IKEv2 VPN between DrayTek Routers
Developed from IKEv1, IKEv2 is a new VPN protocol and has lots of improvements than the previous version. Compare to IKEv1, IKEv2 is more stable, it supports the latest cipher which makes the connection more secure, and takes a shorter time to establish, and by removing the point-to-point protocol, IKEv2 takes a shorter time to establish the connection.
This article demonstrates how to establish an IKEv2 VPN between two Vigor Routers.
VPN Server (Dial-In) Settings
1. Go to VPN and Remote Access >> IPsec General Setup,
- Input Pre-shared Key
- Confirm Pre-Shared Key
- Click OK
2. Go to VPN and Remote Access >> LAN to LAN and click an index available,
- Check Enable this profile
- Select Dial-In for Call Direction
- Allow IPsec Tunnel in Dial-In Settings
- For Remote Network IP and Mask, input the IP subnet used by the VPN Client.
- Click OK
VPN Client (Dial-Out) Settings
3. Similarly, create a profile at VPN and Remote Access >> LAN to LAN
- Give a Profile Name
- Check Enable this profile
- Select Dial-Out for Call Direction
- Select IPsec Tunnel and IKEv2 for Type of Server.
- Input VPN server's WAN IP or domain name at Server IP/Host Name for VPN
- Input Pre-Shard Key of VPN server
- For Remote Network IP and Mask, input the IP subnet used by the VPN Server
- Click OK
4. To initiate the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, and click Dial
5. When VPN established successfully, the connection status will be shown.
VPN Server Setup
1. Go to the VPN / General Setup / IPsec menu page.
- Enable the IPsec Service.
- For General Site-to-Site PSK, enter a Pre-Shared Key.
Then Click Apply to save the settings.
2. Go VPN / Site-to-Site VPN.
- Click +Add to create a profile.
- Enter a profile name and check enabled the profile.
General
- Select Dial-In in Direction.
- Select IPsec as the VPN Type.
- Check IKEv1/v2.
IKE Authentication
- (Optional)Specify the encryption and the security protocol for IKE Phase1 and Phase2 in More settings.
Network
- Enter the Local Network of the VPN server and the Remote Network of the VPN client.
Click Apply to save.
VPN Client Setup
1. Go to VPN / General Setup / IPsec.
- Enable IPsec Service.
Click Apply to save the settings.
2. Go VPN / Site-to-Site VPN.
- Click +Add to create a profile.
- Enter a profile name and check enabled the profile.
General
- Select Dial-Out for the Direction.
- Select IPsec as the VPN Type.
- Select IKEv2 as IPsec Dial-Out Protocol.
- Enter the remote server address or domain name.
- Specify a Dial-Out Mode. Here, we choose Always On.
IKE Authentication
- Select Pre-Shared Key for Authentication.
- Enter the Pre-Shared Key configured on the VPN server.
- (Optional)Specify the encryption and the security protocol for IKE Phase1 and Phase2 in More settings.
Network
- Enter the Local Network of the VPN client and the Remote Network of the VPN server.
Click Apply to save.
After completing the configuration, the VPN Client will automatically dial up the IPsec tunnel. We can check the VPN status in VPN / VPN Connection Status.
VPN Server Settings
1. Go to VPN and Remote Access >> IPsec General Setup, type a Preshared Key then click Apply.
2. Go to VPN and Remote Access >> VPN Profiles and click Add,
- Enter the IP subnet used by the VPN Server in Local IP/Subnet Mask
- Enter the IP subnet used by the VPN Client in Remote IP/Subnet Mask
- Select IKEv2 for IKE Protocol
- Click Apply
VPN Client Settings
3. Go to VPN and Remote Access >> VPN Profiles and click Add,
- Type the IP subnet used by the VPN Client in Local IP/Subnet Mask
- Type WAN IP or Domain of the VPN Server in Remote Host
- Type the IP subnet used by the VPN Server in Remote IP/Subnet Mask
- Select IKEv2 for IKE Protocol
- Type the Preshared Key set in step 1
- Click Apply
4. To dial the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, click Connect.
5. When VPN established successfully, the VPN status will be shown.
Published On: 2017-06-13
Was this helpful?