Expired

I. Product Setup Guides

Expired

Remote Management TOTP Time-based One-Time Password on a DrayTek Router

Products:
Vigor 2765
Vigor 2766
Vigor 2865
Vigor 2865Lax-5G
Show all

Keywords:
2fa
TOTP
Time-based One-Time Password
remote
Show all

DrayTek routers can be managed remotely once management from the Internet has been enabled. This is not enabled by default and must be configured from [System Maintenance] > [Management] by selecting the Allow management from the Internet option.
The next step is to set router's admin password. Instead of a standard password, a more sophisticated authentication method such as Time-based One-Time Password can be used on some newer DrayTek routers.

This article describes steps on how to use TOTP (Time-based One-Time Password) authentication for remote management on a DrayTek router. It's an easy-to-use method that is potentially more secure than SMS or token based 2FA because the user must authenticate with the phone to access the TOTP code.

Below is the list of routers supporting the new feature:

Router Model Compatible Firmware Supporting Remote Management TOTP Authentication
Vigor 2765 4.4.1 or later
Vigor 2766 4.4.1 or later
Vigor 2865 4.3.1 or later
Vigor 2866 4.3.1 or later
Vigor 2927 4.3.2 or later
Vigor 2962 4.3.1 or later
Vigor 3910 4.3.1 or later
 
 

DrayTek Vigor Router TOTP Remote Management Setup

1. Go to [System Maintenance] > [Administrator Password] and select Enable Advanced Authentication method when login from "WAN"

enable advanced authentication

 

2. Make sure that the Time-based One-time Password (TOTP) option is enabled. Then copy Secret or scan the QR Code

TOTP Secret

3. Open an Authenticator APP such as Google Authenticator or TOTP Authenticator and enter the Secret or scan the QR Code

kb vpn totp03

The validation code will be automatically generated in the Authenticator App.

kb vpn totp04

4. Enter the validation code generated in step 3, press Verify and OK to save.

kb remotemanagement totp 03

5. Configure Remote Management

Once the Time-based One-time Password has been set on the router, go to [System Maintenance] > [Management] to see the router's management options:

If the remote management on the router hasn't been enabled yet, check Allow management from the Internet.

Enable the management options that need to be accessed from the internet; HTTPS, TR-069 and SSL are enabled in this example.

Disable PING from the Internet option when enabled, stops the router from replying to pings sent to the router's WAN IP addresses.

Click OK to continue to save the settings and reboot the router when prompted.

kb remotemanagement totp 04