Options

IPSec Tunnel / BOVPN from WG FireBox T80 to Draytek 2685LAC

I'm trying to get this VPN tunnel going with a PSK, I do not want to deal with certificates,

Watchguard has a Single LAN at HQ

I'm testing a DrayTek 2865LAC FW 4.4.5 for some existing branch sites but cannot get the connection to stay up. it flaps at best with certain settings, I've tried with BOVPN virtual interface & Branch Office VPN sections, matched the Phase 1 and 2 encryption settings and using the same PSK each way.

Has anyone got these devices working with a tunnel?

Goal is straight routing from 10.0.1.0/24 network on WG side to 192.168.2.0/24 on DT side.
No NAT,

All WAN/internet traffic out the local WAN on each end.

I would like to post some pics rather than writing tonnes of text pics are worth a thousand words etc.

Draytek config (a single page)

Dashboard saying it's up, cannot get more than 30 seconds uptim

WG virt int.

Gateway

VPN Routes:

Phase 1:

Phase 2:

Multicast?

Diagnostic logs sample:

I really hope it's just some dumb and obvious thing I've overlooked or is not obvious to me, I'd really like for the tunnel to work. Any help would be very appreciated.

Comments

  • Options
    edited May 28

    Have you tried a non Virtual interface BOVPN?
    This is a standard manual BOVPN.

    If you have a support contract on your WG firewall, you can open a support case on this and get help from a WG rep to get this resloved.
    Use the Support Center link above.

  • Options

    Yeah I tried both straight BOPVN & BOVPN Virt interface, neither would work with any conceivable settings, combing through the diag output on the WG to make any corrections at best resulted in the connection flapping evert 20-25 seconds no traffic ever passed through.

    I'll see about opening a case with WG, we keep a current live security sub for all our WG devices so I guess I'd be entitled to support.

  • Options

    Correct. A support case is the way to go here.
    Should you find a resolution, please post it for others to find.

Sign In to comment.