DrayOS supports generating Let’s Encrypt certificate function since firmware version 3.9.0. As we know, the certificate which been signed up by Let's Encrypt is a valid certificate so using Let’s Encrypt certificate on Vigor Router can simplify the VPN configuration steps for different VPN clients, especially while IKEv2 with EAP authentication VPN connection is used. This article demonstrates how to set up Vigor Router an IKEv2 VPN server by using the Let’s Encrypt certificate, and how to establish a connection from Windows OS.
1. Select the correct Time Zone and ensure the router system time is correct.
2. Activate the DrayDDNS service on your Vigor Router referring to the article here.
3. Apply the Let's Encrypt certificate for your DrayDDNS domain name referring to the article here.
4. Go to VPN and Remote Access >> IPsec General Setup page, select DrayDDNS – the Domain which used for applying Let's Encrypt certificate as Certificate for Dial-in.
5. Go to VPN and Remote Access >> Remote Dial-in User page, click an available index. Edit the profile as follows:
Windows 10 requires to verify the whole certificate chain of the VPN server but Vigor Router has an issue in sending the intermediate certificate out with the current firmware version 3.9.0, so we need to download and install the intermediate certificate manually as the temporary solution. In the future firmware version, we may skip steps 1 to 5.
1. Download Let's Encrypt X3 certificate by either of the ways below:
a. Download the Let's Encrypt Authority X3 (IdenTrust cross-signed) via https://letsencrypt.org/certificates/
and save the file as .pem or .crt file on the computer.
b. Browse your Vigor Router by https and export the Let's Encrypt Authority X3 certificate by viewing the certificate details and copy to file.
2. Double click the downloaded certificate file and install the certificate.
3. Follow the Certificate Import Wizard to import the certificate. First, select Local Machine and click Next.
4. Select Intermediate Certification Authorities as the certificate store and click OK.
5. The import was successful.
6. Go to Network and Internet Settings >> VPN, and click Add a VPN connection
7. Go to Network and Sharing Centre >> Change adapter settings.Select the VPN profile we just created, click the mouse on the right side and choose Properties. In the Security tab, select Require Encryption if Server declines for Data Encryption and click OK to save the changes.
8. Double click the VPN profile and click Connect to establish the VPN connection.
9.Windows will pop-up the Authentication window and we need to enter the password two times for creating the VPN connection successfully.
10. Then we can see the VPN is connected successfully.
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.