- Home »
- FAQ »
- VPN »
- Host to LAN »
- [Vigor3900] How to establish IPsec tunnel with Xauth PSK from iPhone/iPad/Android phone?
[Vigor3900] How to establish IPsec tunnel with Xauth PSK from iPhone/iPad/Android phone?
IPSec tunnel is a common and easy to deploy VPN protocol, however, some people may consider the tunnel can be built up with pre-shared key only is not secure enough. In order to enhance the IPSec tunnel, we can use Xauth to achieve the purpose, it will require the VPN client with not only pre-shared, but also username and password for authentication. This article demonstrates how to create IPsec tunnel with Xauth between Vigor3900 and iOS/macOS/Android.
1. Go to User Management >> User Profile and click Add,
- Enter Username, Password and enable the profile
- Enable Xauth in IPsec User Setting
2. Go to VPN and Remote Access >> IPsec General Setup,
- Enter IPsec User Preshared Key
- Click Apply
3. Go to VPN and Remote Access >> VPN Profile and click Add,
- Give a Profile name and enable it
- Enable For Remote Dial-In User
- Enter LAN of 3900 in Local IP/Subnet
Go to Settings >> General >> VPN and tab Add VPN Configuration...
- Select IPsec as Type
- Enter VPN server domain or IP at Server
- Enter Account and Password
- Enter preshared key in Secret
e. Select the profile and switch it on
Go to System Preferences >> Network and click '+',
- Select VPN as Interface
- Select Cisco IPsec as VPN type
- Give Service Name and click Create
d. Enter VPN server domain or IP in Server Address
e. Enter Account Name and Password, then click Authentication Settings...
f. Enter Preshared Key in Shared Secret and click OK
g. Click Connect to start VPN connection
Go to Settings >> More >> VPN and tab Add VPN profile
- Select IPSec Xauth PSK as TYPE
- Enter VPN server domain or IP in SERVER ADDRESS
- Enter Preshared Key at IPSEC PRE-SHARED KEY and tab SAVE
d. Tab the profile
e. Enter username and password
f. Tab Connect
The VPN status can be seen by tabbing Connected VPN profile.
Router shows VPN status on VPN and Remote Access >> Connection Management page.
Vigor3900 supports HMAC_SHA_256_128.
We recommend changing Proposal of the VPN profile to Android 6/7 users as follows.