L2TP over IPsec VPN between DrayTek Routers

This note is going to demonstrate how to establish L2TP over IPsec between two Vigor Routers with the following topology.

 

 

 

 

1. Set up IPsec pre-shared key, go to VPN and Remote Access >> IPsec General Setup, type Pre-Shared Key and confirm it, then click OK to apply.

  

 

2. Set up VPN profile, go to VPN and Remote Access >> LAN to LAN and click an available index to create a VPN profile.

 

 

 

3. Give a profile name and enable it, select "Dial-in" for Call Direction.

 

 

4. In Dial-In Settings, select "L2TP" and set IPsec Policy to "Must," type Username and Password.

 

 

 

5. In TCP/IP Network Settings, enter the LAN IP and Mask of VPN client at Remote Network IP/ Mask. Click OK to apply.

 

 

 

 

6. Set up VPN profile on VPN Client Router, go to VPN and Remote Access >> LAN to LAN and click an available index to create a VPN profile.

 

 

7. In Common Settings, give a profile name and enable it, select "Dial-out" for Call Direction.

 

 

8. In Dial-Out Setting,

 

a. Select "L2TP" and set IPsec Policy to "Must",

b. Enter the IP or domain name of the VPN server in Server IP/Host Name for VPN

c. Type the Username, Password, and the IKE Pre-Shared Key that has configured on VPN server.

 

 

 

9. In TCP/IP Network Settings, type the LAN IP and Mask of VPN Server at Remote Network IP/ Mask. Click OK to apply.

 

  

 

10. Now go to VPN and Remote Access >> Connection Management of the VPN Client router, and click Dial to initiate the VPN. After the VN tunnel established successfully, we can find the VPN status below.