V. VPN (Virtual Private Networking)

Teleworker VPN - L2TP over IPsec - Apple iOS

Vigor 2620Ln
Vigor 2762
Vigor 2765
Vigor 2832
Show all

Dial In
Show all

The DrayTek routers that support Dial-In VPN connections can use any compatible VPN client to connect a remote dial-in user VPN to achieve secured access to the network connected to the router and its internet connection.

In this setup guide, the Apple iOS built-in VPN client will be used to make an L2TP over IPsec VPN connection to a DrayTek router.

L2TP with IPsec provides stronger encryption than PPTP and the L2TP protocol must be encrypted with IPsec when connecting with Apple's iOS. With an L2TP over IPsec VPN connection, the IPsec negotiation of the VPN uses the same pre-shared key for all users and the L2TP portion allows each user to have a unique username and password.

Access the router's web interface and ensure that the VPN services for both L2TP and IPsec are enabled so that the router's VPN server will respond to those connection types: This is configured from [VPN and Remote Access] > [Remote Access Control]:

To set up the profile on the router, go to [VPN and Remote Access] > [Remote Dial-In User], click on the first un-used Index number link to edit the profile settings:

Set up the profile to accept L2TP with IPsec Policy connections, set the requirement of that to Must so that users can only connect if going through IPsec to ensure that it's encrypted.

Enable the profile, enter a suitable Username to for the account and set the Password for the account:

Click OK on that page to save the settings for that profile, then go to [VPN and Remote Access] > [IPsec General Setup] to set the Pre-Shared Key for the VPN connection - that needs to be entered twice to ensure that it's entered correctly.

On this page, it's also possible to select which security types are enabled for teleworker VPN connections, in this example, only AES is selected:

Click OK on that page to save the settings.

With the VPN profile on the router configured, the iOS device can be configured with the VPN profile.

To do that, go to the Settings on the iOS device and select the VPN menu. This requires that the iOS device already has a PIN or other security configured on it so it may be necessary to configure that before continuing.

In the VPN menu, select Add VPN Configuration... to make a new VPN profile.

In the new VPN profile, press the Type section to select the VPN type.

Select the L2TP option, this includes L2TP with IPsec.

Configure these settings in the VPN profile:

Type L2TP
Description This is the display name of the VPN profile, in this example, it's set to "DrayTek L2TP VPN" to identify the type of VPN
Server This is the IP address or Host name of the remote VPN server, in this example, it's connecting to ""
Account The VPN user account configured on the router, which in this example is "ExampleVPNUser". The username is case sensitive
RSA SecurID Leave this disabled
Password This is the VPN user account password that was configured in the "Remote Dial-In User" profile
Secret This is the IPsec General Pre-Shared Key that was configured in IPsec General Setup
Send All Traffic Enable this to send all traffic through the VPN

Press Done to save and apply the VPN changes.

To connect the VPN, simply select it from the list of VPN profiles on the iOS device and enable the VPN interface. The VPN will then attempt to connect and if successful, will show the VPN icon in the top left.

Pressing the VPN's information/settings "i" icon will show the connection status.

When connected, the VPN status can be viewed on the router in the [VPN and Remote Access] > [Connection Management] section, which will display the connecting IP, the local IP it has been assigned and the protocol that it is using:

How do you rate this article?

1 1 1 1 1 1 1 1 1 1