Vigor3900 and Vigor2960 running firmware version 1.4.0 and above support IKEv2 with EAP authentication. This adds an extra layer of security to the IKEv2 VPN by the use of additional username and password authentication and certificate verification.
This article demonstrates how to create a self-signed certificate for server authentication, set up Vigor Router as an IKEv2 VPN server, and how to establish a connection from Windows using the Smart VPN Client v5.3.0 application.
1. Go to [Certificate Management] > [Trusted CA], click Build RootCA
2. Click Download to export the Root CA, which will be installed on the VPN client.
3. Go to [Certificate Management] >[Local Certificate], click Generate:
4. Go to User Management >> User Profile to add a user profile:
5. Go to VPN and Remote Access >> VPN Profiles >> IPsec to add a profile:
1. Open the router's exported RootCA and install it in the computer's Local Machine certificate store (requires admin permissions):
2. Install the router's RootCA in "Trusted Root Certificate Authorities"
3. Confirm that the certificate is installed successfully:
4. Run the Smart VPN client and Add a profile:
5. Switch on Connect and then we can check VPN status when it's connected
How do you rate this article?