V. VPN (Virtual Private Networking)
ExpiredTeleworker VPN - IPsec XAuth - Windows Client
DrayTek routers running 3.8.9.1 or later firmware support IPsec with XAuth authentication, which allows many VPN clients to authenticate with a username and password. With IPSec XAuth you are not limited to pre-shared key because each teleworker can use their unique credentials.
This article demonstrates how to create an IPsec Xauth tunnel between Vigor Router and a Windows client such as Shrew Soft VPN Client.
Vigor Router Configuration
1. Go to [VPN and Remote Access] > [IPsec General Setup]
a. Enter Pre-Shared Key for Xauth User
b. Click OK to save
2. Go to [VPN and Remote Access] > [Remote Dial-in User]
a. Enable User account and Authentication
b. Allow IPsec Xauth dial-in type
c. Enter Username and password
d. Click OK to save.
Windows VPN Client Configuration
1. Download VPN client software for windows which supports IPsec Xauth. Here we use Shrew Soft VPN Client as example.
2. Open VPN Access Manager.
a. Click Add.
b. In general setup, enter VPN Host Name or Server IP Address.
c. In Authentication setup, select Mutual PSK+XAuth
d. Set identification to IP Address and any for Local Identity and Remote Identity, respectively
e. Enter Pre-Shared Key for XAuth User
f. In Phase1 tab, set Cipher Algorithm to aes
g.In Phase2 tab, set Transform Algorithm to esp-aes
h. Click Save
i. Open the VPN profile and enter the username and password of the dial-in user to create the IPsec VPN tunnel
- First Published: 09/04/2020
- Last Updated: 22/04/2021