Howdy vyos community!
Recently I had to connect SPOKE site using vpn having there available:
-LTE USB modem - Internet access through natted network, no public ip avaialble
-Draytek Vigor 2925 series router
On the HUB site there was vyatta 6.5R1.
Long story short I’ve managed to use vpn remote-access (ppp) for this. (I know ppp mschapv2 has been compromised, but had no choice)
Draytek - SPOKE - successfully connected but an issue appeared. After loosing internet connection, draytek established new tunnel. From client side perspective it was all ok. From the HUB perspective - not necessarily.
On vyatta -HUB- side - there has been now two tunnels, different pptp interface, to the same destination. The first one (inactive) was still hanging and taking over the routing.
There is no option in CLI to set ppp options such as ‘idle’ or ‘active-filter’.
Solution:
edit /etc/ppp/options
add options:
idle 60
active-filter ‘not dst net 192.168.10.0/24’
First line is responsible for idle time for connection. It starts counting when there is no traffic and when it reaches the ‘n’ seconds the connection is being flushed. The problem is that after client disconnects (or rather when the connection is broken) there is no incoming traffic, but there is still outgoing one (in most case scenarios) - since hosts from HUB site are trying to establish connection to the HUB site. That results - from the ‘idle’ option perspective that the connection is not really idle.
Using ‘active-filter’ option with parameter ‘not dst net x.x.x.x/x’ we tell pptpd to not consider traffic to destination i.e. 192.168.10.0/24 as interesting from the ‘idle’ option perspective.
It did the trick.
If this could help someone with Draytek 2925 that is how the ‘VPN and Remote Access >> LAN to LAN >> your connection >> 5. TCP IP settings’ should look like for the above to be possible:
My WAN IP: 0.0.0.0 (dynamic, natted IP)
Remote gateway: 0.0.0.0
Remote network IP: 192.168.0.0 (just en example of tunnel’s remote prefix)
Remote network mask: 255.255.0.0 (just en example of tunnel’s remote prefix)
Local network IP: 192.168.10.0 (example of local prefix)
Local network mask: 255.255.255.0 (example of local prefix)
Have a nice day!