Hi all,

I wonder if someone can help as I really don't know what the answer is.    

I have multiple NordVPN 'dial out' connections running on my Vigor 2927.   I'm UK based so I have for example one pointing to France, Germany, Monaco etc.

All connections use IKEV2 and I've followed the tutorial on the Nord site.   

The bit thats confusing me is on the LAN-to-LAN profile page under TCP/IP Network settings - local network.   Should this be the IP range of LAN1 which in my case is 10.8.0.x /24? I understand that 'remote network' should be any - 0.0.0.0/0 as I presume this translates to allow all traffic out to anything via the VPN.

If I have concurrent VPN connections dialling out - should the 'local network' mask for each profile be exactly the same as LAN1 interface i.e 10.8.0.1/24 or should they be unique?

Local Network: what should this be?
Remote Network: 0.0.0.0/0

Looking at the Draytek article, it looks like the local IP is just the interface of the router, in the below example its 192.168.1.x/24

https://www.draytek.co.uk/support/guides/kb-vpnservice-nordvpn#:~:text=9.%C2%A0%20At%20TCP,to%20%220.0.0.0/0%22

https://support.nordvpn.com/hc/en-us/articles/20397988815633-DrayTek-Vigor-IKEv2-setup-with-NordVPN#:~:text=Click%C2%A0OK,traffic%20through%C2%A0NordVPN.

Thanks all

Hi Jonathan ,

If I am understanding your setup correctly...:

Local Network: what should this be?

It should be whatever your local LAN setup is. So if you have only 1 LAN Index established (in LAN >> General Setup), then this would be the 'Local Network' LAN data that you would need to enter. The reason it needs to know this info is because you could have many networks at your local end.

If you had 10 LAN indexes established and you wanted this option to be applied "(optional) Enable Change Default Route to this VPN tunnel option if you want to route all traffic through NordVPN." to only one of your LAN indexes then that desired LAN data should be entered in the 'Local Network' settings.

You can have multiple LAN-to-LAN connections between the same two sites and maintain separation by configuring the 'Local' and 'Remote Networks' in this way.

I wonder if someone can help as I really don't know what the answer is.    

Have you been able to get any of what you're trying to setup working yet?
 

Hi HodgesanDY

So to put it briefly, my network consists of a number of VLANS that I have assigned to the LAN interfaces, for example

LAN 2 - 10.7.32.x/24 - assigned to VLAN 2
LAN 4 - 10.7.0.x/24 - assigned to VLAN 4
LAN 6 - 10.7.2.x/24 - assigned to VLAN 6

And so on.

LAN 1 is currently set to 10.8.0.x/24 (I changed it from the default 192.168.1.x).   So I've been using that for my 'Local IP Network' when creating concurrent IKEv2 'dial out' LAN-to-LAN profiles for my NordVPN connections.  I wasn't sure if this was the correct Local IP Network to be using for the profiles.

For example (LAN-to-LAN profiles could be

Germany
France
Monaco 

If these were just 3 concurrent dial-out Nord VPNs would the Local IP be set to 10.8.0.x/24 which is what LAN1 is currently set to?

Hope this makes sense.

Hi  Jonathan,

What is working and/or what is not working? What are you hoping for from this configuration?

Are you wanting ALL of your LANs to be able to freely browse randomly via France, Germany and Monaco, or are you wanting to have certain Local LANs browse via certain locations?

It's tricky trying to guess what you're hoping to achieve from just reading your current posts...

If you're trying to route ALL traffic through ALL VPN profiles, I think you're going to encounter some routing issues. I can't say I've ever tried to do what I think you're trying to do. I would be checking my Vigor's routing table after each configuration change, to understand the affects of the adjustments.