Knowledgebase
IPSEC Smart VPN Client Problem
Posted by on 14 February 2012 03:10 PM

Customer Enquiry

I have (actually I have 4 units among my clients) a Draytek 2820 Vigor
> modem/router that I use as a VPN gateway to a LAN that consists of Windows
> 2008 R2 server which is a DC and a file server and DNS and DHCP server. The
> rest of the LAN is couple of PCs that are part of the domain. All the other
> users, some 10 laptops, are very mobile and are not part of the domain, as
> these are usually personal laptops. They connect to the network once they
> are in the office, and there is no problem accessing shares on the
> fileserver, as the DNS server IP address is given to each laptop as it
> connects.
>
> The problem arises when these mobile user connect via Draytek Smart VPN
> client (Ver 4.0.0.3). If the user connects via "IPsec Tunnel" option, I can
> ping the file server, or any other PC on the LAN, but I cannot actually
> connect to the share via its name (or to any PC via its name). Basically the
> client does not know about the LANs DNS server.
>
> Is there some way to let the client connected via the VPN IPsec Tunnel know
> the IP of the LAN's DNS server so that the client can resolve the share
> names? The only way around it I found, that is quite cumbersome is to map
> all the shares into the HOST file, but I would rather not do that.
> The reason I do not want to use the PPTP option is that I do not want to
> know the users passwords for the VPN connections.
>
> Another problem that I have found with the Draytek's Smart VPN Client
> (sVPNc) is that even if you put in wrong credentials and IP address (while
> connecting as IPsec Tunnel), the client will tell you that it is connected
> even though there is no connection (you might not even have internet access
> and the sVPNc will happily tell you that you are connected) . Not very
> useful for the clients, as they believe to be connected, but cannot access
> anything as obviously there is not connection what so ever. (see attached
> file - PC has no internet, but VPN is connected)

DrayTek Reply

With a remote dial-in PPTP vpn connection, the vpn client will be assigned a
DNS address as well as a local private address by the VPN server.
But with a remote dial-in IPSec VPN connection, the vpn client will not be
assigned any ip address by the VPN server. So you have to manually assign the
"local" DNS server IP address to the vpn client.

> Another problem that I have found with the Draytek's Smart VPN Client
> (sVPNc) is that even if you put in wrong credentials and IP address (while
> connecting as IPsec Tunnel), the client will tell you that it is connected
> even though there is no connection (you might not even have internet access
> and the sVPNc will happily tell you that you are connected) . Not very
> useful for the clients, as they believe to be connected, but cannot access
> anything as obviously there is not connection what so ever. (see attached
> file - PC has no internet, but VPN is connected)

When you see status "connected" shown in Smart VPN client, the vpn connection
hasn't been really connected. In fact when you press the "Active" button, only
one action is performed that the vpn profile is applied to Windows IPSec policy.
No vpn message is exchanged between the vpn client and the vpn router at that
time. You should issue a ping to one IP address of remote vpn network to
initiate the IPSec vpn connection.



(1 vote(s))
Helpful
Not helpful

Comments (0)