Hotline +49 1234 5678
DrayTek > Hilfe & Support > FAQ > IKEv2 EAP VPN - DrayTek Vigor Router v2960/v3900 to Perfect Privacy

IKEv2 EAP VPN - v2960/v3900 to Perfect Privacy

For the configuration it is necessary that the router uses a firmware version 1.5.0 or higher.

In this manual we explain how to establish an IKEv2 EAP VPN tunnel from your v2960 or v3900 router to a Perfect Privacy-Server server.

( für Deutsch klicken Sie hier )

Perfect Privacy Settings

1. Register under perfect-privacy.com

2. Download the Perfect Privacy Certificate.

3. Select a VPN server:

  • Server selection
  • From the list of available servers, select the appropriate server that you want to use for the VPN.
  • In the following picture "berlin.perfect-privacy.com" is our recommended Perfect Privacy server.
Perfect Privacy-Server

Settings on the Vigor router

1. The router should have an active WAN connection.

2. The time and date settings should be up-to-date.

Zeit- und Datumseinstellung

4. Go to Certificate Management >> Trusted CA Certificate and click on "Upload".

5. Then select the downloaded certificate and transfer it to the router.

Zertifikatsimport

6. After successful upload the certificate appears in the overview.

Trusted CA Übersicht

7. Create the VPN profile under "VPN and Remote Access >> VPN Profiles >> IPsec"

Click Add to open the window for creating a new VPN profile.

Under the Basics tab you make the following settings:

  • Enable ensures that the profile is active.
  • Dial-Out Through defines the WAN port to be used.
  • Local IP / Subnet Mask defines the LAN network that the VPN should use.
  • For Remote Host enter the VPN server of your choice.
  • Enter 0.0.0.0 and 0.0.0.0/0 as Remote IP / Subnet Mask.
  • The IKE Protocol must be set to IKEv2_EAP.
  • Use your Perfect Privacy credentials for Username and Password.
IPsec VPN-Profil

Go to Advance tab.

The option Set VPN as Default Gateway must be set to Enable.

IPsec Advanced

Go to Proposal tab:

  • IKE Phase1 Proposal [Dial-Out] = AES256 G14
  • IKE Phase2 Proposal [Dial-Out] = AES256 with auth
IPsec Proposals

After all settings have been applied, the new profile appears in the overview

VPN-Profilübersicht

If the tunnel is successfully established, it will be displayed in Connection Management.

VPN Connection Management
Copyright © 2022 DrayTek / uniVorx
Facebook Youtube Twitter
German English