Hi,

We are currently using a DrayTek 3900 and have around 30-40 users remoting in via VPN. The VPN is setup as L2TP over IPSec and users authenticate with an AD server. I have see from this link, https://www.draytek.com/support/knowledge-base/5270, that IPSec (IKEv1) gives good security and much better performance.

My questions is how do i set this up for remote workers who need to authenticate via a windows 2016 AD server or do i just create one profile and share that across all users?

Thanks

James

I think that IPsec with Xauth should be the easiest to use overall with lots of users and Active Directory (LDAP) for authentication. L2TP over IPsec isn't as quick as IPsec Xauth so it might slow down with enough users connected.

This guide shows how to set that up on the Vigor 3900 with iOS client as an example. Other Operating systems have pretty good support for Xauth as far as I'm aware, you shouldn't need the SmartVPN client.
https://www.draytek.co.uk/support/guides/kb-teleworker-xauth-3900

Thanks for the reply.

I`ve read the guide and looks fairly simple. Will this authenticate with LDAP or do i need to create individual users as the guide seems to suggest user accounts being set up.

Thanks

We are currently using IPSec and IKEv2 for around 60 members of staff. The speed is fast, both authorising and browsing network shares etc. We do have issues with users getting kicked off though. We are on the latest firmware, have disabled DPD and set user idle timeout to 0.

Not sure if anyone else has issues like above or has guidance on how to stop everyone getting kicked off?

I have managed to set up IPSec Xauth and it is so much quicker. How did you set up the IKEv2 as i can`t get that working?

Generate certificates and load onto Firewall. You then need to install the Root CA to the user's PC/Laptop before creating the VPN connection. We are running this on Windows 10 clients.