Vigor - Example VPN Setup using PPTP or IPSec
Teleworker to Head Office

In this step-by-step example, we have a Vigor router at a head office ready to accept incoming 'calls' from a remote teleworker who is using just a regular modem connection (but it could equally be ISDN, cable or ADSL). The picture above shows a private LAN address (subnet) of 10.0.0.X, so our teleworker will get an address in that same range when he connects and should be able to access the resources of all other PCs on the LAN.

The teleworker has just a single PC and does not have a router, so relies on the PPTP client built into Windows 98, ME, NT4, 2000 or Windows XP. (Windows 98 will require Dialup Networking Upgrade 1.3, which is a free download from Microsoft).

Please note : The VPN facility is not available on all models; please check the current published specification for your particular model of router. If you have an older router, then it may be upgradable to VPN with the latest firmware.

Step 1 - Set up the router

First of all, we have to enable dial-in access :

If you have changed the router's default IP address (from 192.168.1.1) then you must make sure dial-in teleworkers are allocated addresses from the new IP range, from the PPP General Setup menu. Do no to fill or enable in the mutual authentication boxes. Click OK.

Next, go to the Remote Dial-in user Setup screen :

Select one of the ten entries for your first user. In this example, we will use entry 1.

Tick the 'enable button' and enter a username and password for this user. Both username and password are case sensitive (i.e. Freddy is not the same as freddy). Be sure of what you enter. Now select 'PPTP' as the 'Allowed Dial-in Type' and deselect any other protocols ticked.

Click OK and that's the router set up and ready to open a tunnel to the remote user. You should now reboot the router, so that the new Dial-in settings are activated. Now you have to set up the client.

Using L2TP over IPSec encryption

If your remote teleworker supports IPSec encryption, then you can use this instead. You must firstly set a pre-shared key on the Vigor router and then in the dial-in user profile, select L2TP and force the connection to 3DES encryption :

For the client side, it is strongly recommended that you use DrayTek's VPN Smart Setup Client tool, as setting IPSec otherwise on a Windows client is quite complex.

In the Network and Sharing Center click on Setup a new connection or network.

Select Connect to Workplace.
On the next screen select the option No create a new connection.

Next you must enter the IP address, the public IP address of the Vigor router, in the Internet Address field. If the host connection has a fixed/static IP address from the ISP then the address will always be the same, but if they have a dynamic IP address then it will change, normally every time it reconnects to the ISP, and to deal with this a Dynamic DNS service is used to track the dynamic IP address. Note that in the below example, the address 211.45.... is not a real IP address - you must enter the routers public IP Address.

A final change is to select properties, and set the Type of VPN to PPTP.

Once your computer is connected to the remote network, the system tray will show a VPN connection and a connection message will appear momentarily:

Now you are connected, and you can browse the remote network (assuming it is a Windows based network over TCP/IP) You should now be connected to your workplace, and you will be able to view your desktop and have access to your files and folders just as if you are sitting at your desk.