Martin Liddle - 17 mins ago »
rjsdavis - 1 hour ago »
BTW - have confidence that it is not MTU size. This was checked a few weeks ago, and as I recall, the MTU was at the max setting of 1200.An MTU of 1200 sounds low to me. The MTU on my WAN connection is currently 1492.
Apologies - my mistake. I couldn't remember where it was in the config pages. It is actually at the max of 1520 - just found and checked it.
but my limited logic is coming to the exact opposite conclusion here - in that the NordVPN *is* the culprit
VPN traffic is encapsulated which makes the packets bigger - depending on what VPN protocol is being used - and that might lead to fragmentation somewhere along the network path.
This really is a problem that should have a simple and straightforward solution.
It should be easy to route traffic from a particular device, or traffic to and from specific sites around the VPN.
It should be easy to route traffic from a particular device, or traffic to and from specific sites around the VPN.
GrahamRHK - 12 hours ago »
It should be easy to route traffic from a particular device, or traffic to and from specific sites around the VPN.
This is indeed correct. I have been experimenting - being intrigued by this problem. I have set up a permanent VPN tunnel to NordVPN in the router. Then used Route Policy settings in the Draytek 2862 router to force HUMAX traffic over the WAN while allowing other connected devices (eg this computer that I am posting from) to use the VPN tunnel. All works perfectly. I think the problem again relates to DNS settings. NordVPN blocks access to many ISP supplied DNS servers (NordVPN FAQ) and uses its own - 103.86.96.100 and 103.86.99.100. So if the HUMAX thinks the DNS servers are different from those it won't work - nor will this computer unless I set DNS servers to those addresses, as I discovered.
Hope that helps
Thanks for this Graham - this sounds like it's exactly what I need, as, so far, all of the route policies set up by Draytek tech support have failed. By this, I mean that I cannot access any catch-up sevice from the Humax whilst the VPN is active.
Since then, I've bought a new Smart TV, and found that I can't access any services like YouTube or YouView catch-up whilst the VPN is active. As soon as it's off - all works as it should.
Therefore, I can see that the only way to make this work, is to have the IP addresses of the Humax box and the TV separated from the VPN, but still haven't been able to set-up the router to actually do this!
Many thanks
I have put here a link to a screen shot of my routing table. The first entry is this macbook - accessing the tunnel. The next is for fixed IP devices on my local network. The next two are my HUMAX.
https://drive.google.com/file/d/1ykJwcfeH-0RDkQQf6X6sp9uzwKdcShzA/view?usp=sharing
I have posted the link this way because uploads to this forum don't seem to work for me.
Is this feasible?
Your router has (let's say) 5 ethernet ports on the back.
Is it possible to specify a specific port to be exempt or bypassing the VPN? If so, perhaps you can then use a set of homeplugs or repeaters that use that specific port and let everything else use the rest?
GrahamRHK - 7 hours ago »
I have put here a link to a screen shot of my routing table. The first entry is this macbook - accessing the tunnel. The next is for fixed IP devices on my local network. The next two are my HUMAX.
https://drive.google.com/file/d/1ykJwcfeH-0RDkQQf6X6sp9uzwKdcShzA/view?usp=sharing
I have posted the link this way because uploads to this forum don't seem to work for me.
SOLVED
Thanks Graham for the screenshot. I could only see the summary route policy screen, but I've just come off the phone from Draytek support and finally spoken to a tech that did what I asked, and it works!
He went about slightly differently.
1 - He set up the two streaming devices as "IP objects" within the Objects Setting menu. Each of the two devices was created as an object.
2 - An object group was then created and given a name. Both IP objects were moved into the group - effectively creating a bubble that was going to be treated differently.
3 - Then, two new route policies were created. One for the IP group, that was directed down WAN1, and everything else, that was directed down the VPN.
Everything now works as intended. The Humax loads up all of the apps and streams as it does when the VPN is off. The Sony Smart TV loads up all of it's apps and streams just fine as it should as well. Eveything else is encrypted through the VPN, which is just what I wanted.
One would imagine that the inverse could be set-up for ex-pats to get streaming services from the UK whilst abroad, so that all of the UK content could be set to stream through a UK-based VPN server to try to fool the BBC/ITV and so on.
Result!
Perseverance pays off in the end.
It would appear that what we all thought should be possible is possible after all, it's just a convoluted set of terminologies instead of just being able to simply assign a policy to a device with a yes/no tag for whether it is routed via the VPN.
You must log in to post.
