Knowledge Base  >   VPN  > 

IKEv2 VPN from iOS to Vigor Router

This article demonstrates how to set up the Vigor router as a VPN gateway for Remote Dial-in IKEv2 PSK VPN connections, especially from iOS. We will show the necessary configuration of the router and the IKEv2 VPN setup on iOS as well.

Connecting VPN from iOS

1. Go to Settings >> General >> VPN and tap Add VPN Configuration

a screenshot of iOS VPN Configuration

2. Edit the configuration as follows:

a screenshot iOS IKEv2 settings

3. Switch on Status to start the IKEv2 VPN connection to Vigor Router.

a screenshot of iOS VPN Configuration

1. Go to VPN and Remote Access >> IPsec General Setup, input a Pre-Shared Key, then click OK.

a screenshot of DrayOS IPsec General Setup

2. Go to VPN and Remote Access >> Remote Dial-in User, click an available index number to edit the profile.

  • Check Enable this account
  • Check IPsec Tunnel at Allowed Dial-In Type
  • Click OK to save
a screenshot of DrayOS Remote Dial-in user profile

Now the settings are complete. If the VPN user is online, you will see VPN connection status at VPN and Remote Access >> Connection Management.

a screenshot of DrayOS VPN connection management
Vigor Router Setup

1. Make sure the router is connected to the Internet and has a public WAN IP address so that VPN clients on the Internet can reach it.

2. Activate the IPsec VPN service.

Go to VPN > General Setup,

  • Switch on the Enabled tab.
  • Click Apply to Save the profile.

    • 3. Create a Teleworker VPN User Profile.

    Go to VPN > Teleworker VPN, click Add. Enter the Username, toggle Teleworker VPN and enter Password.

    In General Tab,

  • Status: Set to Active to enable the profile.
  • Group Policy: Select None if no specific group policy applies.
  • Expiration Time: Set the expiration time for the Telework VPN profile. Options include Never, after XX hours, or at a specified date and time.

    • In the Teleworker VPN tab,

  • Enter 0 (Seconds) for the Idle Timeout
  • Select the VPN Schedule
  • Under Allowed VPN Protocols, toggle IPsec, then select IKEv1/v2.
  • Under Security, enable Specify VPN Peer, then click IPsec Advanced Settings. Enter the Peer ID followed by the Pre-Shared Key.

    • The Peer ID setting allows different IKEv2 remote dial-in users to authenticate using different Pre-Shared Keys.

  • In Local IP Assignment, choose a LAN subnet for Assign IP from the LAN DHCP or configure a static IP for Static IP.
  • Click Apply to save the settings.
    • iOS VPN Setup

    1. Navigate to Settings >> VPN. Click Add VPN Configuration to create a VPN IKEv2 profile.

  • Enter a Description for the profile.
  • Select IKEv2 EAP as the Type.
  • Enter the VPN server’s Domain Name.
  • Enter the same VPN server’s Domain Name in the Remote ID field.
  • Enter the Local ID (this must match the Peer ID configured on the router’s VPN profile).
  • For User Authentication, select None.
  • Disable Use Certificate.
  • In Secret, enter the Pre-Shared Key configured in the router’s VPN profile.
  • Save the profile.

    • 2. Toggle VPN Status. The IKEv2 PSK connection will connect successfully.

    1. Go to VPN and Remote Access >> IPsec General Setup. Type Pre-Shared Key then click Apply to save.

    a screenshot of Vigor3900 IPsec General Setup

    2. Add an IPsec VPN profile at VPN and Remote Access >> VPN Profiles:

    • Enter Profile name
    • Check Enable
    • Select "Enable" for For Remote Dial-in User
    • Specify the LAN network for VPN client at Local IP/Subnet Mask
    • Select "IKEv2" for IKE Protocol
    • Click Apply
    a screenshot of Vigor3900 IPsec VPN profiles

    Now the settings is complete. If the VPN user is online, you will see VPN connection status at VPN and Remote Access >> Connection Management.

    a screenshot of Vigor3900 VPN Connection Management

    Published On:2025-10-02 

    Share

    Was this helpful?   

    book icon

    Knowledge Base