How to configure Single-Arm VPN on Vigor Router?
Single-Arm VPN allows the connection of router's WAN interface to a network for the VPN capabilities. Traffic arrives on the WAN interface, and gets encrypted according to the VPN security method and sent out through the same interface. It will be helpful for the users whose internet gateway doesn't support VPN. Since 22.214.171.124 version firmware, Vigor Router supports single-armed VPN with PPTP (TCP 1723), IPsec (UDP 500 and 4500) and SSL (TCP 443 by default or user-defined), the internet gateway must open corresponding ports to Vigor Router, and create static route for the VPN. This article demonstrates how to configure single-armed VPN with following topology.
On LAN A Router (Dial-In)
1. Go to VPN and Remote Access >> LAN to LAN and click an available index
a. Enable profile and choose Dial-In as Call Direction
b. Enable PPTP and give an Username and Password in Dial-In Settings
c. Type LAN B as Remote Network in TCP/IP Network Settings
d. Type LAN A (WAN network) as Local Network
e. In order to avoid LAN network conflict with WAN network, please change LAN network of Vigor Router.
2. Go to Load-Balance/Route Policy and click an available index
a. Enter LAN A in source IP
b. Enter LAN B in destination IP
c. Select the VPN profile as the Interface
On LAN B Router (Dial-Out)
Go to VPN and Remote Access >> LAN to LAN and click an available index
a. Enable profile and choose Dial-Out as Call Direction
b. Select PPTP for VPN protocol
c. Type WAN IP or domain name of the internet gateway.
d. Type Username and Password
e. Type LAN A as Remote Network in TCP/IP Network Settings
On Internet Gateway
In order to let the single-arm VPN work, we must let the VPN connection pass through the internet gateway and set a static route to forwarding the packet to VPN tunnel. Here we take Vigor300B as the internet gateway and PPTP connection for example.
1. Go to NAT >> Port Redirection and click Add
a. Enable profile and Select One-to-One as Port Redirection Mode
b. Type 1723 as Pubilc and Private Port
c. Type Vigor Router WAN IP as the private IP
2. Go to Routing >> Static Route and click Add
a. Enable profile
b. Type LAN B as the Destination IP Address
c. Type Vigor Router WAN IP as the Gateway