V. VPN (Virtual Private Networking)

IKEv2 EAP VPN from Windows to Vigor3900/2960 using the Smart VPN Client

Products:
Vigor 2960
Vigor 3900
Keywords:
2960
3900
EAP
IKEV2
Show all

Vigor3900 and Vigor2960 running firmware version 1.4.0 and above support IKEv2 with EAP authentication. This adds an extra layer of security to the IKEv2 VPN by the use of additional username and password authentication and certificate verification.

This article demonstrates how to create a self-signed certificate for server authentication, set up Vigor Router as an IKEv2 VPN server, and how to establish a connection from Windows using the Smart VPN Client v5.3.0 application.

Router Setup for IKEv2

1. Go to [Certificate Management] > [Trusted CA], click Build RootCA

  • Enter all the information
  • Select "2048" for Key Size
  • Enter the Passphrase to sign the local certificate
  • Click Apply to save

image1VPN

2. Click Download to export the Root CA, which will be installed on the VPN client.

image2VPN

3. Go to [Certificate Management] >[Local Certificate], click Generate:

  • Select "Domain Name" for ID Type and enter the domain of router for ID Value
  • Enter all the information
  • Enter the domain of router for Common Name (CN)
  • Select "2048" for Key Size
  • Select "Enable" for Self Sign
  • Enter the Passphrase of Root CA at CA Key Passphrase
  • Click Apply

3

4. Go to User Management >> User Profile to add a user profile:

  • Check Enable
  • Enter Username and Password
  • Select "Enable" for Xauth/EAP at PPTP/L2TP/SSL/OpenVPN Server

4

5. Go to VPN and Remote Access >> VPN Profiles >> IPsec to add a profile:

  • Give a profile name and check Enable
  • Select "Enable" for Remote Dial-In User
  • Enter router's LAN network for Local IP / Subnet Mask
  • Select "IKEv2" for IKE Protocol
  • Select "RSA" for Auth Type and choose the certificate created in previous steps for Local Certificate.

5

Connecting from Windows with SmartVPN

1. Open the router's exported RootCA and install it in the computer's Local Machine certificate store (requires admin permissions):

 1

2. Install the router's RootCA in "Trusted Root Certificate Authorities"

2

3. Confirm that the certificate is installed successfully:

3

4. Run the Smart VPN client and Add a profile:

  • Give a Profile Name
  • Select "IKEv2" for Type
  • Enter the domain of the router
  • Enter Username and Password
  • Click OK

Capture1

5. Switch on Connect and then we can check VPN status when it's connected

Capture2


How do you rate this article?

1 1 1 1 1 1 1 1 1 1