Expired

V. VPN (Virtual Private Networking)

Expired

DrayTek LAN-to-LAN OpenVPN Configuration Guide

Products:
Vigor 2865
Vigor 2865Lax-5G
Vigor 2865l-5G
Vigor 2927
Keywords:
LAN2LAN
OpenVPN
VPN
l2l
Show all

OpenVPN is a popular open-source protocol that can be run on different operating systems. Latest DrayTek Vigor routers support the OpenVPN Dial-Out function since firmware version 4.2.1. This VPN protocol can be used for encrypted tunelling with other DrayTek router, and it’s potentially compatible with other vendors.

This article demonstrates how to create an OpenVPN tunnel between two DrayTek Vigor routers compatible with firmware 4.2.1 or later. It is split into two sections: VPN Server (dial-in) settings [steps 1-7], and the VPN Client (dial-out) settings [steps 8-12].

VPN Server (Dial-In) Settings

1. Go to [VPN and Remote Access] > [LAN to LAN] and click an index available to create a new VPN profile;

  • Check Enable this profile
  • Select Dial-In for Call Direction
  • Allow OpenVPN Tunnel in Dial-In Settings
  • Enter credentials - Username and Password

    kb openvpn lan to lan 01

  • Populate the Remote Network IP and Mask with IP subnet used by the VPN Client
  • Click OK to save the settings
    kb openvpn lan to lan 02

2. Then go to [VPN and Remote Access] > [Remote Access Control] and make sure that the Enable OpenVPN Service option is checked. Note that you may need to reboot the router to activate the VPN service.

kb openvpn lan to lan 03

3. The OpenVPN protocol is using certificates that rely on valid time and date. Make sure that the [System Maintenance] > [Time and Date] time settings are correctly configured on the router.

kb openvpn lan to lan 04

4. Go to [VPN and Remote Access] > [OpenVPN] > [OpenVPN Server Setup]

  • Select the TCP and/or UDP protocols, depends on which transfer protocol you would like to use for OpenVPN connections
  • Customize the TCP Port and UDP Port if needed

kb openvpn lan to lan 05

5. Certificates setup

  • Choose Router generated certificates
  • Click the Generate button
  • Press OK to save

kb openvpn lan to lan 06

6. From the [VPN and Remote Access] > [OpenVPN] > [OpenVPN Client] configuration page

  • Choose the WAN interface for OpenVPN connection
  • Select the Protocol you would like to use, e.g. UDP
  • Specify a Config File Name
  • Click Export to save the VPN configuration file. It will be imported into the VPN Client later

kb openvpn lan to lan 07

7. Go to [VPN and Remote Access] > [SSL General Setup] and select openvpn server (or any other name used in previous steps) as your server certificate

kb openvpn lan to lan 08

VPN Client (Dial-Out) Settings

8. Go to [VPN and Remote Access] > [LAN to LAN] and create a new VPN profile

  • Allow OpenVPN Tunnel in Dial-Out Settings and choose the protocol (TCP or UDP)
  • Click Choose File and select the VPN configuration file saved in step 6
  • Hit the Import button

kb openvpn lan to lan 08b

9. Vigor Router will show a message to notify that the configuration import was successful. Click the VPN profile Index to continue setting up the VPN profile.

kb openvpn lan to lan 08c

10. If you have not selected the profile in step 9, go to [VPN and Remote Access] > [LAN to LAN] and click an index associated with the OpenVPN profile

  • Check Enable this profile
  • Select Dial-Out for Call Direction
  • Allow OpenVPN Tunnel in Dial-Out Settings
  • Enter credentials - Username and Password

kb openvpn lan to lan 09

11. For Remote Network IP and Subnet Mask, input the IP subnet used by the VPN Server and set the Mode to Routing

kb openvpn lan to lan 10

12. Go to [VPN and Remote Access] > [Connection Management] to see the VPN Connection Status

kb openvpn lan to lan 13

    How do you rate this article?

    1 1 1 1 1 1 1 1 1 1

First Published: 20/11/2020
Last Updated: 27/04/2021