V. VPN (Virtual Private Networking)

Teleworker VPN - SSL - Android Smart VPN App

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
Android
Certificate
SSL
SSL Tunnel
Show all

Android devices such as phones and tablets running the Google Android operating system can connect to a DrayTek router that supports SSL VPN with the free DrayTek Smart VPN App for Android which allows these devices to create fast and secure SSL VPN tunnels for teleworking and/or secure browsing.

This requires a DrayTek routers that supports SSL VPN Dial-In Users such as the DrayTek Vigor 2860 router which supports up to 16 SSL VPN tunnels.


Create an SSL VPN Dial-In User Account

To set up the SSL VPN profile on the router, go to [SSL VPN] > [User Account], click on the first un-used Index number link to edit the profile settings:

  • Enable the profile
  • Enter a suitable Username to for the account
  • Set a secure Password (up to 19 characters, alphanumeric and special characters allowed)
  • Set the profile to accept SSL Tunnel connections:

Click OK on that page to save the settings for that profile.

The Status text displays in red if the user is not connected and will display in green when the user has connected.

With the account created on the router, the client can be configured to connect.


DrayTek Smart VPN APP Configuration

Open the DrayTek Smart VPN App and press  to create a new VPN profile.


The VPN profile has the following options to configure:

  • Description: The name of the VPN profile
  • Server: The IP address or Host Name of the SSL VPN server, the VPN server in this example is 198.51.100.103
  • Port: The port of the SSL VPN server; this will be 443 by default and should only be changed if the SSL VPN port has been changed on the router
  • Automatically get / Manually set IP and DNS server address: Used to specify the IP address that the client will use when connected to the VPN. This should usually be left on its Automatic setting
  • Enable SSL 3.0: When enabled, this allows the lower security SSL 3.0 protocol. This should usually be left disabled as all DrayTek routers that support SSL VPN have been updated to support at least TLS 1.0
  • Enable server certificate authentication: When enabled, this checks the router's HTTPS certificate for the following conditions:
    • The certificate Common Name matches the IP or Hostname that the client is connecting to
    • The certificate has not expired
    • The certificate has been signed by a known Certificate Authority
    This option should only be enabled when the router has a certificate signed by a mainstream Certificate Authority (more info) or when using a self-signed certificate as detailed in this guide and the router's Root CA has been downloaded and installed to the device using the [Certificate Management] > [Trusted Certificate] Root CA - Export button
  • Use default gateway on remote network: Similar to Split Tunneling when disabled. If this is not selected, only traffic in the VPN's local subnet will go through the VPN tunnel. When enabled, this puts all Internet connectivity through the VPN tunnel
  • More Route: This option can be used to specify an additional subnet that would go through the VPN tunnel, if not using the "Use default gateway on remote network" option

Press Save and the device will save the VPN profile.


To connect the VPN tunnel, press the VPN profile that was just created:

This will begin to dial the connection, enter the Username and Password of the SSL VPN Dial-In User account created on the router and press Dial:

The VPN will start to connect:

Once the VPN is connected, the main window will show the VPN profile in green text:

To disconnect the VPN tunnel, press the VPN profile currently active (highlighted green) and it will disconnect.


The status of the VPN tunnel can be viewed from the router's web interface under [VPN and Remote Access] > [Connection Management]:


How do you rate this article?

1 1 1 1 1 1 1 1 1 1