Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. This article describes how to configure a VPN tunnel on a DrayTek Vigor 3900 device. * Configuring the tunnel on the Management Platform * Configuring the tunnel on the DrayTek Management Interface Please follow the steps below: ==== Configuring the tunnel in the DrayTek Management Interface ==== 1. Open the DrayTek management interface. 2. In the left panel, select VPN and Remote Access, then select VPN Profiles. Select the add to create a new profile. ---- {{::360010935959screenshot2020-04-13at112605.png?nolink&200 }} ---- 3. Under the Basic tab, fill in the following information: {{3600110728791-1copy.jpg?nolink&200 |}} **Auto Dial-Out: Enable;** Always Dial-Out **Dial-Out through: Your WAN interface;** Default WAN IP **Failover:** Should remain with the null value. **Local IP/Subnet Mask:** Insert your FW external address and specify the correlating subnets. **Remote Host:** Insert you Privatise public gateway IP (you can get this under ROC On Demand in the managed company portal). **Remote ID/Subnet Mask:** Please reach out to Privatise support for this. {{::360010932560screenshot2020-04-13at112754.png?nolink&200 |}} **IKE Protocol:** IKEv1 **IKE Phase 1:** Main Mode **Auth Type:** PSK **Pre-shared Key:** Please reach out to Privatise support for this. **Security Protocol:** ESP 4. Fill in the following information in the Advanced section: {{::360010932580screenshot2020-04-13at112834.png?nolink&200 |}} {{::360010936039screenshot2020-04-13at113129.png?nolink&200 |}} **Phase 1 Key Lifetime:** 86400 seconds **Phase 2 Key Lifetime:** 86400 seconds **Perfect Forward Secrecy Status:** Enable **DPD Status:** Enable **DPD Delay:** 30 seconds **DPD Timeout:** 120 seconds **Ping to Keep Alive:** Disable **Route/NAT Mode:** Route **Source IP:** Auto-detect **Apply NAT Policy:** Disable **Set VPN Default Gateway:** Disable **Netbios Naming Packet:** Disable **Multicast via VPN:** Disable **Rip via VPN:** Disable **Packet Triggered:** Enable **Force UDP Encapsulation:** Disable 5. Fill in the following information in the GRE section: {{::360010936059screenshot2020-04-13at113213.png?nolink&200 |}} **Enable GRE Function:** Disable **Auto Generate GRE Key:** Enable 6.Fill in with the following information in the Proposal section: {{::image-1607873566327.png?nolink&200 |}} **IKE Phase 1 Proposal:** AES 256 **IKE Phase 1 Authentication:** SHA1 **IKE Phase 2 Proposal:** AES 256 with auth **IKE Phase 2 Authentication:** SHA1 **Accepted Proposal:** Accept 7. Leave the checkbox unmarked in the Multiple SAs section. Make sure to enable the profile and click Apply. {{::360010936079screenshot2020-04-13at113512.png?nolink&200 |}} 8. If the tunnel is up, the profile will be green in the Connection Management tab: {{360010936219screenshot2020-04-13at113958.png?nolink&200 |}} draytek_site.txt Last modified: 2021/11/16 17:10by rafi