ZenMate WLAN HotSpot – for i.e. legally secure WIFI internet access for your guests.
Completely legally secured Internet access by ZenMate.
ZenMate Security and Privacy VPN allows you to route your total data trafic over your existing internet connection through a Zenmate Security and Privacy VPN. This will guarantee you legally secure internet access.
This guide will show you, how to configure a DrayTek Vigor 2860 with WLAN function as legally secure HotSpot for wireless internet access for guests and/or customers by using
ZenMate Security and Privacy VPN.
After activating ZenMate service in your router , please choose the WAN port for the
ZenMate Security and Privacy VPN connection.
Please DO NOT ENABLE „Default Route“.
Please enter the VLAN configuration of the router –
LAN >> VLAN Configuration.
You can enable a 2nd subnet here ( i.e. LAN2 for ZenMate HotSpot ) and assign a LAN port and one ore more WLAN SSID's .
As example we configure an internal subnet ( LAN 1 – 192.168.1.0 / 24 ) and
an additional local subnet ( LAN 2 – 192.168.100.0 / 24 ) for our ZenMate WLAN HotSpot.
Please enable the VLAN Configuration and assign VLAN0 the ethernet ports P1; P2; P3; P4; P5, the SSID1 for Wireless LAN (2.4GHz) and Wireless LAN (5GHz) for Subnet – LAN1 ( 192.168.1.0 / 24 ).
Please assign ethernet port 6 ( P6 ) and SSID2 for Wireless LAN (2.4GHz)
and Wireless LAN (5GHz) to Subnet – LAN2 ( 192.168.100.0 / 24 ).
Confirm with OK.
After the router reboots please enter LAN >> General Setup.
You can start to configure subnet LAN 2 .
Enter "Details Page" for LAN 2 and change the IP address to 192.168.100.1
and if you need too, change DHCP server and DNS server settings as you prefer.
Confirm with OK.
After reboot, every network device connected with ethernet port 6 or WLAN SSID2 for Wireless LAN (2.4GHz) and Wireless LAN (5GHz) , is assigned to Subnet LAN2 ( 192.168.100.0 / 24 ) .
At ethernet port 6 you can connect additional AP's by using wired ethernet connection, to extend the wireless signal for your client/guest WLAN .
Please enter now Load-Balance/Route Policy >> General Setup
under Index 1 create a new rule in „Advance Mode“.
Please enable the Route Policy ( 1 ) and choose „Any“ ( 2 ) as protocol.
Under Source IP you can choose „Src IP Subnet“ ( 3 ) and enter under "Network"
192.168.100.0 and at "Mask" please choose "255.255.255.0 / 24" as total subnet.
At Destination IP ( 4 ) and Destination Port ( 5 ) please choose „Any“ .
Please switch the interface ( 6 ) to VPN and open the requester window .
Choose „VPN 32.ZenMate“ and confirm with „OK“ ( 7 ).
On this connection type, all traffic out of subnet 2 – 192.168.100.0 / 24 will be routed into the internet over ZenMate Security and Privacy VPN.
Please be advised: If ZenMate Security and Privacy VPN connection
is not active or interrupted, no connections out of subnet LAN 2 will be routed to the internet, as this ensures, that an uncrypted connection into the internet out of the
guest / client WIFI is not possible at any time.
Connections to the internet out of subnet LAN 1 – 192.168.1.0 / 24
will be routed over Default WAN into the internet.
Please enter - Wireless LAN(2.4GHz) >> General Setup and after
Wireless LAN(5GHz) >> General Setup
Here you need to enable 2nd SSID and rename that i.e. to ZenMate HotSpot.
Enable the option "Isolate Member", to prevent access between the wireless clients.
Under "Rate Control" you can define a bandwidth limit for the 2nd SSID.
Our example uses a max. Downspeed of 3 Mbit and a max. Upspeed of 0,3 Mbit. These limits will be shared by all wireless clients , that are connected with the 2nd SSID.
Under "Associated Schedule Profiles" you can configure up to 4 time-based profiles, to run a schedule based WIFI, i.E. Mo.- Fr. from 8:00 – 18:00.
If you want to offer your guests or clients an WPA/WPA2 protected WIFI,
please enter - Wireless LAN(2.4GHz) >> Security Settings and
Wireless LAN(5GHz) >> Security Settings.
There you can switch "SSID2" under "Mode" to i.e. Mixed (WPA + WPA2) PSK and under "Pre-Shared Key(PSK)" you just enter your security key.
For the ZenMate legally secure of this connection, it is unimportant, if you offer the wireless access for the 2nd SSID ( LAN2 - ZenMate HotSpot ) crypted or unencrypted.
If you have used this guide to configure your guest-/client-WLAN ( SSID2 ) , all outgoing connections from this subnet ( LAN2 – 192.168.100.0 / 24 ) will use ZenMate Security and Privacy VPN only.
Access from subnet LAN2 to subnet LAN1 is not possible, as long as you didn´t enabled - LAN >> General Setup - Inter-LAN Routing.
To prevent access from LAN2 to the routers setup menu, please go to
- System Maintenance >> Management – and disable "LAN Access Control".
Access from LAN1 to the routers setup menu will be always possible.
