IPsec Tunnel Main Mode between DrayTek Routers (Client with Static IP)

VPN Server Setup

1. Create a VPN LAN to LAN profile for the peer VPN client router via VPN and Remote Access >> LAN to LAN, click on an available index to add a new profile.

2. Edit the profile as follows:

1. Check Enable this profile
2. Select Dial-In for Call Direction
3. Select the WAN interface that the VPN client will dial In from
4. Change Idle Timeout to 0 second
5. Allow IPsec Tunnel in Dial-In Settings
6. Check Specify Remote VPN Gateway and enter the IP address of the peer VPN Client.
7. Check IKE Pre-Shared Key and enter the Pre-shared Key

8. At TCP/IP Network Settings, input the IP subnet used by the VPN Client for Remote Network IP and Mask
9. Click OK to save the VPN profile.

VPN Client Setup

1. Similarly, create a profile at VPN and Remote Access >> LAN to LAN

1. Give a Profile Name
2. Check Enable this profile
3. Select Dial-Out for Call Direction
4. Select the WAN interface that the VPN client will dial out from
5. Check Always On

6. Select IPsec Tunnel in Dial-Out Settings
7. Input VPN server's WAN IP or domain name at Server IP/Host Name for VPN
8. Choose Main mode
9. Input IKE Pre-Shard Key as the same as what was configured on VPN Server
10. Set phase 1’s Encryption and Authentication you want to use
11. Set phase 2’s Security Protocol, Encryption, and Authentication you want to use
12. Set phase 1’s and phase 2’s Key Lifetime in IKE Advanced Settings(optional)

In TCP/IP Network Settings, enter VPN Server's LAN Network in Remote Network IP and Remote Network Mask. Click OK to save the profile

After finishing the above configurations, VPN Client shall dial up the IPsec tunnel automatically. We can check the VPN status via VPN and Remote Access >> Connection Management page.