This article helps you configure your Draytek-to-Smoothwall VPN. However, if you are unsure of how to configure your Draytek router, we recommend that you contact your Draytek Support service.
Procedure
- From your router's interface, go to VPN-remote access control.
- Ensure IPSec VPN is selected but the other options are not.
- VPN-LAN to LAN should now be selected.
- You will need to configure a profile with the IP or FQDN of the domain your Smoothwall is on. Make sure this profile is enabled and dial-out is always on:
- Dial-out settings should be set to IPSec tunnel
- IKE authentication method should be pre-shared key. Type in an agreed pre-shared key. This must then be entered on the Smoothwall as well. Check advanced has IKE phase1 and phase2 are set to AES128_MD5_G2
- Set IPSec security method to high – AES with authentication. Also, add server IP/hostname..
- On your Smoothwall interface:
- Browse to Network > VPN > IPSec subnets.
- Click Advanced.
In this example, the external IP is 82.231.211.25 and the internal IP is 172.18.55.1.
This will be different in each case but your Smoothwall setup should look like this:
- On the Draytek Router:
- In the case of this test example, in LAN-to-LAN under section 4, remote network IP would be 172.16.0.0 and remote network mask would be 255.240.0.0
- Local network IP (in this case) is 172.18.55.1 with mask of 255.255.255.0. These will obviously be different when configuring your own settings.
- Now go to System Maintenance > Management and make sure under Allow management from the internet only that HTTPS Server is selected. Also, clear the selection for Disable ping from internet.
- Under management port setup change the user defined ports as follows:
- Telnet –
9023
- HTTP –
9080
- HTTPS –
9443
- FTP –
9021
- SSH –
9022
- Telnet –