VPN - Draytek Vigor 2900

From Gruff Goat Wiki
Jump to: navigation, search

Creation of VPN between Silver Spring and Pierce using the Draytek Vigor 2900.

Overall the documentation provided by Draytek is sufficient to perform complete setup of the VPN. We did have some problems setting up the LAN-to-LAN VPN.

Unable to Establish VPN Connection

Our ISP SBC provided DSL modems that were setup to act as a router. While this eased setup of the network, it also prevented VPN connections. We therefore changed the settings on the DSL modems so that they would act as a bridge. More info

Unable to Connect using IPSec

The issue was not being clear on usage of Peer ID. Peer ID is just another preshared key. It must be set on both the incoming and outgoing servers.

VPN Setup Demonstrated

From the main menu of the router select 'VPN and Remote Access Setup' >> 'LAN-to-LAN Profile Setup'. Then select your profile to use or create a new one.

Dial-Out Settings

Vigor out.gif

Then, under the IPSec Security Method section

  1. Click IKE Pre-Shared Key
    • Enter a key (make it long and random). This key will also need to be entered into the dial-in profile.
  2. Click Advance.
    • Enter an appropriate Peer ID. The Peer ID will also need to be entered into the dial-in profile. The Peer ID may be any string you deem appropriat but it is typical to use an email address or domain name.

IKE advanced.gif

Click OK to complete your setup

Dial-In Settings

Under the IPSec Security Method section

  1. Click IKE Pre-Shared Key
    • Enter the same key as you entered in the dial-out server.
  2. For IPSec, 'Specify Remote VPN Gateway' must be checked.
    • If you have a static IP address on your dial out server, enter it in the 'Peer VPN Server IP' box.
    • Alternatively, you may enter the same Peer ID you created earlier in the 'Peer ID' box.


Vigor in.gif

Click OK to complete your setup.

Connect Your VPN

If you have selected an always on connection, the Vigor should have already attempted to establish a connection. Your connection status and the dial out selection box may be found on the dial-out server at 'Home' >> 'VPN Connection Management'.

Assign Static IP address to client station through DOS

  1. Telnet to router (require Admin password)
    • telnet <Rounter IP address>
  2. Assign IP address to client station based on MAC address
    • srv dhcp fixip add <IP address> <MAC address> <Host ID or Computer name>
  3. Delete exiting assigned IP address
    • srv dhcp fixip del <IP address>

References: