DrayOS support IKEv2 with EAP authentication since firmware version 3.9.0, Vigor3900 and Vigor2960 support it since firmware version 1.4.0. It can make IKEv2 VPN even more secure by additional username and password authentication and certificate verification. This article demonstrates how to create a self-signed certificate for server authentication, set up Vigor Router an IKEv2 VPN server, and how to establish a connection from macOS.
1. Go to Certificate Management >> Trust CA Certificate, and click Create.
2. Enter certificate information, select "2048 Bit" for Key Size. Then click Generate.
3. Click Export to download the RootCA
4. Go to Certificate Management >> Local Certificate, and click Generate.
5. Click Sign for the certificate created.
6. Specify the valid date then click Sign
7. Go to VPN and Remote Access >> IPsec General Setup select the local certificate created in the previous steps for Certificate for Dial-in
8. Go to VPN and Remote Access >> Remote Dial-in User, click an available index number and edit the profile as follows.
1. Go to Certificate Management >> Trusted CA, click Build RootCA
2. Click Download to export the Root CA, which will need to be installed to the VPN client.
3. Go to Certificate Management >> Local Certificate, click Generate:
4. Go to User Management >> User Profile to add a user profile:
5. Go to VPN and Remote Access >> VPN Profiles >> IPsec to add a profile:
1. Open Keychain Access, install the RootCA downloaded from the router by dragging it into the window.
2. Select "Always Trust" for Extensible Authentication (EAP) and IP Security (IPsec)
3. Go to Network settings and click ' + ' to create a new network:
4. Enter the domain of the router for Server Address and Remote ID. Then, click Authentication Settings...
5. Select Username and enter the Username and Password. Then, click OK.
6. Click Connect to start the VPN connection to the router.
Published On: May 16, 2018
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.