Bookmark this page Print this page

VPNs with Multiple Draytek Vigor Routers

Typically a network has a single router to handle its eMail, Internet and VPN work. You can add additional routers to improve performance or increase the number of remote users, but as the Terminal Server will have a single “Default Gateway” for the Internet, the additional router may not function correctly until you set-up static routes on it pointing to the extra router/s.

The first step is to decide on the IP addresses to be used by each VPN router for the remote users. Under “VPN and Remote Access” there’s a sub-section for “PPP General Setup” where by default these start at 200, as shown below (i.e. the first VPN would be allocated IP 192.168.16.200, the second 192.168.16.201, etc). As the Vigor 2600 model can handle 20 VPNs and the 2800 can do 32, you should allocate addresses accordingly (e.g. with two Vigor 2600 routers you could set one to start at IP 220 and the other at 200). Write down these intended start addresses, as you may find the final choices have to be modified after you’ve calculated the sub-net.

Now use your Internet Explorer and go to http://www.cotse.com/networkcalculator.html to calculate the sub-net. Type in the intended IP address up at the top (e.g. 192.168.16.220), followed by the maximum number of VPN connections on the router (e.g. 20), as shown below, then click “Calculate”. The sub-net for 20 VPNS will be 255.255.255.224, as shown below. Although you asked for 20 VPN connections you’ll see that in the conversion to binary you actually end up with 30. Moreover when you click the second “Calculate” button you’ll find that your intended Network start IP address has been changed – in this case from 220 to 192.

So now return to the VPN router’s “VPN and Remote Access / PPP General Setup” screen and enter the “Network” address PLUS ONE (e.g. 193 - this will be the address for the first VPN connection on this router), as shown below…

Other than setting-up the VPNs as normal (see Appendix 14 – VPNs for Remote Workers) that’s all you need to do on the VPN router/s.

The next step is to set the static route/s to the VPN router/s on the Default Gateway router, used for Internet and eMail on the Terminal Server, which you’ll find under “LAN / Static Route”, as shown below…

The second static route, above, is the one to the example VPN router (i.e. the one where the first VPN will be 192.168.16.193). Click its number (No 2 in this example) to enter or edit its details. The Destination IP Address is the “Network” address as per the sub-net calculation (i.e. 192 in this example, and not “Network + 1” or 193, which will be for the first VPN that connects to it). The sub-net 255.255.255.224 should also be entered as per the sub-net calculation.

Finally enter the VPN router’s own IP address on the LAN (shown below) as the “Gateway IP Address” for its range of VPN users (shown above).

That’s it. Simple when you know how!