How to use Central VPN Management (CVM)

Central VPN Management (CVM) is the feature to link multiple branch routers to a central router by VPN tunnels and allows Network Administrator on the Central Router to 1. Set up VPN connections within just one click, 2. Backup and restore configurations of Branch Routers, 3. Upgrade firmware for the Branch Routers.

To make CVM work, it requires configurations on both Central Router (VPN server) and the branch routers (VPN Clients). For DrayOS router, a central router can manage up to 8 branch routers.

Central Router Configuration

1. Go to Central VPN Management >> General Setup, in General Settings tab, 

  1. Enable CVM SSL Port, and enter a port number
  2. Select a WAN interface/ IP for the remote routers to connect
  3. Write down the URL of the ACS server. We will need this for the branch router configuration.
  4. (Note: URL with https and http is for CVM SSL Port and CVM Port respectively.)
  5. Define the Username and Password 
a screenshot of DrayOS CVM Setup

2. Go to IPsec tab, select the Local Subnet to establish LAN-to-LAN VPN connection. Click OK to save.

a screenshot of DrayOS CVM Setup

3. Go to System Maintenance >> Management, make sure the CVM Port is enabled.

a screenshot of DrayOS System Management page

Branch Router (CPE) Configuration

1. Go to System Maintenance >> TR-069

  1. Select ACS Server On Internet
  2. Enter the URL of the ACS server copied from the central router.
  3. Enter Username and Password as the same as in CVM settings of the central router
  4. Enable CPE Client
  5. Enable Periodic Inform Settings
  6. Click OK to save
a screenshot of DrayOS TR-069 Settings

2. Go to System Maintenance >> Management, enable Allow management from the Internet and make sure TR069 Server is enabled.

a screenshot of DrayOS System management page

After the above configuration, the branch router will register to the Central Router, and we should see the device appears in the Unmanaged Device List of the Central Router.

Editing the Managed Device List

Now the Central Router should see the branch router at Central VPN Management >> CPE Management >> Managed Devices List. To add the router to Managed Device List,

  1. select the device from Unmanaged Devices List,
  2. enter a Description Name and its Location,
  3. click Add to move it to Managed Devices List.
a screenshot of DrayOS CVM Managed Device List

After that, the router will appear in Managed Devices List with its name and IP address. To check the detailed information, double-click on it.

a screenshot of DrayOS CVM Managed Device List

If you have entered the exact address, you may check its location in Google Map tab.

a screenshot of DrayOS CVM Google Map

Establishing VPN connections

1. To establish VPN connection: Go to Central VPN Management >> VPN Management. The VPN Management page shows all the devices in the Managed Device List and their connection status.

a screenshot of CVM VPN Management

2. Click on a device to show the VPN type options, then click on one of the options to establish the VPN connection. In PPTP, IPsec and SSL, the system will give a username and password automatically; however, Administrator could change the encryption methods by choosing “Advanced.”

a screenshot of CVM VPN Management

3. Wait a few seconds and refresh the page, we will see the VPN connection is on, and the connection information is in the CPE VPN Connection List below.

a screenshot of CVM VPN Management

4. After that, both the branch router and central router will create a LAN-to-LAN profile in VPN and Remote Access >> LAN to LAN. Network Administrator could also change the VPN type there, and the settings will be applied to the LAN-to-LAN profile automatically.

a screenshot of DrayOS VPN Profile List

Branch Router (CPE) Maintenance

If Network Administrator wants the Brach router to back up its configuration once a day, it can be done from the central router with CVM.

1. Create a schedule for the configuration backup: Go to Application >> Schedule, click on an index number to add a schedule profile.

  1. Enable Schedule Setup
  2. Select the Start Date and Start Time for the configuration backup
  3. Set Duration Time to 5 minutes. (NOTE: Longer duration gives router more retrying time in case that the branch router loses connection with the central router.)
  4. Select How Often does the configuration backup should happen.
a screenshot of Schedule profile

2. Go to Central VPN Management >> CPE Management >> CPE Maintenance, make sure there is a USB disk connected to the router.

a screenshot of CVM CPE Maintenance

3. Add a CPE Maintenance profile: In the CPE Maintenance page, click on an index number to add a new profile.

  1. Enter the Profile Name.
  2. Check Enable
  3. For Device Name, select the MAC address of the branch router.
  4. Select Config Backup for Action Type
  5. Enter the Schedule profile index
  6. Click OK to save
a screenshot of CVM CPE Maintanance Profile

4. After the configuration backup, go to USB Application >> File Explorer to check if the configuration files have been saved successfully.

To make CVM work, it requires configurations on both Central Router (VPN server) and the branch routers (VPN Clients). As a Central Router, Vigor2960 can manage up to 12 routers; and Vigor3900 can manage up to 16 routers.

1. Go to Central VPN Management >> General Setup >> General Setup,

  1. Check Enable
  2. Select the WAN interface for remote to connect
  3. Type port number between 0~65535. Here we take 9000 for example.
  4. Type Username and Password. We will need the same username and password on branch router settings
  5. Click Apply.
a screenshot of Vigor3900 CVM General Setup

2. Go to Central VPN Management >> General Setup >> VPN General Setup,

  1. Choose wan1 for WAN Profile.
  2. Type Local IP and Subnet for the remote routers to connect.
  3. Click Apply.
a screenshot of Vigor3900 CVM VPN General Setup

3. Go to System Maintenance >> Access Control to enable "Web Allow," "Telnet Allow," "SSH Allow," and "HTTPS Allow." Click Apply.

a screenshot of Vigor3900 Access Control Setup

4. Configuring the branch router to register to the central router  (Please refer to the DrayOS part of this article)

Managing the Branch Router (CPE)

5. Go to Central VPN Mangement >> CPE Management. Seeing the branch router appears means all settings above are correct. Select the router and click Edit.

a screenshot of Vigor3900 CVM CPE Maintenance

6. We may enter the detailed information about the branch router in the dialogue box appeared, such as its name and location.

a screenshot of Vigor3900 CVM CPE Maintenance

7. To establish VPN network, go to Central VPN Management >> CPE Management >> VPN Management.

  1. Select one branch router.
  2. Click on a VPN type, here we use PPTP
  3. Click OK when being asked about to establish the VPN tunnel.   
a screenshot of Vigor3900 CVM VPN Management

8. Wait for a few seconds, and we will see VPN connection established.

a screenshot of Vigor3900 CVM VPN Management

Branch Router (CPE) Maintenance

With CVM, we can also perform router maintenance from the central router, such as backup and restore configurations. To do branch router Maintenance, go to Central VPN Management >> CPE Management >> CPE Maintenance, click on the branch router and click Add.

a screenshot of Vigor3900 CVM CPE Maintenance

2. Type Profile name, select the branch router, choose the Action (here we select Configuration Backup), set the action time in Schedule (here we use Now), and type the Filename.

a screenshot of Vigor3900 CVM CPE Maintenance

3. Wait for a few seconds and refresh the page. The Status [Finish] indicates the configuration has been successfully saved to the router. It will take about 800 Mbytes of storage space on the central router.

a screenshot of Vigor3900 CVM CPE Maintenance

4. We can also download the configuration to our computers via File Explorer. Choose the filename and click Download.

a screenshot of Vigor3900 File Explorer

Published On: Dec 23, 2015 

Was this helpful?     


Related Articles