V. VPN (Virtual Private Networking)

Teleworker VPN - L2TP over IPsec - Apple Mac OS X

Products:
Vigor 2620Ln
Vigor 2762
Vigor 2765
Vigor 2832
Show all

Keywords:
Apple
Dial In
IPsec
L2TP
Show all

The DrayTek routers that support Dial-In VPN connections can use any compatible VPN client to connect a remote dial-in user VPN to achieve secured access to the network connected to the router and its internet connection.

In this setup guide, the Apple Mac OS X built-in VPN client will be used to make an L2TP over IPsec VPN connection to a DrayTek router.

L2TP with IPsec provides stronger encryption than PPTP and the L2TP protocol must be encrypted with IPsec when connecting with macOS. With an L2TP over IPsec VPN connection, the IPsec negotiation of the VPN uses the same pre-shared key for all users and the L2TP portion allows each user to have a unique username and password.


Access the router's web interface and ensure that the VPN services for both L2TP and IPsec are enabled so that the router's VPN server will respond to those connection types: This is configured from [VPN and Remote Access] > [Remote Access Control]:

To set up the profile on the router, go to [VPN and Remote Access] > [Remote Dial-In User], click on the first un-used Index number link to edit the profile settings:

Set up the profile to accept L2TP with IPsec Policy connections, set the requirement of that to Must so that users can only connect if going through IPsec to ensure that it's encrypted.

Enable the profile, enter a suitable Username to for the account and set the Password for the account:

Click OK on that page to save the settings for that profile, then go to [VPN and Remote Access] > [IPsec General Setup] to set the Pre-Shared Key for the VPN connection - that needs to be entered twice to ensure that it's entered correctly.

On this page, it's also possible to select which security types are enabled for teleworker VPN connections, in this example, only AES is selected:

Click OK on that page to save the settings.


With the VPN profile on the router configured, the Apple Mac OS X computer can be configured to connect to the router remotely.

Go to System Preferences and select the Network settings:

In the Network settings, click the "+" button to create a new network connection:

When prompted for the Interface type, select:

Interface VPN
VPN Type L2TP over IPSec
Service Name Set this to the display name for the Interface, in this example it has been left on the default of "VPN (L2TP)"

Click Create to continue.

In the VPN Interface settings:

  • Set the Service Address to the hostname or IP address of the DrayTek router
  • Set the Account Name to the account name that was created on the DrayTek router earlier

Click Authentication Settings to continue.In the Authentication Settings pop-up window, configure these settings:

  • Set the User Authentication: Password to the password that was configured for the VPN Dial-In User account on the DrayTek router earlier
  • Set the Machine Authentication: Shared Secret to the IPSec Pre-Shared Key that was configured on the DrayTek router earlier

Click OK to continue.

The VPN configuration needs to be saved, which is indicated by the "Status: Not Configured" shown at the top of the VPN configuration window.

To save the profile, click the Apply button, which will change the Status to "Not Connected".Once the Status shows as "Not Connected", the VPN will be ready to connect. Make sure that the Apple computer is connected to a different network from the DrayTek router when attempting to connect, the router's VPN server will respond from the Internet, not the local network.

Click the Connect button to establish the VPN.Additionally, enabling the "Show VPN status in menu bar" option will show a quick VPN access option in the Mac OS X menu bar. Click Apply to apply that change for this menu button to appear:

The Network settings will display the status of the VPN connection and its IP address on the remote network once it has established a successful connection:


When connected, the VPN status can be viewed on the router in the [VPN and Remote Access] > [Connection Management] section, which will display the connecting IP, the local IP it has been assigned and the protocol that it is using:


How do you rate this article?

1 1 1 1 1 1 1 1 1 1