Watchguard to Draytek VPN

ashrobbo · 31 May 2012 at 16:27

Hi all,

Have an xtm510 (11.5.1) at our head office and a draytek 2830 in a branch office, We want the computers in the branch office to use our DHCP server at our head office.

This morning I have setup the VPN link, all is connected, can ping devices at each site. All traffic is allow to and from each site, no restrictions.

However.

I have setup the DHCP Relay agent on the Draytek and pointed to the DC Internal IP which is also a DHCP server (10.0.0.101) via the LAN details on the draytek

I was hoping this was going to be it, but the DHCP server never receives the packet and I cant figure out why, I can't see any DHCP traffic in the watchguard logs. Nothing obvious in the draytek Syslog.

I know the watchguard blocks broadcast packets by default but as i understand the dhcp helper converts this into a unicast packet before sending. Only explanation I can think of its sending DHCP out the WAN interface instead of over the VPN?

On the cisco it was a case of adding a dhcp helper address and hey presto!

Setting a Static IP on a computer with the DNS to 10.0.0.101 works as expected,

Any ideas?

Ash

DustyMiller · 31 May 2012 at 18:05

Wactguard DHCP Relay Doc

ashrobbo · 31 May 2012 at 19:39

Hi dusty,

I am using dhcp relay from the draytek side not the watch guard side otherwise that doc would apply. DHCP Server is behind the watch guard not the draytek.

Ash

DustyMiller · 1 Jun 2012 at 18:07

But your still ging to need to relay DHCP, or do you have a BOVPN. As the watchguard will drop the DHCP traffic, as it issupposed to.

ashrobbo · 2 Jun 2012 at 12:01

Yes it's through a bovpn.surely I would enable DHCP helper on the watch guard side if I wanted to use a DHCP server from the branch office side, not the other way around, hence only activating it on the draytek side. This turns a dhcp broadcast packet into a unicast packet and sends its back, the watch guard will not block unicast packets only broadcast packets.

Draytek support have asked me to upgrade the firmware to the latest version as its a known issue, I won't be able to get to site to test until next week though. Was on 3.3.6.1 and now upgraded to 3.3.7.1, I'll post back with my results next week.