V. VPN (Virtual Private Networking)

Vigor 3900 VPN Trunk to Vigor 2862 (DrayOS)

Products:
Vigor 2960
Vigor 3900
Keywords:
2960
VPN
VPN Load Balance
VPN Trunk

The VPN Trunk facility is able to use multiple WAN interfaces to load balance traffic across those WANs for site to site VPN traffic.

The Vigor 3900 and Vigor 2862 have different interfaces for configuring the VPN trunk but this is fully interoperable between the two router types, this guide covers the setup of these two types of router to make a working VPN trunk between the two.

 Site A - LondonSite B - Leeds
 
Router Vigor 3900 Vigor 2862
Call Direction Dial-In Dial-Out
WAN1 IP 80.0.0.1 80.0.0.2
WAN2 IP 90.0.0.1 90.0.0.2
Local Network 192.168.1.0/24 192.168.2.0/24
Tunnel 1 GRE IP 1.1.1.1 1.1.1.2
Tunnel 2 GRE IP 2.2.2.1 2.2.2.2

This is the network setup being used between the two sites, the "Tunnel x GRE IP" values are used internally by the routers to establish the GRE tunnels needed for VPN load balancing to operate

Tthese GRE IP addresses can be set to any IPv4 addresses as they are used for an internal point to point link, but it's recommended to avoid setting this the same as any addresses that are in use on the routers, or the routing table to avoid problems.



Vigor 3900 Setup

To configure a VPN trunk on the Vigor 3900 router, go to VPN and Remote Access > VPN Profiles, select the IPSec radio button and click Add to create the new profile.

When setting the profile name, please note that it cannot use spaces or "-" characters, it is recommended to use the "_" character instead:

The IPSec profile is configured as normal.

The Dial-Out Through WAN interface is specified as WAN1, with the local and remote network settings, a pre-shared key and the Remote Host address.
Which is the address of the remote side that would be connecting. In this case, WAN1 of the Vigor 2862 router is 80.0.0.2.

The Advanced tab and Proposal tabs can be left on their default settings, which are compatible with other DrayTek routers:

Go to the GRE tab of the VPN profile once that's configured and enter the values as shown:

Click Apply on that profile to save the changes.

The router will then need the profile for WAN2 to be configured, so make a second profile for that:

The setup of the second profile is similar, with the only differences being the Dial-Out Through WAN interface, which should be WAN2 and the Remote Host IP is set as the remote WAN2 IP address of 90.0.0.2.

Go to the GRE tab to configure the GRE settings for the WAN2 interface, which should be configured as shown:

Click Apply to save and apply that VPN profile.

The router then needs to be configured to recognise these two profiles as VPN trunk profiles, this is done from VPN and Remote Access > VPN Trunk Management, on the Load Balance Pool tab.

Click Add to create a load balance pool for the two profiles.

Set the profile's Mode to Load Balance and click Add in the Interface section to select the two VPN tunnels to be used; after selecting a profile, set the Weight value, which is a ratio and can be a number between 1 and 255.
In this case, the two VPNs will have the ratio set to 1:1 or 50% per tunnel:

Click Apply on that to save it and go to the Load Balance Rule tab.

On there click Add to make a profile so that the router will recognise which subnets the trunk will be used for, in this case, the settings are the same as the VPN tunnels, with the source IP range being 192.168.1.0/24 and the destination IP range being 192.168.2.0/24:

With that saved, the Vigor 3900 is now ready to accept VPN trunk connections from the Vigor 2862.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1