< Knowledge Base

IKEv2 VPN with EAP Authentication from Windows to Vigor Router by using Let's Encrypt

Published On: Mar 26, 2019 

DrayOS supports generating Let’s Encrypt certificate function since firmware version 3.9.0. As we know, the certificate which been signed up by Let's Encrypt is a valid certificate so using Let’s Encrypt certificate on Vigor Router can simplify the VPN configuration steps for different VPN clients, especially while IKEv2 with EAP authentication VPN connection is used. This article demonstrates how to set up Vigor Router an IKEv2 VPN server by using the Let’s Encrypt certificate, and how to establish a connection from Windows OS.

Set Up Vigor Router

1. Select the correct Time Zone and ensure the router system time is correct.

a screenshot of DrayOS

2. Activate the DrayDDNS service on your Vigor Router referring to the article here.

3. Apply the Let's Encrypt certificate for your DrayDDNS domain name referring to the article here.

4. Go to VPN and Remote Access >> IPsec General Setup page, select DrayDDNS – the Domain which used for applying Let's Encrypt certificate as Certificate for Dial-in.


5. Go to VPN and Remote Access >> Remote Dial-in User page, click an available index. Edit the profile as follows:

a screenshot of DrayOS

Connecting from Windows 10

Windows 10 requires to verify the whole certificate chain of the VPN server but Vigor Router has an issue in sending the intermediate certificate out with the current firmware version 3.9.0, so we need to download and install the intermediate certificate manually as the temporary solution. In the future firmware version, we may skip steps 1 to 5.

1. Download Let's Encrypt X3 certificate by either of the ways below:

a. Download the Let's Encrypt Authority X3 (IdenTrust cross-signed) via https://letsencrypt.org/certificates/

and save the file as .pem or .crt file on the computer.

b. Browse your Vigor Router by https and export the Let's Encrypt Authority X3 certificate by viewing the certificate details and copy to file.

a screenshot of Windows

2. Double click the downloaded certificate file and install the certificate.

a screenshot of certificacte

3. Follow the Certificate Import Wizard to import the certificate. First, select Local Machine and click Next.

a screenshot of certificate import wizard

4. Select Intermediate Certification Authorities as the certificate store and click OK.

a screenshot of certificate import wizard

5. The import was successful.

a screenshot of certificate import wizard

6. Go to Network and Internet Settings >> VPN, and click Add a VPN connection

Was this helpful?     

Related Articles