Expired

V. VPN (Virtual Private Networking)

Expired

NordVPN: How to connect a DrayTek VPN router with IKEv2

Products:
Vigor 2135ax
Vigor 2620Ln
Vigor 2762
Vigor 2763
Show all

Keywords:
IKEV2 EAP
Nord VPN
X.509
certificate
Show all

DrayTek Vigor routers running firmware versions 3.9.9.8 and above can be configured to connect to NordVPN.

This article demonstrates how to create an IKEv2  VPN tunnel from a DrayTek Vigor Router to NordVPN server.

Account & Initial Setup

1. You will need a NordVPN account. You can apply for a account via https://nordvpn.com/

2. Download the NordVPN root CA certificate here.

3. Get the NordVPN server domain using the steps here.

Router Setup - Installing the X.509 Certificate

To connect to NordVPN, the router will need to have the certificate from NordVPN loaded onto the router and configured as a trusted certificate. It can then be used for authentication.

4. Log into the router's management page. Go to [Certificate Management ] > ]Trusted CA Certificate] page, and click IMPORT. Click Choose File to select the root.der file we downloaded in step 2. Then, click Import.

 nord3.png

5. Wait for a few seconds until the router responds “Import Success” and the Certificate Status shows OK.

nord44.png

6. Go to [VPN and Remote Access] > [IPsec Peer Identity], edit a profile to for NordVPN server.

  1. Check Enable this account
  2. Select Accept Any Peer ID

 nord5.png

Router Setup - VPN Configuration

7. Go to [VPN and Remote Access] > [LAN to LAN], click on an available index number, and edit the profile as follows. In Common Settings,

  1. Give it a profile name
  2. Check Enable this profile
  3. Set Call Direction to "Dial-Out"
  4. At Dial-Out Through, select the WAN interface for VPN connection

 nord6.png

8. In Dial-Out Settings,

  1. Select  IPsec Tunnel and IKEV2 EAP for the VPN server type
  2. Enter the domain of VPN server we get in step 3 at Server IP address/Hostname
  3. Enter your NordVPN service Username (How to get this)
  4. Enter your NordVPN service Password (How to get this)
  5. Select the IPsec Peer Identity Profile created in step 6 for Peer ID
  6. IKE phase 1 proposal encryption as "AES256"
  7. IKE phase 1 proposal DH group as "G14"
  8. IKE phase 1 proposal authentication as "SHA1"
  9. IKE phase 2 proposal encryption as "AES256"
  10. IKE phase 2 proposal authentication as "SHA1"
  11. IKE phase 1 key lifetime as "28800"
  12. IKE phase 2 key lifetime as "3600"

 DIALOUT

9.  At TCP/IP Network Settings:

  1. Enter Remote Network IP as "0.0.0.0"
  2. Select Remote Network Mask to "0.0.0.0/0"

 IP SETTING

 

Checking VPN Status

10. After completing the above settings, we can check the VPN status via [VPN and Remote Access] > [Connection Management] page.

 nord10.png

How do you rate this article?

1 1 1 1 1 1 1 1 1 1

First Published: 06/04/2020
Last Updated: 10/12/2024