VPN connection direction?

EddScott · 25 Oct 2011 at 10:47

I've got a Draytek 2710vn at home and in work we have a Draytek 2930. Now the 2930 has dial in/dial out settings and the 2710vn only has dial out.

I've set up a PPTP VPN but the connection can only be initiated one way 2710>2930.

Is there any way of doing it the other way?

Reason for asking is that I have a NAS box at home and we leave the file serving PC at work on all the time. I'd like the PC at work to contact the NAS box and sync with it.

I'm pretty sure the theres some way to have the NAS box contact the work PC and sync in that direction but I haven't quite worked it out yet

sidethink · 25 Oct 2011 at 14:10

Once the link is up, surely it doesnt matter who initiated the connection?

Can you modify the office based PC to check if it can reach the remote site before starting a sync (possibly with some scripting)?

Can you also turn on keepalives to maintain the connection?

EddScott · 25 Oct 2011 at 15:05

Well although I can see the work PC at home I can't see the home PC at work or the NAS box.

Both locations have static IPs and in the connection management of the 2930 it shows my home static IP but if I try to ping the static IP I get time outs.

I've looked into things a bit more and it looks like as you say, it shouldn't matter which end initiates but my problem is that I can't see the home IPs from work.

Don't know how to do scripting unfortunately.

PistolPete · 25 Oct 2011 at 16:07

Firewalling??

sidethink · 25 Oct 2011 at 16:08

That sounds like it might be more of a routing issue rather than strictly a VPN problem. you will need to assure yourself that the work PC has a route defined to your home network (either by a router that knows how to get there or by a static route configured on the PC itself).

bremen1874 · 25 Oct 2011 at 16:18

EddScott said:
Both locations have static IPs and in the connection management of the 2930 it shows my home static IP but if I try to ping the static IP I get time outs.

Have you tried pinging the LAN IP of your router rather than the WAN IP?

EddScott · 25 Oct 2011 at 16:38

Tried to ping the router and it replied no problem.

I've followed the guides on the Draytek forum and as far as I can tell it's all as it should be. I don't know how to confirm if the work PC can route to the home PC. Well I guess right now they can't but I'm not sure how to make it work.

bremen1874 · 25 Oct 2011 at 16:51

If you can ping the LAN side of your home router then you should be able to access any machine on your home network (assuming that they all have their gateway addresses set to the router in question).

Any reason you went for PPTP rather than IPSec?

EddScott · 25 Oct 2011 at 17:10

I'm sorry, I am confused. I tried to ping the home router IP address and it times out.

I used PPTP initially as I couldn't get IPSec to work. I would prefer to use IPSec though.

bremen1874 · 25 Oct 2011 at 17:58

Is the router configured to reply to a ping?

And just in case… what address ranges are you using on the two sites?

EddScott · 25 Oct 2011 at 18:39

Not sure if the router is configured to reply to a ping.

Home is 2.0/24 and work is 1.0/24 - if that makes sense.

I think I've got the IPsec tunnel to work - I've been playing around with the settings and both routers show the connection in their management page.

OK, so now I have PPTP and IPSec working, if I drop the PPTP connection via my router here at home, I lose the connection with the computer in the offce but I can still access the work router through my browser. Question is can I use the IPSec to access the work computer and vice versa?

The name of the machine in work has now appeared under the Networks in windows explorer. However, I can't actually access anything within.

To elaborate, using the PPTP connection I can access the work PC by typing in its IP address. Its only since the IPSec has started working that the computers name has now appeared. It has to at least know the computer is there because how else would it know the name? The work PC is XP and my home PC is Win7 so don't know if that has anything to do with it.

bremen1874 · 26 Oct 2011 at 02:15

If you’re seeing machine names from the other network you must have some sort VPN up and running.

If it’s only working in one direction then you’ve got a local network issue that isn’t directly related to the VPN.

Unless you want machines on your network appearing in Network Neighbourhood at your work (for everyone) I’d disable Netbios Naming Packets in the VPN setup options.

Don’t try to have both PPTP and IPSec VPNs live between the same sites at the same time.

You’ll only be able to access resources that have been shared, exactly the same as you would on a locally connected machine.

bledd · 26 Oct 2011 at 09:41

The lazy way around this is to use Dropbox or Windows Live Mesh

I use Windows Live Mesh for work documents, it works really well imo

EddScott · 26 Oct 2011 at 09:52

Thanks for all your help breman1874!

I think not being able to access the work pc from home is no more than a Win7 Vs XP issue.

I left the NAS on today but turned off my PC at home. In work now and can access the NAS remotely no problem.

One thing though, if I open My Network Places on the work PC running XP and click the workgroup, it thinks about it for about a 30 seconds and says the network cannot be accessed - the network locally is fine so I'm guessing it's something to do with it trying to add the NAS box to the network tree?

It would handy to be able to map a network drive here from the NAS box.

Again, many thanks. Much appreciated.

bledd - I would do but I was put off by security issues - whether right or wrong. I have set up a mycloudnas service so we can access the NAS box web file service from the web (which is cool and very handy in itself) it would be even better if I could see the NAS box in the network tree. Now its just a case of working out all the NAS box software

bremen1874 · 26 Oct 2011 at 11:22

It would handy to be able to map a network drive here from the NAS box.

You should be able to use NET USE at the command line, something like:-

NET USE z: \\192.168.1.10\sharedfolder

See NET USE /? for the full syntax options.

EddScott · 26 Oct 2011 at 11:31

Well I go to My Network Places, it doesn't show any other machines other than our file serving machine - it's also very slow to reveal the tree on the left of windows explorer.

I think it's taking too long for the NAS box to reply and XP throws up a can't connect error - when in fact all is well locally.

I did a search for computers and put in the NAS IP address and it found it and I mapped a folder as a network drive.

So essentially all is well. Although its a bit of an issue with win explorer taking so long to show the tree - each machine in the office has an icon for going directly to the network shared folder of the file serving machine.

bremen1874 · 26 Oct 2011 at 11:35

Using My Network Paces over the VPN connection is always going to be a pain. I'd suggest that you disable Netbios Naming Packets in the VPN setup options and just work with IP addresses and UNC paths.

EddScott · 26 Oct 2011 at 12:36

To turn off Netbios naming packets - is that the WINS tab in the advanced section of TCP/IP settings? "Disable NetBios over TCP/IP" ?

EDIT - just did that and lost the connection to the file serving machine

I'm rubbish at this!

bremen1874 · 26 Oct 2011 at 12:48

Change the setting in the router config, not in Windows.

In my Vigor routers there's a 'Netbios Naming Packet' option within the VPN settings that can be set to Block rather than Pass.

EddScott · 26 Oct 2011 at 15:19

Done. Works much better now.

Many thanks for your help.