200, the second 192.168.16.201,
etc). As the Vigor 2600 model can handle 20 VPNs and the 2800 can do 32, you should allocate addresses
accordingly (e.g. with two Vigor 2600 routers you
could set one to start at IP 220 and the other at 200). Write down these intended start addresses, as you may
find the final choices have to be modified after you’ve calculated the sub-net.
Now use
your Internet Explorer and go to http://www.cotse.com/networkcalculator.html
to calculate the sub-net. Type in the intended IP address up at the top (e.g.
192.168.16.220), followed by the maximum number of VPN connections on the
router (e.g. 20), as shown below, then click “Calculate”. The sub-net for 20
VPNS will be 255.255.255.224, as shown below. Although you asked for 20 VPN
connections you’ll see that in the conversion to binary you actually end up
with 30. Moreover when you click the second “Calculate” button you’ll find that
your intended Network start IP address has been changed – in this case from 220
to 192.
So now
return to the VPN router’s “VPN and Remote Access / PPP General Setup” screen
and enter the “Network” address PLUS ONE (e.g. 193 - this will be the address
for the first VPN connection on this router), as shown below…
Other than
setting-up the VPNs as normal (see Appendix 14 – VPNs for Remote Workers) that’s all you need to do on
the VPN router/s.
The next
step is to set the static route/s to the VPN router/s on the Default Gateway
router, used for Internet and eMail on the Terminal
Server, which you’ll find under “LAN / Static Route”, as shown below…
The second
static route, above, is the one to the example VPN router (i.e. the one where
the first VPN will be 192.168.16.193). Click its number (No 2 in this example) to
enter or edit its details. The Destination IP Address is the “Network” address
as per the sub-net calculation (i.e. 192 in this example, and not “Network + 1”
or 193, which will be for the first VPN that connects to it). The sub-net
255.255.255.224 should also be entered as per the sub-net calculation.
Finally
enter the VPN router’s own IP address on the LAN (shown below) as the “Gateway
IP Address” for its range of VPN users (shown above).
That’s it.
Simple when you know how!