IPsec XAuth from Windows to Vigor Router

IPsec tunnel with Xauth requires not only pre-shared key but also username and password for authentication when VPN client creates the tunnel, it can enhance the security of IPsec tunnel. This article demonstrates how to create an IPsec tunnel with Xauth between Vigor Router and Windows.

Vigor Router Setup

1. Go to VPN and Remote Access >> IPsec General Setup:

a. Enter Pre-Shared Key for Xauth User.

b. Click OK to save.

a screenshot of DrayOS IPsec General Setup

2. Go to VPN and Remote Access >>Remote Dial-in User.

a. Enable User account and Authentication.

b. Allow IPsec Xauth dial-in type.

c. Enter Username and password.

d. Click OK to save.

a screenshot of DrayOS remote dial-in user profile

Windows Client Setup

1. Download VPN client software for windows which supports IPsec Xauth. Here we use Shrew Soft VPN Client as example.

2. Open VPN Access Manager.

a. Click Add.

a screenshot of VPN Access Manager

b. In general setup, enter VPN Hostname or Server IP.

a screenshot of VPN Access Manager

c. In Authentication setup, select “Mutual PSK+XAuth”.

d. Set identification to “IP Address” and “any” for local identity and remote identity, respectively.

e. Enter Pre-Shared Key for XAuth User.

a screenshot of VPN Access Manager

 f. In Phase1 setup, set Cipher Algorithm to “aes”.

g. In Phase2 setup, set Transform Algorithm to “esp-aes”.

a screenshot of VPN Access Manager

h. Click Save.

 i. Click the saved VPN Client and enter the username and password of the dial-in user to create the IPsec VPN tunnel.

a screenshot of VPN Access Manager

Finally, VPN Connect will show the message as follows.

a screenshot of VPN Connect

And Vigor Router shows VPN status on VPN and Remote Access >> Connection Management page.

a screenshot of DrayOS VPN connection status

Published On:2019-06-25 

Was this helpful?