IKEv2 VPN between DrayTek Routers

Developed from IKEv1, IKEv2 is a new VPN protocol and has lots of improvements than the previous version. Compare to IKEv1, IKEv2 is more stable, it supports the latest cipher which makes the connection more secure, and takes a shorter time to establish, and by removing the point-to-point protocol, IKEv2 takes a shorter time to establish the connection.

This article demonstrates how to establish an IKEv2 VPN between two Vigor Routers.

VPN Server (Dial-In) Settings

1. Go to VPN and Remote Access >> IPsec General Setup,

  1. Input Pre-shared Key
  2. Confirm Pre-Shared Key
  3. Click OK
a screenshot of DrayOS IPsec General Setup

2. Go to VPN and Remote Access >> LAN to LAN and click an index available,

  1. Check Enable this profile
  2. Select Dial-In for Call Direction
    a screenshot of DrayOS LAN-to-LAN IKEv2 VPN Settings 
  3. Allow IPsec Tunnel in Dial-In Settings
    a screenshot of DrayOS LAN-to-LAN IKEv2 VPN Settings 
  4. For Remote Network IP and Mask, input the IP subnet used by the VPN Client.
  5. Click OK
    a screenshot of DrayOS LAN-to-LAN IKEv2 VPN Settings
VPN Client (Dial-Out) Settings

3. Similarly, create a profile at VPN and Remote Access >> LAN to LAN

  1. Give a Profile Name
  2. Check Enable this profile
  3. Select Dial-Out for Call Direction
  4. Select IPsec Tunnel and IKEv2 for Type of Server.
  5. Input VPN server's WAN IP or domain name at Server IP/Host Name for VPN
  6. Input Pre-Shard Key of VPN server
    a screenshot of DrayOS LAN-to-LAN IKEv2 Settings 
  7. For Remote Network IP and Mask, input the IP subnet used by the VPN Server
  8. Click OK
    a screenshot of DrayOS LAN-to-LAN VPN Settings

4. To initiate the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, and click Dial

a screenshot of DrayOS VPN Connection Management

5. When VPN established successfully, the connection status will be shown.

a screenshot of DrayOS showing IKEv2 VPN established succesfully
VPN Server Settings

1. Go to VPN and Remote Access >> IPsec General Setup, type a Preshared Key then click Apply.

a screenshot of Vigor3900 IPsec General Settings

2. Go to VPN and Remote Access >> VPN Profiles and click Add,

  1. Enter the IP subnet used by the VPN Server in Local IP/Subnet Mask
  2. Enter the IP subnet used by the VPN Client in Remote IP/Subnet Mask
  3. Select IKEv2 for IKE Protocol
  4. Click Apply
a screenshot of configuring Vigor3900 as an IKEv2 VPN server
VPN Client Settings

3. Go to VPN and Remote Access >> VPN Profiles and click Add,

  1. Type the IP subnet used by the VPN Client in Local IP/Subnet Mask
  2. Type WAN IP or Domain of the VPN Server in Remote Host
  3. Type the IP subnet used by the VPN Server in Remote IP/Subnet Mask
  4. Select IKEv2 for IKE Protocol
  5. Type the Preshared Key set in step 1
  6. Click Apply
a screenshot of configuring Vigor3900 as an IKEv2 VPN client

4. To dial the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, click Connect.

a screenshot of Vigor3900's Connection Management page 

5. When VPN established successfully, the VPN status will be shown.

a screenshot of Vigor3900 showing IKEv2 VPN established succesfully

Published On: 2017-06-13 

Was this helpful?