SSL VPN between DrayOS Router and Vigor3900

This article demonstrates LAN to LAN SSL VPN between a DrayOS Router (Vigor router) and a Vigor3900/2960 by the following topology. DrayOS Router and Vigor3900/2960 can both be the VPN server and client. Therefore, we separate this article into two parts, to demonstrate how to establish the SSL VPN connection between Vigor Router and Vigor3900/2960, when using one of them as VPN server respectively.

(For SSL VPN tunnel between twoVigor Routers or two Vigor3900s, please refer to the article here.)

The video was presented by DrayTek Aust & NZ.

Before constructing the VPN configuration, please make sure SSL VPN service is enabled on VPN and Remote Access >> Remote Access Control page on the router takes up the role as the VPN server.

Note: If you are using Vigor3900/2960 as SSL VPN server, it is necessary to allow HTTPS access on System Maintenance >> Access Control page, due to SSL VPN and HTTPS are both using port 443 as the default port.

Alternatively, you can change either HTTPS or SSL VPN port, then will be able to disable the HTTPS access without affecting the SSL VPN connection.

SSL VPN port is configurable on SSL VPN >> General Setup page of Vigor router.

Part A: Take Vigor Router as VPN server

Vigor Router Setting (Dial-in):

1. Go to VPN and Remote Access Control >> LAN to LAN and click an available index.

2. Dial-In Settings.

  1. Enter Profile Name.
  2. Enable this profile.
  3. Select Dial-in as Call Direction.
  4. Allow SSL dial-in.
  5. Enter Username and Password.
  6. Enter Vigor3900's LAN in Remote Network IP/Mask.
  7. Click OK.

Vigor3900 Setting (Dial-out):

1. Go to VPN and Remote Access >> VPN Profiles, and click Add in SSL Dial-out tab.

  1. Enter Profile Name.
  2. Enable this profile.
  3. Select the WAN interface to dial out.
  4. Enter Vigor router's WAN IP or domain name and SSL VPN port in Server IP/Host Name.
  5. Enter SSL Username and Password.
  6. Enter Vigor3900's LAN in Local IP/Subnet Mask.
  7. Enter Vigor Router's LAN in Remote IP/Subnet Mask.
  8. Click Apply.

Now we can go to VPN and Remote Access >> Connection Management to dial the VPN.

After VPN is connected successfully, we can see the status below.

 

Part B: Take Vigor3900 as VPN server.

Vigor3900 Setting (Dial-in):

1. Go to User Management >> User Profiles, and click Add.

2. Dial-In Settings.

  1. Enter Username and Password.
  2. Enable this profile.
  3. Enable SSL Dial-in in PPTP/L2TP/SSL Server section.
  4. Click Apply.

3. Go to VPN and Remote Access >> VPN Profiles, and click Add in SSL Dial-in tab.

  1. Give a Profile name and Enable the profile.
  2. Select the user profile in SSL User Name options for SSL VPN connection.
  3. Enter Vigor3900's LAN in Local IP/Subnet Mask.
  4. Enter Vigor Router's LAN in Remote IP/Subnet Mask.
  5. Click Apply.

Vigor Router Setting (Dial-out):

1. Go to VPN and Remote Access Control >> LAN to LAN and click an available index.

2. Dial-out Settings.

  1. Enter Profile Name.
  2. Enable this profile.
  3. Select Dial-out as Call Direction.
  4. Select SSL Tunnel as dial-out type.
  5. Enter Vigor3900's WAN IP or domain name in Server IP/Host Name.
  6. Enter Username and Password.
  7. Enter Vigor3900's LAN in Remote Network IP/Mask.
  8. Click OK.
  9. Enter Vigor3900's LAN in Remote Network IP/Mask.
  10. Click OK.

Now we can go to VPN and Remote Access >> Connection Management to dial the VPN.

After VPN is connected successfully, we can see the status below.

 

Published On: Jul 08, 2019 

Was this helpful?     


Related Articles