1. Open the DrayTek management interface.

2. In the left panel, select VPN and Remote Access, then select VPN Profiles. Select the add to create a new profile.

---

---

3. Under the Basic tab, fill in the following information:

Auto Dial-Out: Enable; Always Dial-Out

Dial-Out through: Your WAN interface; Default WAN IP

Failover: Should remain with the null value.

Local IP/Subnet Mask: Insert your FW external address and specify the correlating subnets.

Remote Host: Insert you Privatise public gateway IP (you can get this under ROC On Demand in the managed company portal).

Remote ID/Subnet Mask: Please reach out to Privatise support for this.

IKE Protocol: IKEv1

IKE Phase 1: Main Mode

Auth Type: PSK

Pre-shared Key: Please reach out to Privatise support for this.

Security Protocol: ESP

4. Fill in the following information in the Advanced section:

Phase 1 Key Lifetime: 86400 seconds

Phase 2 Key Lifetime: 86400 seconds

Perfect Forward Secrecy Status: Enable

DPD Status: Enable

DPD Delay: 30 seconds

DPD Timeout: 120 seconds

Ping to Keep Alive: Disable

Route/NAT Mode: Route

Source IP: Auto-detect

Apply NAT Policy: Disable

Set VPN Default Gateway: Disable

Netbios Naming Packet: Disable

Multicast via VPN: Disable

Rip via VPN: Disable

Packet Triggered: Enable

Force UDP Encapsulation: Disable

5. Fill in the following information in the GRE section:

Enable GRE Function: Disable

Auto Generate GRE Key: Enable

6.Fill in with the following information in the Proposal section:

IKE Phase 1 Proposal: AES 256

IKE Phase 1 Authentication: SHA1

IKE Phase 2 Proposal: AES 256 with auth

IKE Phase 2 Authentication: SHA1

Accepted Proposal: Accept

7. Leave the checkbox unmarked in the Multiple SAs section. Make sure to enable the profile and click Apply.

8. If the tunnel is up, the profile will be green in the Connection Management tab: