Has anybody successfully used the Andrews & Arnold L2TP service on a Draytek router before? Details here:  https://www.aa.net.uk/broadband/l2tp-service/ .

Specifically, I am using a Vigor 2865.

The idea being to gain a static, public IPv4 (Or v6, actually) whilst using another generic underlying internet connection. I have noticed the L2TP option in the WAN settings on the Draytek, however I think this is for connecting to a primary ISP. Obviously in this case the usual method should be used to connect to the ISP, whether it be PPPoE, DHCP or anything else, and then the L2TP tunnel to AAISP should run OVER this connection. 

Thus, I am thinking the Lan-2-Lan VPN feature could be used for this in L2TP mode. I am sure this would work in NAT mode for outgoing traffic, however what happens if I want to allow incoming traffic destined for an AAISP static IP in to a server connected to the Draytek's LAN? How can this be achieved?

I don't currently have an AAISP L2TP account to experiment with, just hoping for some ideas as I may pursue this in the future. 

A somewhat late reply but I can confirm I have setup the service on a Vigor 2927 for a customer. 
I used it to get a fixed IP address for an internal server (Web based system) for end-users to access. 
Once the VPN connection was working I simply -
1. Added port forwarding on ports 80/443 to the internal server and selected just the VPN interface.
2. Added a routing rule so all traffic from the internal server was sent to the VPN 

Regards

Paul R

Paul - Thanks for your reply. I was beginning to think this was impossible / had never been attempted before!

- When you setup the VPN, what IP address settings did you use? E.G for 'Local Network' and 'Remote Network'.
- Presumably you had the VPN in NAT mode?
- Do you know if the port forward had any effect on other LAN to LAN VPN's? Only ask becuase I see we can only select 'VPN' in a generic sense in the port forwarding menu, rather than a specific tunnel.
- Finally, do you have any idea how this behaves with firewall rules? For example, to filter traffic AAISP IP address > LAN server, do we need a 'WAN > LAN' rule, or a LAN / VPN > LAN rule?

Thanks for your help!

VPN connection
Local network is the LAN - 192.168.200.0/24 in my case. 
Remote network is the INTERNAL IP address allocated by A&A with a /32 suffix. 
NAT is enabled

Firewall
The Port Forwarding automatically allowed the ports I needed (80 & 443) inbound.
I have done a port scan on the A&A PUBLIC address and all other ports are blocked (default behavour AFAIK).

Other VPNs
There are no other VPNs on this router so I don't know the impact that would have. 

Hope this helps?

Regards

Paul R 

Excellent, thanks Paul. I may well get an AAISP L2TP service setup and give this a try at some point.

Note, I was not aware that AAISP assigned an INTERNAL IP to the tunnel - It now makes sense that this would be used in the VPN configuration. (I have never had an AAISP tunnel before )

It was a long time ago, but I think I initially set the Remote network to 0.0.0.0 and made the connection but no traffic would flow. 
I then looked for the allocated INTERNAL IP address in SYSLOG  (redacted example below) and set the remote network to that /32   

 2025-05-29 15:13:52     L2TP (VPN-3, [user]) <== Protocol:IPCP(8021) ConfAck Identifier:0x02 IP Address: 81 187 X XXX ##

To test I went with the Business Light at just £2+VAT and setup on my own router