IKEv2 VPN with EAP Authentication from macOS to Vigor Router using Let's Encrypt

DrayOS supports generating Let’s Encrypt certificate function since firmware version 3.9.0. As we know, the certificate which been signed up by Let's Encrypt is a valid certificate so using Let’s Encrypt certificate on Vigor Router can simplify the VPN configuration steps for different VPN clients, especially while IKEv2 with EAP authentication VPN connection is used. This article demonstrates how to set up Vigor Router an IKEv2 VPN server by using the Let’s Encrypt certificate, and how to establish a connection from macOS.

Set Up Vigor Router

1. Select the correct Time Zone and ensure the router system time is correct.

2. Activate the DrayDDNS service on your Vigor Router referring to the article here.

3. Apply the Let's Encrypt certificate for your DrayDDNS domain name referring to the article here.

4. Go to VPN and Remote Access >> IPsec General Setup page, select DrayDDNS – the Domain which used for applying Let's Encrypt certificate as Certificate for Dial-in.

　

5. Go to VPN and Remote Access >> Remote Dial-in User page, click an available index. Edit the profile as follows:

• Enable the account and enable IKEv2 EAP.
• Give Username and Password,
• Select Digital Signature(X.509).
• then click OK.

Connecting from macOS

1. Go to Network setting and click ' + ' to create a new service:

• Select VPN for Interface.
• Select IKEv2 for VPN Type.

2. Enter the DrayDDNS domain of the router as Server Address and Remote ID.

3. Click Authentication Settings...

• Select Username for the Authentication Settings
• Enter Username and Password.

4. Click Connect, and check VPN status after the connection established successfully.