Manualshelf

Setup guide

ManualsBrandsDraytek ManualsComputer equipmentVigor 2950
17181920212223242526
Local Addresses for the More Curious
Why can’t I use a Local Address from my DrayTeks LAN?
It may sound a bit unusual to use IP addresses that are not part of the DrayTeks LAN. The reason for this is that the DrayTek cannot
act as a so-called ARP Proxy for its VPN clients. Computers on the DrayTeks LAN therefore must be “tricked” into sending replies for
VPN clients to the DrayTek by using IPs from outside the local network (for which replies are sent to the default gateway).
My users connect from different places, from different IPs. Why do I still need to give them different Local Addresses?
In most cases, the connecting Macs will be behind routers (DSL routers, wireless access points, ...) that perform Network Address
Translation (NAT), meaning they map several private IP addresses onto a single public IP address. The Macs themselves will have a
private IP address for their Ethernet or AirPort interface, and this is the IP address that is used by VPN Tracker if the Local Address field
is empty.
Because of this, the likelihood of two Macs using the same local address is very high: Many NAT routers are by default configured to
use the same private networks (192.168.1.0/24 and 10.0.0.0/24 are popular), and therefore there is a good chance that two clients
connecting from entirely different places will have the same local IP address assigned by their respective local router. Therefore it is
essential to configure a different Local Address in VPN Tracker for each VPN user if multiple users connect concurrently.
Why do I need a fixed Local Address when my DrayTek is not the default gateway/router in its LAN?
If the DrayTek is not the default gateway, this means that computers the VPN clients communicate with do not connect to the
Internet through the DrayTek.
In such an environment, you will have to ensure that those computers (and all other resources accessed through the VPN, such as
printers and NAS drives) know where to send replies for VPN clients . This is much easier, if you know what IP addresses your VPN
clients will be using, and therefore you should enter an individual fixed IP address in the Local Address field on each VPN client.
Once you have decided on a range of IP address to be used for VPN clients, you can either
set a route to the DrayTek for the VPN clients’ IP addresses on each host that needs to communicate with VPN clients, or
have the default gateway redirect all traffic for the VPN clients IP addresses to the DrayTek
26