Sign Up

Users Mailing list

Sign up for news and firmware updates

ExpressVPN: How to connect a DrayTek VPN router with L2TP over IPsec

This article demonstrates how to connect a DrayTek Vigor router to Express VPN and to send all Internet traffic through the tunnel. To connect an L2TP over IPsec VPN to Express VPN, follow these steps.

Find your  Express VPN account

1. Go to the ExpressVPN setup page. If prompted, enter your ExpressVPN credentials and click Sign In

expressvpn-account-click-sign-in.webp

2. Enter the verification code that is sent to your email.

On the right, select PPTP & L2TP/IPsec

3. Click on Manual Config select PPTP & L2TP/IPsec on the right.

expressvpn-account-manual-configuation-click-pptp-l2tp-ipsec.webp

This will show you your username, password, and a list of server addresses around the world.

expressvpn-account-manual-configuation-pptp-l2tp-ipsec.webp

Please keep this information on hand as you will need it to configure the DrayTek router.

Vigor Router setup

1. Set up a VPN profile, go to [VPN and Remote Access] > [LAN to LAN] and click an available index to create a VPN profile.

vpnfast1.PNG

2. Give the profile a name and enable it, select "Dial-out" for Call Direction.

ex4.png

3. In Dial-out Settings,

  1. Select "L2TP" and set IPsec Policy to "Must",
  2. Enter the domain name of the VPN server obtained in the step above at Server IP address/Hostname
  3. Enter Username (the ExpressVPN username you found above)
  4. Enter Password the ExpressVPN password you found above)
  5. Type '12345678' under IKE Pre-Shared Key
  6. Tick High(ESP): AES with Authentication under IPSec Security method

ex5.png

4 .At TCP/IP Network Settings:

  1. Set Remote Network Mask to 0.0.0.0/00
  2. Change Routing to NAT for this VPN connection
  3. (optional) Enable Change Default Route to this VPN tunnel option if you want all traffic to ExpressVPN.

 ex6.png

Click OK to save and apply the VPN configuration. The VPN should establish shortly after.

Check VPN Status

After configuring the VPN tunnel, we can check the VPN status from the  [VPN and Remote Access] > [Connection Management] page.

 drayos-connection-status.png

Configure split tunneling on your DrayTek router

You can use the Policy Route feature, which allows you to select which traffic goes through the VPN tunnel and which does not.

Go to [Routing] > [ Load-Balance/Route Policy] and click an available index to create a route.

Once in the profile, enter th following information:

  • Enable: Check this box.
  • Comment: Enter any name that is meaningful to you. For example: to_ExpressVPN.
  • Protocol: Select Any.
  • Source: If you want to send all outgoing traffic through the VPN tunnel, select Any. If you want to send the outgoing traffic of a particular LAN (e.g., Guest LAN) through the VPN tunnel, select IP Subnet, then enter the appropriate information for Network and Mask.
  • Destination: Select Any.
  • Destination Port: Select Any.
  • Interface: Select VPN and the VPN connection you created earlier.
  • Gateway: Select Default Gateway.
  • Failover to: If you want another network to be used when the option you selected for Interface (e.g., VPN) is offline, check this box and select an appropriate network.
  • Gateway: Select Default Gateway.
  • Failback: If you want your traffic to be immediately routed through the option you selected for Interface (e.g., VPN) when it is online again, check this box.

draytek-vigor2926-routing-load-balance-route-policy-index-enabled.webp