Knowledge Base  >   VPN  > 

Single-Arm VPN Configuration

Single-Arm VPN allows the router's VPN to work only on the WAN interface, instead of working on traffic sent between LAN and WAN. When doing single-arm VPN, traffic arrives on the WAN interface, gets encrypted, and sent out through the same WAN interface. It's the solution to add VPN compatibility to the network without replacing the Internet gateway.

Since 3.8.4.2 version firmware, Vigor Router supports single-arm VPN for PPTP (TCP 1723), IPsec (UDP 500 and 4500) and SSL (TCP 443 or user-defined). However, to use Single-Armed VPN, the Internet gateway must open the corresponding ports to Vigor Router, and create the static routing rule for the VPN traffic. This article demonstrates how to configure single-arm VPN with following topology

an illustration of single arm vpn

Vigor Router Configuration (The Router on LAN A)

1. Go to VPN and Remote Access >> LAN to LAN and click an available index

  1. Enable profile and choose "Dial-In" for Call Direction a screenshot of DrayOS
  2. Enable PPTP and give a Username and Password in Dial-In Settings a screenshot of DrayOS
  3. Type LAN B for Remote Network in TCP/IP Network Settings
  4. Type LAN A (WAN network) for Local Network
    5. a screenshot of DrayOS

2. To avoid LAN network conflict with WAN network, please change the LAN network of the Vigor Router.

a screenshot of DrayOS

3. Go to Routing > Route Policy and click an available index to add a new rule:

  1. Enter LAN A in Source IP
  2. Enter LAN B in Destination IP
  3. Select the VPN profile for Interface
s screenshot of route policy settings

Remote Router Configuration (The Router on LAN B)

Go to VPN and Remote Access >> LAN to LAN and click an available index to add a new profile:

  1. Enable the profile and choose "Dial-Out" for Call Direction
  2. Select PPTP for Type of Server I am calling
  3. Type WAN IP or domain name of the internet gateway.
  4. Type Username and Password
    5. a screenshot of VPN Settings
  5. Type LAN A for Remote Network in TCP/IP Network Settings
    6. a screenshot of VPN Settings

Internet Gateway Configuration

To make the single-arm VPN work, we must make the VPN traffic pass through the internet gateway and be sent to the VPN tunnel. Here we take a Vigor300B for example.

1. Go to NAT >> Port Redirection and click Add to create a new rule:

  1. Enable profile and Select One-to-One for Port Redirection Mode
  2. Type "1723" for Pubilc Port and Private Port (This is the port used by PPTP VPN)
  3. Type Vigor Router WAN IP for the Private IP
a screenhot of Vigor300B

2. Go to Routing >> Static Route and click Add to create a new rule

  1. Enable profile
  2. Type LAN B for the Destination IP Address
  3. Type Vigor Router WAN IP as the Gateway
a screenshot of Vigor300B

Published On:2017-01-11 

Was this helpful?   

book icon

Related Articles