IKEv2 EAP VPN - v2960/v3900 to Perfect Privacy
For the configuration it is necessary that the router uses a firmware version 1.5.0 or higher.
In this manual we explain how to establish an IKEv2 EAP VPN tunnel from your v2960 or v3900 router to a Perfect Privacy-Server server.
Perfect Privacy Settings
- Server selection
- From the list of available servers, select the appropriate server that you want to use for the VPN.
- In the following picture "berlin.perfect-privacy.com" is our recommended Perfect Privacy server.
Settings on the Vigor router
1. The router should have an active WAN connection.
2. The time and date settings should be up-to-date.
4. Go to Certificate Management >> Trusted CA Certificate and click on "Upload".
5. Then select the downloaded certificate and transfer it to the router.
6. After successful upload the certificate appears in the overview.
7. Create the VPN profile under "VPN and Remote Access >> VPN Profiles >> IPsec"
Click Add to open the window for creating a new VPN profile.
Under the Basics tab you make the following settings:
- Enable ensures that the profile is active.
- Dial-Out Through defines the WAN port to be used.
- Local IP / Subnet Mask defines the LAN network that the VPN should use.
- For Remote Host enter the VPN server of your choice.
- Enter 0.0.0.0 and 0.0.0.0/0 as Remote IP / Subnet Mask.
- The IKE Protocol must be set to IKEv2_EAP.
- Use your Perfect Privacy credentials for Username and Password.
Go to Advance tab.
The option Set VPN as Default Gateway must be set to Enable.
Go to Proposal tab:
- IKE Phase1 Proposal [Dial-Out] = AES256 G14
- IKE Phase2 Proposal [Dial-Out] = AES256 with auth
After all settings have been applied, the new profile appears in the overview
If the tunnel is successfully established, it will be displayed in Connection Management.