L2TP over IPsec VPN from macOS to Vigor Router

This article demonstrates how to set up Vigor Router as a VPN server for L2TP over IPsec VPN and how to start the VPN from macOS.

Setup on Vigor Router

1. Make sure the router is connected to the Internet. Keep in mind the router's WAN IP or domain name.

2. Go to VPN and Remote Access >> Remote Access Control Setup to make sure "Enable IPsec VPN Service" and "Enable L2TP VPN Service" are checked.

a screenshot of DrayOS Remote Access Control Setup 

3. Go to VPN and Remote Access >> IPsec General Setup, enter and confirm the Pre-Shared Key, then click OK. 

a screenshot of DrayOS

4. Go to VPN and Remote Access >> Remote Dial-in User, click on an index available to create a new account:

  • Enable this account,
  • enable "L2TP with IPSec" for Allowed Dial-in Type and select "Must" for IPsec Policy,
  • enter User Name and Password,
  • click OK to save.
a screenshot of DrayOS

5. If the VPN user is online, you will see VPN connection status at VPN and Remote Access >> Connection Management.

a screenshot of DrayOS VPN Status

1. Go to User Management >> User Profile, add a profile as follows:

  • enter Username,
  • check Enable,
  • enter Password,
  • select "Enable" for L2TP Dial-in,
  • click Apply.
  a screenshot of Vigor3900

2. Go to VPN and Remote Access >> Remote Access Control,

  • make sure Enable L2TP VPN Service is checked,
  • select "L2TP over IPsec" for IPsec Remote Dial-In Service, 
  • click Apply
a screenshot of Vigor3900

3. Go to VPN and Remote Access >> IPsec General Setup, enter a Preshared Key then click Apply.

a screenshot of Vigor3900

4. If the VPN user is online, you will see VPN connection status at VPN and Remote Access >> Connection Management.

a screenshot of Vigor3900
Connecting VPN from macOS

1. Go to System Preferences >> Network.

a screenshot of macOS

2. Click + to add a new network and edit the profile as follows:

  • Select VPN for Interface
  • Select "L2TP over IPSec" for VPN Type
  • Enter a Service Name
  • Click Create.
a screenshot of macOS

3. Enter Server Address as the WAN IP of the router and Account Name as the username in the router's user profile. Then, click Authentication Settings.

a screenshot of macOS

4. Select "Password" for User Authentication and enter the password in the user profile. For Machine Authentication, select "Shared Secret" and enter the pre-shared key set in the router's IPsec General Setup.

a screenshot of macOS

5. Click Apply, then Connect. And wait for the connection to establish.

a screenshot of macOS

6. When seeing this status, you are connecting to the VPN server successfully.

a screenshot of macOS

We can use Terminal to verify the connection by ping the local IP on the remote network.

a screenshot of macOS terminal

Published On: Jun 29, 2016

Was this helpful?     


Related Articles