site to site vpn with draytek routers

[Big Jim]

I have draytek routers at both ends and have successfully established a site to site vpn connection.
I can ping remote computers at the 2nd site.

I am trying to browse a network share on a windows server from a windows 11 machine.
I can browse folders on the server that I want to, however browsing is either EXTREMELY slow or just lags out completely with either explorer not responding or an error message that "something went wrong", what am I missing ? (I have tried disabling the firewall both ends and it doesn't seem to make any real difference)
I used to have this working perfectly with my old Asus router at home and the draytek at the other end.

 

[YeOldeStonecat]

Many VPN services drop netbios traffic by default....because netbios is HEAVY TRAFFIC and you don't want to bog down VPN connections.

Network browsing also relies on DNS....for internal resolution...else workgroups will default to electing a master browser. HOWEVER..when you have a domain controller involved, you must must MUST use the IP of that DC as the primary (and only..unless there are additional DCs) DNS server for clients.

When I had clients with multiple locations and a DC at the central office...and I setup a WAN with the satellite offices having full time VPN connections to the central office, DHCP at the satellite offices handed out the IP of the DC at HQ as the primary DNS.

IP ranges different for each location of course.
Example...HQ at 192.168.10.0/24
Branch office 1 at 192.168.11.0/24
Branch office 2 at 192.168.12.024, etc.

Next...firewall rules, for computers at the satellite offices set the firewall to see the IP range of HQ as trusted work LAN.

 

[Big Jim]

Many VPN services drop netbios traffic by default....because netbios is HEAVY TRAFFIC and you don't want to bog down VPN connections.

Network browsing also relies on DNS....for internal resolution...else workgroups will default to electing a master browser. HOWEVER..when you have a domain controller involved, you must must MUST use the IP of that DC as the primary (and only..unless there are additional DCs) DNS server for clients.

When I had clients with multiple locations and a DC at the central office...and I setup a WAN with the satellite offices having full time VPN connections to the central office, DHCP at the satellite offices handed out the IP of the DC at HQ as the primary DNS.

IP ranges different for each location of course.
Example...HQ at 192.168.10.0/24
Branch office 1 at 192.168.11.0/24
Branch office 2 at 192.168.12.024, etc.

Next...firewall rules, for computers at the satellite offices set the firewall to see the IP range of HQ as trusted work LAN.

I've used the DC IP for DNS and also set traffic from remote IP as allowed, hasn't made any difference.

explorer is literally freezing and crashing every time I try to copy a file from remote server to local desktop,

site with the server has a 60/15 connection speed
home speed is around 20/4

could the connection speed be the problem ?

 

[Mick]

Not exactly a solution but I've used Drayteks for years and always found their support guys very helpful, assuming you don't manage to sort it off your own bat. At the least, might help to pinpoint the problem - i.e. is it the way the gear's set-up, or the pipe in between?

 

[YeOldeStonecat]

I've used the DC IP for DNS and also set traffic from remote IP as allowed, hasn't made any difference.

explorer is literally freezing and crashing every time I try to copy a file from remote server to local desktop,

site with the server has a 60/15 connection speed
home speed is around 20/4

could the connection speed be the problem ?

So with VPN tunnels....always consider "a chain is only as strong as its weakest link"....so you have the satellite office with a 4 meg upload. Factor in other local traffic going out that gateway, overhead of the VPN tunnel....and I'm guessing the actual VPN tunnel performance, upload, being 50-60% of that.

Enough to "browse the network" IMO.
Other 3rd party firewalls?
Perhaps tune the VPN tunnel settings...post screenshots? (redact the keys/pass phrases)

What type of VPN tunnels? IPSec? OpenVPN? L2TP?

 

[Big Jim]

I'm going to park this one for the time being given the above.
They are currently rolling out gigabit fibre in my town I'll revisit this once the fibre is installed and I know there are no speed limitations.
I've lived without it for almost 3 years, whats another 6 months

 

[YeOldeStonecat]

15 megs upload at the main site should allow a partially decent download from the client site.
Dunno, since 365 came out, haven't used WANs for file sharing in many years.
But one thing you can do is run a benchmark tool that measures file transfers...run it both ways...see what the numbers actually are. Lots of free tools out there which do this, many are iPerf based.

Also, often there are options to tweak the VPN settings. Disallow netbios...it's a throughput killer. Not sure of what options the draytecs have....but read up on tweaking them, change encryption levels, etc. Also are there other types of VPNs they can employ? OpenVPN?