This article demonstrates how to set up Vigor Router an IKEv2 VPN server by using the Let’s Encrypt certificate, and how to establish a connection from Windows OS.
DrayOS supports generating Let’s Encrypt certificate function since firmware version 3.9.0. As we know, the certificate which been signed up by Let's Encrypt is a valid certificate so using Let’s Encrypt certificate on Vigor Router can simplify the VPN configuration steps for different VPN clients, especially while IKEv2 with EAP authentication VPN connection is used. This article demonstrates how to set up Vigor Router an IKEv2 VPN server by using the Let’s Encrypt certificate, and how to establish a connection from Windows OS.
1. Select the correct Time Zone and ensure the router system time is correct.
2. Activate the DrayDDNS service on your Vigor Router referring to the article here.
3. Apply the Let's Encrypt certificate for your DrayDDNS domain name referring to the article here.
4. Go to VPN and Remote Access >> IPsec General Setup page, select DrayDDNS – the Domain which used for applying Let's Encrypt certificate as Certificate for Dial-in.
5. Go to VPN and Remote Access >> Remote Dial-in User page, click an available index. Edit the profile as follows:
(IKEv2 EAP VPN is supported since version 5.1.0)
1. Run Smart VPN client and Add a profile:
If the client uses smartVPN 5.5.0 version, we suggest that to enable Ping to keep alive
2. Switch on Connect and then we can check VPN status when it's connected.
1. Go to Network and Internet Settings >> VPN, and click Add a VPN connection
2. Go to Network and Sharing Centre >> Change adapter settings.Select the VPN profile we just created, click the mouse on the right side and choose Properties. In the Security tab, select Require Encryption if Server declines for Data Encryption and click OK to save the changes.
3. Double click the VPN profile and click Connect to establish the VPN connection.
4.Windows will pop-up the Authentication window. Enter the username and the passwordfor creating the VPN connection successfully.
5. Then we can see the VPN is connected successfully.
Note :
Windows 10 and 11's native IKEv2 VPN try connection the VPN via IPv6 by preference. Please untick the IPv6 option in the DynamicDNS profile to prevent the connection issue since Vigor Router does not support IPv6 for IPsec VPN.
Note2 :
If IPsec Security Method is Medium or above, please add a registry to connect IKEv2 EAP.
WIN+R to open regedit, and create a DWORD registry "NegotiateDH2048_AES256" in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman\Parameters\", and set data to 2
1. Apply for a Let’s Encrypt Certificate.
IKEv2 EAP VPN uses the VPN server’s certificate for authentication. Registering a Let's Encrypt certificate for the VPN server’s domain helps streamline the VPN setup. For detailed steps, please refer to Apply for a Let's Encrypt certificate for your DDNS domain
2. Activate the IPsec VPN service.
Go to VPN > General Setup,
3. Create a Teleworker VPN User Profile.
Go to VPN > Teleworker VPN, click Add, and enter the Username and Password.
In General Tab,
In the Teleworker VPN tab,
Create IKEv2 EAP connection by using Let's Encrypt Certificate that can be imported by Vigor Router web user interface. (Linux)
First, you should register a DDNS account for the router. You can refer to the article here.
Let's Encrypt makes the process of generating, signing and importing the certificate very easy. You can refer to the article here. This document will show how to apply a Let's encrypt for the router's domain.
Now, your router has certificated signed by Let’s Encrypt.
Create a VPN profile with IKEv2 and IPsec remote dial-in enabled.
Add a profile on Smart VPN
Go to connection and switch on connect, we can check VPN status when it's connected.
Published On: 2019-03-26
Was this helpful?