Expired

V. VPN (Virtual Private Networking)

Expired

Teleworker VPN - SSL - Apple Mac OS X - Smart VPN Client

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2763
Show all

Keywords:
Apple
Apple iOS
Certificate
Certificate Error
Show all

Apple macOS and Mac OS X computers can connect to a DrayTek router that supports SSL VPN with the free DrayTek Smart VPN client for Mac OS X which allows Apple macOS devices to create fast and secure SSL VPN tunnels for teleworking and/or secure browsing.

 

Requirements:

  • Apple computer running Mac OS X 10.11 or later with a 64-bit processor
  • DrayTek Vigor router with SSL VPN Tunnel support (i.e. Vigor 2860)
  • Static IP address or Host Name (including Dynamic DNS) for the router's WAN interface
  • Recommended: Certificate (can be self-signed) with valid Common Name (IP or Host Name) and valid To/From times

Set the Certificate Verification Level

The DrayTek Smart VPN client has options to control the level of verification used for the certificates that secure the SSL VPN tunnel. Before setting up the SSL VPN connection, it's important to consider which type of certificate verification that the SSL VPN client will enforce; more verification will require additional certificate setup.

Each level of verification has different requirements and the default setting is to "Match server name", which checks that the certificate is valid and that it is for the domain / IP that the connection is being made to. If the certificate does not match the verification requirements, the Smart VPN application will not allow the VPN tunnel to establish.

Certificate Verification LevelDescription
Basic Checks that the certificate is within the Valid To and Valid From times
Match Server Name Checks that the certificate's Common Name / CN matches the destination of the server connection.
Checks that the certificate is within the Valid To and Valid From times
Verify Root CA Checks that the certificate is signed by a trusted root authority.
Checks that the certificate's Common Name / CN matches the destination of the server connection.
Checks that the certificate is within the Valid To and Valid From times

This is changed from the Settings section of the app, which is accessed from the gear icon highlighted below:

Overview

This setup guide gives instructions for two methods of configuring the VPN connection, depending on the Certificate Verify Level selected:

  • Basic Verification - This is recommended for setting up the VPN connection quickly
  • Match Server Name - This method requires configuring a valid certificate on the router before the VPN can be established, but does provide higher security because the authenticity of the VPN server can be confirmed

How do you rate this article?

1 1 1 1 1 1 1 1 1 1