IKEv2 VPN with ID between DrayTek Routers

Not all VPN peers can have a static public IP address. When the VPN peer uses a dynamic IP address, we can use the Local ID and the Peer ID on the VPN LAN to LAN profiles to make the VPN connection using the specified IPsec Pre-Shared Key in that VPN profile. This article introduces setting up an IKEv2 VPN tunnel with ID between Vigor Routers.

VPN Server Setup:

1. Go to VPN and Remote Access >> LAN to LAN, click on an available index number, and edit the profile as follows.

In Common Settings,

• Give it a profile name
• Check Enable this profile
• Set Call Direction to "Dial-In"
• Modify the Idle Timeout to 0 to avoid the VPN disconnection when the tunnel is idle.

In Dial-In Settings,

• Select IPsec Tunnel
• Check Specify Remote VPN Gateway
• Enter the Peer ID
• Enter the Pre-Shared Key

In TCP/IP Network Settings,

• Enter the Client router’s LAN network for Local Network
• Enter the VPN server’s network for Remote Network
• Click Save to apply the settings.

VPN Client Setup:

2. Go to VPN and Remote Access >> LAN to LAN, click on an available index number, and edit the profile as follows.

In Common Settings,

• Give it a profile name
• Check Enable this profile
• Set Call Direction to "Dial-Out"
• At Dial-Out Through, select the WAN interface for VPN connection
• Select Always on

In Dial-Out Settings,

• Select IPsec Tunnel and IKEv2 as the VPN server protocol
• Enter VPN Server's WAN IP as the Server IP
• Enter the same Pre-Shared Key configured on the VPN server here.
• Select AES256/G14/SHA256 as the encryption algorithm for both Phase 1 and Phase 2 proposals.


In TCP/IP Network Settings,

• Enter Vigor Router’s LAN as the Local Network and Server’s LAN as the Remote Network
• Click OK to Save the settings.


3. Go to VPN and Remote Access >> Connection Management page to check the VPN status.