Note : This is the classic/original FAQ. For the very latest articles and new content for UK/Ireland users, please visit the Product Knowledgebase here

DrayTek Logo

VPN over WLAN Setup

Vigor Wireless LAN Routers

Various Vigor Wireless routers support VPN-over-WLAN (Wireless LAN) as an additional wireless security method. This means that you can create a secure tunnel between wireless client PC and the router, over the existing wireless connection, thus providing greater security as the traffic between that wireless client and the router is then encrypted and within a private tunnel using IPSec/3DES encryption (or as selected).

  1. From the router's main menu, select >> VPN and Remote Access Setup.

  2. Now select the menu >> Remote Access Control Setup. Within that menu, enable IPSec and disable the other protocols (unless you are using them also) and client the OK button to confirm your settings :

  3. Select >> VPN IKE / IPSec General Setup. Set the settings as shown below (note ESP and 3DES encryption selected) and then select a secret passphrase which is used as the seed for the encryption. You can mix upper/lower case and numeral/letters. Do not select a string that is so complex/long that it becomes too impractical to enter into the clients, but it should not be too short (min 10 characters). As our example encryption key, we will use the string "vigor2600_hello1234_tunnel" so enter that into the box, re-type it in the second box, and click OK to confirm the setting :

  4. Select the menu >> Remote Dial-in User Setup and then select one of the empty user profiles - there are 20 in total. Each VPN-over-WLAN user gets their own profile here. Within the profile, select as below. In our example, the user is called Oscar and his password will be venice :

  5. In order to increase wireless access further by permitting only specific PCs to access the wireless interface. The PC is identified by its unique MAC address, which is the address of the network card (not to be confused with its IP address). To find the MAC address of a PC network interface, use the ipconfig /all command from a Windows DOS/Command prompt. The output will contain the MAC address, as in this example below. Note the MAC address from each of your wireless PCs carefully :

    Get the NIC's MAC Address using IPConfig

  6. From the wireless menu, select the menu >> Access Control. You now need to enter the MAC address of the wireless clients to whom you wish to grant access. Enter the MAC address obtained from the PC (see earlier) into the six boxes, tick the Must use VPN over WLAN checkbox and then press the Add button. That will add the PC to the list of allowed clients. If the list is left blank, any wireless PC can access the router. Do not click OK yet.

    Entering MAC Address of WLAN clients

  7. Decide on an IP address which will act as the local VPN host server for WLAN connections. We recommend an address 'one up' from the router's 1st LAN IP address and it must be outside (e.g. below) the DHCP start address and not already used elsewhere, in our example it is Double check all settings on the page and then click OK.

    WLAN VPN Server Address

Setting up Windows XP Client (using DrayTek SmartTool)

  1. Install the DrayTek SmartVPN Tool; this automates the process of setting up a VPN profile on your PC. The latest version of the SmartTool can be downloaded from the DrayTek web site.

  2. The first screen of the VPN SmartTool offers you steps 0 to 2. Click the button in step 0 if it is not greyed (if it greyed, IPSec is already enabled on the PC). Ignore the 'step box' (leave it blank) and then click the Setup button in Step 2 :

Setting up WindowsXP VPN-over-WLAN Client (Manual Setup)

NOTICE : This document is © SEG Communications and may not be distributed in part or full without specific written consent. Information and products subject to change at any time without notice.