V. VPN (Virtual Private Networking)

Managing VPNs with DrayTek Central VPN Management

Products:
Vigor 2862
Vigor 2865
Vigor 2926
Vigor 2927
Show all

Keywords:
CVM
Central
Central Management
Central VPN Management
Show all

DrayTek Central VPN Management

Central VPN Management simplifies the configuration of VPN tunnels between a DrayTek Vigor router at a central site and remote sites with DrayTek Vigor routers using the TR-069 protocol.
The VPN connections are managed and monitored visually from the central site so that any changes to VPN connectivity between sites can be quickly noticed and resolved.

With USB storage connected to the central router, Central VPN Management can also perform automated and scheduled tasks, such as firmware upgrades and configuration backups for the Vigor routers at remote sites, from the Central VPN Management router.

DrayTek's Central VPN Management can manage up to 8-16 routers (depending on router model) from a single router; larger networks can use the VigorACS-SI Central Management system to manage more DrayTek Vigor routers at remote sites.

 


DrayTek routers that support Central VPN Management

DrayTek Vigor RoutersManages up to
DrayTek Vigor 2860 8 Vigor Routers
DrayTek Vigor 2925 8 Vigor Routers
DrayTek Vigor 2952 8 Vigor Routers
DrayTek Vigor 3220 8 Vigor Routers
DrayTek Vigor 2960 12 Vigor Routers
DrayTek Vigor 3900 16 Vigor Routers

All DrayTek Vigor routers that have VPN functionality and support TR-069 management, essentially all DrayTek routers from the Vigor 2820 series onwards, can be managed by Central VPN Management as clients.


Central VPN Management Functionality

VPN Management

Configure VPN tunnels quickly with a visual representation of VPN tunnels connecting the Central Site router and Remote Site routers

Managed Devices List

View details of Vigor routers connected to Central VPN Management

CPE Maintenance

Perform configuration backup/restoration and firmware upgrades as scheduled tasks

Google Map

View Vigor routers connected on a map, based on their location

Logs & Alerts

View logs of connections, disconnections and outcomes of scheduled tasks

Initial Setup

Initial Setup for Central VPN Management

This tab explains the initial setup.

The setup of Central VPN Management requires the following steps before the system can be used to manage the remote Vigor routers:

  1. Enable Central VPN Management on Central Site router
  2. Configure Remote Site routers
  3. Select and Identify Vigor routers to manage

1. Enable Central VPN Management

To enable Central VPN Management on the router at the central site, go to [Central VPN Management] > [General Setup], or if the router has a Central Management menu, go to Central Management > [VPN] > [General Setup]

Enable the CVM SSL Port so that the router will operate as the Central VPN Management router. In this guide, only the CVM SSL Port is enabled so that connections made for Central VPN Management are encrypted. Using CVM without SSL / Encryption should only be used for diagnostics.

The Password will need to be specified, which is used by remote site routers to connect to the CVM router.
The username can also be changed if required, but in this example the default of "acs" will be used.

Click OK to save and apply the changes.


The WAN IP shown highlighted is for display purposes only and generates the URL that clients will be connecting to. In this example, the CVM router has a hostname that clients can connect to. Setting the option to "MANUALLY" instead of the WAN interface, allows the hostname to be specified, which then generates the URL in green text:

With the preferred WAN interface selected or a hostname specified, highlight the second line of green text and copy the required URL to the clipboard.


2. Configure Remote Site routers

To connect Vigor routers at remote sites, access the web interface of each remote router and go to [System Maintenance] > [TR-069 Setting], then configure these settings:

  1. ACS Server On - Internet
  2. URL - Paste the URL from the CVM router or enter https://[IP address/Hostname]:8443/ACSServer/services/ACSServlet
  3. Password - The password configured on the CVM router in [Central VPN Management] > [General Setup]
  4. Enable the CPE Client and set it to HTTPS
  5. Enable the Periodic Inform Settings and leave the Interval Time on its default of 900 seconds

Click OK to save and apply the settings. It will then try to connect to the CVM router.

Central VPN Management also needs the TR-069 Server to be enabled on client routers. To do that, go to [System Maintenance] > [Management] and enable "Allow Management from the Internet" with the "TR-069 Server" option enabled:

Click OK on the Management settings page to apply the change, which will prompt to restart the router, click OK again to restart the router so that the TR-069 management interface is activated.

Repeat these steps for each router that will be connecting to Central VPN Management.


3. Select and Identify Vigor routers to manage

With the TR-069 details entered on the Vigor routers at each remote site, the routers should begin appearing in Central VPN Management. Routers that have connected to CVM will appear in [Central VPN Management] > [CPE Management] in the Managed Devices List tab.

These will initially appear in the Unmanaged Devices List:

To select the routers for management and identify them:

  • Check the tickbox for each router
  • Enter a Description Name for the remote router
  • Enter a Location for the router, in the form of a Postcode (i.e. WD61GW) or Town/City name so that it can be located in the Map section

Click Add to add those routers to the Managed Devices List:


With the routers showing in Central VPN Management's CPE Management section, the Central VPN Management router can manage those routers, to create VPN tunnels to the CVM router, monitor their status and perform scheduled tasks / firmware upgrades, all through the main DrayTek Vigor router at the central site.

The VPN Management section details how to set up VPN connections using Central VPN Management.

The Managing Routers section gives an overview of what the Central VPN Management system can monitor and how to modify the locations and names of the remote site routers.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1