Archive for tag: Draytek

Draytek LAN to LAN VPN

We haev used Draytek routers for several years now. They are a very popular router for business use and have many of the features offered by the well known corporate brands such as Cisco and SonicWall. For businesses with more than one location, they offer a very good site to site VPN capability. This allows the networks at both locations to operate together using a secure connection. We always use the IPSec connection type.

IPSec is sometimes configured using security certificates, but on the Draytek it can be done using a Shared Key which is just a word or series of alpha-numeric characters which are entered on both routers.

Ideally the broadband connection at both locations should have a static IP address. However, it is only essential for one. For this example we will assume they both have a fixed external address as follows (the internal network address range is also shown in brackets):


The LAN to LAN VPN is created to allow all devices on each network to be able to connect to all devices on the other network using the new secure tunnel.

Here is a step by step guide:

  1. On the Draytek at SITE-A create a new LAN to LAN profile by selecting the next available index
  2. Name the profile and tick 'enable this profile'
  3. Set 'Call Direction' to Both
  4. On section 2. Dial out settings select 'IPSec Tunnel'
  5. In the Server IP/Host Name box enter the remote IP (
  6. Click the IKE Pre-Shared Key button
  7. A form appears where you enter the pass phrase exactly the same twice.(Remember this as you will need it for the second router)
  8. In the IPSec security method, select High(ESP) 3DES with Authentication
  9. On section 3. Dial-In Settings select ONLY IPSec Tunnel
  10. Tick 'Specify Remote VPN Gateway and enter the IP address (
  11. Tick the box for Pre-Shared key and then click the IKE Pre-Shared Key
  12. A form appears where you enter the pass phrase exactly the same as you entered in step 7. 
  13. Under IPSec Security Method, remove the tick from Medium and ensure DES 3DES and AES are ticked.
  14. In section 4. TCP/IP Network Settings, enter the Remote Network IP and mask ( /
  15. Leave the local details as as this is automatic.
  16. Click OK to save

For SITE-B, the setup is exactly the same, but of course with the address information for SITE-A in the connection details.

After configuring both of them, the link will show under Connection Management and will display in GREEN text to show that it is an IPSec encrypted VPN.

If the link is not active immediately, try to connect across the link using ping and this should trigger the connection immediately.

IT Support Kent

We are one of Kent's leading providers of managed IT Support services to SME and non-profits in Kent and London. Click the link below for more information.

IT Support Kent and London

Software Development Kent

Our software development team create web based database systems that help you to streamline business processes. Click the link below for more information.

Software Development Kent and London

Office 365 support and consultancy

Our dedicated cloud services team specialise in Office 365 consultancy, migration and implementation.

Office 365 support and consultancy