V. VPN (Virtual Private Networking)
ExpiredVPN TOTP Time-based One-Time Password
Additional security options such as 2FA described on our blog are becoming more popular, and for some businesses such as banks are now mandatory. DrayTek routers have supported mOTP (mobile One Time Password) authentication for some time now. You can find the mOTP setup guide here.
Newer DrayTek routers such as Vigor 3910 support even more sophisticated authentication method called TOTP (Time-based One-Time Password) for remote VPN connections (teleworkers). It's an easy-to-use method that is potentially more secure than SMS or token based 2FA because the user must authenticate with the phone to access the TOTP code.
This article depicts steps on how to use VPN TOTP authentication.
Below is the list of routers supporting the new feature:
| Router Model | First Firmware supporting TOTP VPN Authentication |
| Vigor 2865 | 4.4.2* |
| Vigor 2866 | 4.4.2* |
| Vigor 2927 | 4.4.2* |
| Vigor 2962 | 4.3.1 |
| Vigor 3910 | 4.3.1 |
| IPsec Xauth | DrayTek SSL VPN | IKEv2 EAP |
| L2TP over IPsec | OpenVPN | PPTP (for legacy applications) |
DrayTek Vigor Router Setup
1. Go to [VPN and Remote Access] > [Remote Dial-in User] and create a new profile
- Check Enable this account
- Enter the Username of your choice
- Enable the protocol for Allowed Dial-In Type
2. Make sure that the Time-based One-time Password (TOTP) option is enabled. Then copy Secret or scan the QR Code
Note that the Secret or QR Code should be given to the VPN user so that they can use it with their Authenticator APP. The VPN user will then generate a code to establish their VPN tunnel to the router.
3. Open an Authenticator APP such as Google Authenticator or TOTP Authenticator
- Enter the Secret or scan the QR Code
The password will be automatically generated in the Authenticator App.
4. Enter the password generated in step 3, press Verify and OK to save.
DrayTek Smart VPN Client Setup
1. Open the SmartVPN Client
- Click Add to create a profile
- Enter the Profile Name
- Select the VPN protocol Type
- Enter the Host IP or Domain
- Enter the Username
- Click OK to save the profile
2. Select the profile created in step 1 and click Connect
- Enter the password generated by the Authenticator App. (Refer to Step 3 in the DrayTek Vigor Router Setup section)
- Press OK
The green switch indicates that your VPN tunnel has been established:
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.