< Knowledge Base

Set Up IKEv2 VPN between DrayTek Routers

Published On: Jun 13, 2017 

Developed from IKEv1, IKEv2 is a new VPN protocol and has lots of improvements than the previous version. Compare to IKEv1, IKEv2 is more stable, it supports the latest cipher which makes the connection more secure, and takes a shorter time to establish, and by removing the point-to-point protocol, IKEv2 takes a shorter time to establish the connection.

This article demonstrates how to establish an IKEv2 VPN between two Vigor Routers.

VPN Server Settings

1. Go to VPN and Remote Access >> IPsec General Setup,

  1. Input Pre-shared Key
  2. Confirm Pre-Shared Key
  3. Click OK
Setting up Pre-shared key on IPsec General Setup

2. Go to VPN and Remote Access >> LAN to LAN and click an index available,

  1. Check Enable this profile
  2. Select Dial-In for Call Direction
    VPN Common settings on VPN Server 
  3. Allow IPsec Tunnel in Dial-In Settings
    IKEv2 VPN Dial-In Settings on VPN Server 
  4. For Remote Network IP and Mask, input the IP subnet used by the VPN Client.
  5. Click OK
    TCP IP Network Settings on VPN Server
VPN Client Settings

3. Similarly, create a profile at VPN and Remote Access >> LAN to LAN

  1. Give a Profile Name
  2. Check Enable this profile
  3. Select Dial-Out for Call Direction
  4. Select IPsec Tunnel with IKEv2 in Dial-Out Settings
  5. Input VPN server's WAN IP or domain name at Server IP/Host Name for VPN
  6. Input Pre-Shard Key of VPN server
    IKEv2 Dial-Out Settings on VPN Client 
  7. For Remote Network IP and Mask, input the IP subnet used by the VPN Server.
  8. Click OK
    TCP IP Network Settings on VPN Client

4. To initiate the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, and click Dial  

Initiating IKEv2 VPN from Connection Management Page

5. When VPN established successfully, the connection status will be shown.

IKEv2 VPN established succesfully
VPN Server Settings

1. Go to VPN and Remote Access >> IPsec General Setup, type a Preshared Key then click Apply.

Typing pre-shared key on IPsec General Setup page

2. Go to VPN and Remote Access >> VPN Profiles and click Add,

  1. Enter the IP subnet used by the VPN Server in Local IP/Subnet Mask
  2. Enter the IP subnet used by the VPN Client in Remote IP/Subnet Mask
  3. Select IKEv2 for IKE Protocol
  4. Click Apply
Setting up Vigor3900 as a IKEv2 VPN server
VPN Client Settings

3. Go to VPN and Remote Access >> VPN Profiles and click Add,

  1. Type the IP subnet used by the VPN Client in Local IP/Subnet Mask
  2. Type WAN IP or Domain of the VPN Server in Remote Host
  3. Type the IP subnet used by the VPN Server in Remote IP/Subnet Mask
  4. Select IKEv2 for IKE Protocol
  5. Type the Preshared Key set in step 1
  6. Click Apply
settings up Vigor3900 as IKEv2 VPN client

4. To dial the VPN, go to VPN and Remote Access >> Connection Management, select the VPN profile, click Connect.

Initiating IKEv2 VPN from Connection Management Page 

5. When VPN established successfully, the VPN status will be shown.

IKEv2 VPN established succesfully

Was this helpful?     


Related Articles