IKEv2 VPN with EAP Authentication from Windows to Vigor3900/2960 by using the self-signed certificate

Vigor3900 and Vigor2960 support IKEv2 with EAP authentication since firmware version 1.4.0. It can make IKEv2 VPN even more secure by additional username and password authentication and certificate verification. This article demonstrates how to create a self-signed certificate for server authentication, set up Vigor Router an IKEv2 VPN server, and how to establish a connection from Windows by Smart VPN Client v5.2.0.

Router Setup

1. Go to Certificate Management >> Trusted CA, click Build RootCA

a screenshot of creating root ca

2. Click Download to export the Root CA, which will need to be installed to the VPN client.

a screenshot of downloading rootCA

3. Go to Certificate Management >> Local Certificate, click Generate:

a screenshot of creating local cert.

4. Go to User Management >> User Profile to add a user profile:

a screenshot of user profile for IKEv2 VPN

5. Go to VPN and Remote Access >> VPN Profiles >> IPsec to add a profile:

a screenshot of ipsec profile

Connecting from Windows

1. Open RootCA and install it.

a screenshot of windows cert installation

2. Place it in Trust Root Certificate Authorities

a screenshot of certificate path

3. Confirm the certificate is installed successfully

a screenshot of certificate done

4. Run Smart VPN client and Add a profile:

a screenshot of smart vpn client

5. Switch on Connect and then we can check VPN status when it's connected

a screenshot of vpn up

Published On:2019-10-08 

Was this helpful?