DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Nord VPN Setup Guide
- bloveday
- Topic Author
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
29 Feb 2020 16:17 #95661
by bloveday
Nord VPN Setup Guide was created by bloveday
Has anyone been successful with this?
Model: Vigor 2862
Firmware version: 3.9.2_STD
I cannot get it to connect the VPN. The router works fine and able route/resolve okay.
https://nordvpn.com/tutorials/draytek/ikev2/
Since firmware version 3.9.0, Vigor Router also supports dialing out an IKEv2 EAP VPN tunnel to NordVPN server. This article introduces how to create IKEv2 EAP VPN tunnel from Vigor Router to NordVPN server in this document.
Note: Vigor2860/2925 support the feature since v3.8.9.4
3. Get the NordVPN server domain fromhttps://nordvpn.com/servers/
You may get a recommended server by selecting the country you located. In the following picture, de241.nordvpn.com is the hostname of the VPN server.
a screenshot of NordVPN Server settings
4. Log into the router's management page. Go to Certificate Management >> Trusted CA Certificate page, and click IMPORT. Click Choose File to select the root.der file we downloaded in step 2. Then, click Import.
a screenshot of DrayOS Trusted CA settings
6. Go to VPN and Remote Access >> IPsec Peer Identity, edit a profile to for NordVPN server.
Check Enable this account
Select Accept Any Peer ID
a scressnshot of DrayOS IPsec Peer Identity Settings
7. Go to VPN and Remote Access >> LAN to LAN, click on an available index number, and edit the profile as follows. In Common Settings,
Give it a profile name
Check Enable this profile
Set Call Direction to "Dial-Out"
At Dial-Out Through, select the WAN interface for VPN connection
a screenshot of DrayOS VPN Client Settings
8. In Dial-Out Settings,
Select IKEv2 EAP for the VPN server type
Enter the domain of VPN server we get in step 3 at Server IP address/Hostname
Enter Username (It is the mail address you used for applying the NordVPN account)
Enter Password (It is the one you configured while activating the NordVPN trial service)
Choose "Digital Signature" for IKE Authentication Method, and select the IPsec Peer Identity Profile created in step 6 for Peer ID
Select "AES with Authentication" for IPsec Security Method
Click Advanced
a screenshot of DrayOS VPN Client settings
9. Click Advanced button, In the IKE advanced settings pop-up windows, confgure:
IKE phase 1 proposal as "AES256_SHA1_G14"
IKE phase 2 proposal as "AES256_SHA1"
IKE phase 1 key lifetime as "3600"
IKE phase 2 key lifetime as "1200"
a screenshot of DrayOS IKE advanced settings
10. Click OK to close the window. At TCP/IP Network Settings:
Enter Remote Network IP as "0.0.0.0"
Select Remote Network Mask to "0.0.0.0/00"
Change Routing to NAT for this VPN connection
(optional) Enable Change Default Route to this VPN tunnel option if you want all traffic to NordVPN.
a screenshot of DrayOS VPN Settings
11. After finishing above settings, we can check the VPN status via VPN and Remote Access >> Connection Management page.
Model: Vigor 2862
Firmware version: 3.9.2_STD
I cannot get it to connect the VPN. The router works fine and able route/resolve okay.
Since firmware version 3.9.0, Vigor Router also supports dialing out an IKEv2 EAP VPN tunnel to NordVPN server. This article introduces how to create IKEv2 EAP VPN tunnel from Vigor Router to NordVPN server in this document.
Note: Vigor2860/2925 support the feature since v3.8.9.4
3. Get the NordVPN server domain from
You may get a recommended server by selecting the country you located. In the following picture, de241.nordvpn.com is the hostname of the VPN server.
a screenshot of NordVPN Server settings
4. Log into the router's management page. Go to Certificate Management >> Trusted CA Certificate page, and click IMPORT. Click Choose File to select the root.der file we downloaded in step 2. Then, click Import.
a screenshot of DrayOS Trusted CA settings
6. Go to VPN and Remote Access >> IPsec Peer Identity, edit a profile to for NordVPN server.
Check Enable this account
Select Accept Any Peer ID
a scressnshot of DrayOS IPsec Peer Identity Settings
7. Go to VPN and Remote Access >> LAN to LAN, click on an available index number, and edit the profile as follows. In Common Settings,
Give it a profile name
Check Enable this profile
Set Call Direction to "Dial-Out"
At Dial-Out Through, select the WAN interface for VPN connection
a screenshot of DrayOS VPN Client Settings
8. In Dial-Out Settings,
Select IKEv2 EAP for the VPN server type
Enter the domain of VPN server we get in step 3 at Server IP address/Hostname
Enter Username (It is the mail address you used for applying the NordVPN account)
Enter Password (It is the one you configured while activating the NordVPN trial service)
Choose "Digital Signature" for IKE Authentication Method, and select the IPsec Peer Identity Profile created in step 6 for Peer ID
Select "AES with Authentication" for IPsec Security Method
Click Advanced
a screenshot of DrayOS VPN Client settings
9. Click Advanced button, In the IKE advanced settings pop-up windows, confgure:
IKE phase 1 proposal as "AES256_SHA1_G14"
IKE phase 2 proposal as "AES256_SHA1"
IKE phase 1 key lifetime as "3600"
IKE phase 2 key lifetime as "1200"
a screenshot of DrayOS IKE advanced settings
10. Click OK to close the window. At TCP/IP Network Settings:
Enter Remote Network IP as "0.0.0.0"
Select Remote Network Mask to "0.0.0.0/00"
Change Routing to NAT for this VPN connection
(optional) Enable Change Default Route to this VPN tunnel option if you want all traffic to NordVPN.
a screenshot of DrayOS VPN Settings
11. After finishing above settings, we can check the VPN status via VPN and Remote Access >> Connection Management page.
Please Log in or Create an account to join the conversation.
- pharcyder
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
02 Mar 2020 15:37 #95678
by pharcyder
Replied by pharcyder on topic Re: Nord VPN Setup Guide
I tried this tonight and it worked first time.
2860ac running 3.8.9.7_BT
2860ac running 3.8.9.7_BT
Please Log in or Create an account to join the conversation.
- inspectorman
- Offline
- Junior Member
Less
More
- Posts: 17
- Thank you received: 0
30 Apr 2020 12:14 #96083
by inspectorman
Replied by inspectorman on topic Re: Nord VPN Setup Guide
Yes, running on a 2862. Not a very intuitive process but it's fine now. Some sites don't like the router level VPN but it's simple enough to flick it off for ten minutes and then back on.
Set it up this time last year and now running successfully on 3.9.3 . There is a Draytek VPN tutorial too, but I can't remember if it helped or hindered me.
Set it up this time last year and now running successfully on 3.9.3 . There is a Draytek VPN tutorial too, but I can't remember if it helped or hindered me.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek