Draytek IPSec VPN with Windows Vista

Version 1.1
PDF version pdf_icon
This page was last updated at 18-09-2007.

18-09-2007 Update: Jacco de Leeuw correctly pointed out that DES should be disabled in the IPSec general settings.

This tutorial will show the steps needed to connect a Windows Vista client computer to a Draytek using an IPSec VPN tunnel.

Please check for the latest version of this tutorial on www.fiereworks.nl, since new security issues could require different steps. If you find any errors, please contact me at info @ my domain name.

Note: These steps are created using a Draytek Vigor 2700 Series. Therefore some settings will not be available on other models, or placed elsewhere within the router's menu.

Draytek settings

IPSec general settings

  1. Login to the router by entering the IP address into your favorite web browser (e.g. Internet Explorer).
  2. Navigate to IPSec General Setup and enter your Pre-Shared Key. Create one using this excellent secure password generator. Be sure to remember the password!
  3. Deselect the Medium (AH) and High (ESP) DES IPSec security method.
IPSec-general

Windows Vista IPSec settings

Note: when performing the steps below to Windows Vista User Account Control (UAC) will ask for your permission to perform a task. You should click continue.

  1. Browse to Control Panel -> Choose Classic View -> Administrative Tools
    Control-panel
  2. In the Administrative Tools menu select Windows Firewall with Advanced Security (UAC asks permission).
    1. Select the connection security rules in the Windows Firewall with Advanced Security view.
      Windows-firewall
    2. In the Actions panel (right hand side) choose New Rule.
      actions
  4. The New Connection Security Rule Wizard is launched. Select Tunnel and click next.
    Wizard

  5. Endpoint one concerns the local network settings, and endpoint two concerns the settings of the Draytek router. Use the buttons Add to ad a range of ip addresses or a single address. Remote tunnel computer (closest to computers in Endpoint 2) is the WAN IP address of the Draytek router.
    Endpoint 2 below is setup as 192.168.2.0/24. This means that access to all the IP addresses in the 192.168.2.x is needed. If you need access to only one computer just insert only that IP address.
    Click Next when settings are complete.

    firewall-settings
  6. Choose Preshared Key and insert the key generated in step a of General IPSec settings.
    Preshared-key
  7. Select when this profile should be active. In our case we select all the fields.
    profile
  8. Choose a name for your rule and click finish.
    rulename
  9. You should see your rule in the Connection Security Rules
    finished