This is a tutorial will help you connect a Draytek router via L2TP/IPsec.

You will have to login to your router’s web interface to configure VPN

1. Make sure the router is connected to the Internet. Keep in mind the router's WAN IP or domain name.

2. Go to VPN and Remote Access >> Remote Access Control Setup to make sure "Enable IPsec VPN Service" and "Enable L2TP VPN Service" are checked.


3. Create a remote dial-in user profile: Go to VPN and Remote Access >> Remote Dial-in User, click on an available index to edit the profile.

4. Edit the profile as follows:

  • Check Enable this profile

  • For Allowed Dial-In Type, check L2TP and set IPsec Policy to "Must"

  • Give it a username and password

  • Click OK to save.

5. Go to VPN and Remote Access >> IPsec General Setup, enter a Pre-Shared key and confirm it again. Then click OK to save.

Now, the router is ready for remote dial-in clients. Network Administrator may check the online users from VPN and Remote Access >> Connection Managementpage.

Establishing VPN from Windows 10

1. On Windows PC, go to Settings >> Network & Internet >> VPN, click Add a VPN Connection.

2. Enter the router's WAN IP or domain name in Server name or address, select VPN type as “L2TP/IPsec with pre-shared key”, and enter the Pre-shared key we set in router' IPsec General Setup.

3. To establish the VPN, click on the VPN connection, and click Connect.

4. It will pop up a sign-in window, enter the username and password set in router's VPN user profile.

5. If the credentials are correct, VPN will be connected.

Note: It's recommended to change default IPsec Key Exchange algorithms for higher security.

It can be configured in Windows firewall with advanced security --> (right panel) Properties --> IPsec Settings --> Customize IPsec defaults --> Key Exchange (advanced)


If VPN cannot establish, you may enable more protocols for authentication for a try. Go to Control Panel > Network and Internet > Network Connections, right-click on the connection of VPN to Vigor, and Properties. In Security Tab, enable both "PAP" and "CHAP" for Authentication, then click OK to apply.

Now your traffic should go through LimeVPN! You can visit to confirm the successful VPN connection.


Did this answer your question?