Zend certified PHP/Magento developer

Site to Site VPN not working after Fibre Upgrade

I have 3 VPNs connecting Sites A, B & C. Two of these (A & C) have just been upgraded to fibre (FTTP) and now only the A to B route is working.

All sites have Draytek routers.
Sites A & B are in UK, C is in France.

Site A now has an ONT connected to a FritzBox7530 which delivers VOIP and internet to a Draytek 2860 WAN2 now set to static ip. The Dial-Out VPN to Site C still functions. The ISP (Zen) insists their router must be first in line for the VoIP service to function. They will not offer any support or assistance for non-Zen hardware.

Site C has a direct fibre connection to a Livebox 5 (ie internal ONT). This delivers VoIP and internet to a Draytek 2830 as per “A”. Routes A-C & B-C will not function in Dial-In or Dial-Out mode.

From this I assume that:

  • Yes: The Fritzbox will pass a Dial-Out connection to “B”.
  • Yes: The Fritzbox will pass a Dial-In connection from “B”.
  • No: The Livebox will not pass a Dial-Out connection to “B”.
  • No: The Livebox will not pass a Dial-In connection from “B”.
  • No: The Livebox will not pass a Dial-Out connection to “A”.
  • No: The Livebox will not pass a Dial-In connection from “A”.

So the problem seems to lie in the Livebox not passing the VPN in or out. I then changed the Livebox Firewall setting to “Low” and added NAT/PAT port forwarding for UDP ports 500 and 4500. This has not had any effect. Dial-In or Dial-Out will still not connect.

Port Forwarding on the Livebox is functioning. I can access the Draytek router from the internet, unless it is spoofing a loopback, I know some Zyxel units used to do this.

Doing away with the Livebox, unfortunately, is not a good solution. The internet and VoIP login seems to be hard codeded and Orange will no doubt not release these without payment. The Livebox came with an enormous sweetener!

So I have run out of ideas, any help or suggestions gratefully received.