V. VPN (Virtual Private Networking)

Teleworker VPN - SSL - DrayTek Smart VPN Client

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
SSL
Smart VPN Client
Tunnel
VPN

DrayTek routers that support Dial-In VPN connections can use any compatible VPN client to connect a remote dial-in user VPN, to achieve secured access to the network connected to the router and its internet connection.

DrayTek's Smart VPN Client software for Windows is available for download here. It is free and can connect all protocols that the DrayTek routers currently support such as IPsec, L2TP over IPsecOpenVPN and SSL VPN protocols.

In this example, the Smart VPN Client will be used to make an SSL VPN connection to a DrayTek router. This provides a quicker way to connect an SSL VPN compared to the browser method.

Setting up SSL VPN User Account on a DrayTek Vigor router

To set up the profile on the router, go to [VPN and Remote Access] > [Remote Dial-In User], click on the first un-used Index number link to edit the profile settings:

Enable the profile, enter a suitable Username to for the account, set the Password for the account and set up the profile to accept SSL Tunnel connections:

Click OK on that page to save the settings for that profile.

Check that the SSL VPN server is enabled on the router from [VPN and Remote Access] > [Remote Access Control]. Make sure that the SSL VPN server option is ticked and if making changes on this page, click OK to apply the change, which will require the router to restart:

The port that the router uses for SSL VPN and the interfaces that the router can use for SSL VPN are configured from [SSL VPN] > [General Setup]:

Configuring the DrayTek SmartVPN Client

Open the DrayTek Smart VPN Client, go to the Profiles section and click Add to create a new VPN profile:

That will open a new window to configure the VPN settings. See the table below for a description of what each setting does and the recommended settings for connecting an SSL VPN tunnel:

Click on the red sub-menus to expand them and show additional options.

Menu Section Menu Item Description / Recommended Setting
Profile Name   Specify a profile name to identify the VPN
Server Information  Type Select SSL VPN Tunnel
IP or Hostname & Port Specify the IP or Hostname of the router
VPN Information Authentication Type Select Username and Password, or select mOTP to use 2-factor authentication (see this article for more information)
User Name Specify the username configured in the router's VPN profile
Password Specify the password as configured in the router's VPN profile
Remember My Credentials Tick this to save the credentials. If this is un-ticked, the password will need to be re-entered when connecting the VPN
Always Prompt for Credentials When ticked, the VPN client will not prompt for credentials when connecting the VPN
IP Property Automatically get IP & DNS Get the IP address from the router (recommended)
Manually set IP & DNS Set the IP address and DNS manually to fix these addresses when connecting the VPN
Advanced Options   Authentication Method Set this to Auto
Enable NetBIOS over TCP/IP Enable this to allow NetBIOS name resolution through the VPN
Enable Server Certificate Authentication Enable this only if the router has a valid signed certificate i.e. LetsEncrypt
Fast SSL Enable this to use a newer DrayTek SSL VPN protocol, which can give higher speeds. Disable this if there are VPN stability or performance issues
Enable SSL 3.0 Do not enable this option.
Use Default Gateway on Remote Network Enable this to forward all Internet traffic through the VPN tunnel
More button Click the More button to add additional routes, that can be accessed through the VPN when it's established. This cannot be selected if the VPN is used as the default route.

Click OK to save the VPN profile.

Connecting the VPN and Checking VPN Status in Windows

It is now possible to connect the VPN, select the profile from the list on the main window and click the Connect button:

That will pop-up a window to enter the User Name and Password settings, the username and password were configured in the profile so should already be configured:

Click OK and the VPN will start to connect, displaying connection status here:

Once the VPN successfully connects, the SmartVPN client will minimise into the Windows System Tray and display a connection status notification in Windows:

Double-click the green system tray icon to display the SmartVPN client. Alternatively, right click the SmartVPN client system tray icon for quick access to connect/disconnect & statistics options:

Check VPN Status on a Vigor Router

The status of the VPN tunnel can be viewed from the router's web interface under [VPN and Remote Access] > [Connection Management]:

Using a different SSL port for SSL VPN

The DrayTek Smark VPN client will attempt to connect to TCP 443 by default - if that port is in use or if it needs to be changed on the router for another reason, this must be changed on both the client and the router.

To change the router's SSL VPN port, go to [SSL VPN] > [General Setup] and on that page, change the SSL VPN port:

Click OK on that page to save the setting change.


To change the port that the DrayTek Smart VPN Client connects to when connecting an SSL VPN, edit the profile and change the IP/Host Name used so that it has the IP address/Host Name with :444 (for example) at the end of the address:


How do you rate this article?

1 1 1 1 1 1 1 1 1 1