Between sites, MT to MT I'm running IPSec (AES-256) which works a treat and throughput is very good - although I think ultimately bandwidth wise it may be single thread-bound on the MT's.

L2TP also has good throughput for mobile to MT connections. L2TP seeing around double the throughput on TCP compared to OpenVPN on the same device over a 5G connection.

I haven't run OpenVPN site to site, as MT as far as I'm aware still only support TCP on their OVPN implementation and I need UDP connectivity.

Why not use your Draytek 2860 as 'the' Router on your LAN and dispense with BT Smarthub? It would make your VPN challenge (and more) a lot simpler to manage.

+1 to this. RDP has no business being exposed on the public Internet. Stick it behind a firewall and spin up a VPN on the edge device.

Bare minimum to provide public-facing services exposed to the public, not much more in a DMZ exposed to the public but no access to internal network, VPN for everything else.

Carl it’s still shocking to find large corporates in this country that expect you to open firewall ports and port forward so that they can administer devices that sit inside your network.

I shan’t name and shame here, suffice to say I found out last week they were hacked themselves...

In reply to a post by Pheasant:

Carl it’s still shocking to find large corporates in this country that expect you to open firewall ports and port forward so that they can administer devices that sit inside your network.

surely this is the sign of a tin-pot company that has no "clue" and best avoided? you can spin up an OpenVPN on a Linux VPS in only a few minutes, and then spent a few hours understanding it. Routers with built in OpenVPN server are now common (e.g. Asus).

sigh....

Let's just say large quite well known UK-based EV charging system manufacturer with ten's of thousands of charge points out there...that happens to come under the umbrella of an even larger British Petroleum company. Tinpot nuff?

In reply to a post by Pheasant:

Tinpot nuff?

Pretty scary!