How to setup Site-to-Site VPN between Unifi USG and Draytek Vigor

Heang Yuthakarn
3 min readMay 17, 2020

--

This article describes how to configure a site-to-site VPN on an UniFi Security Gateway (any model: USG and USG-PRO-4) and a Draytek Router (any Vigor series) on Manual IPSec.

The configuring in this article is worked on
- UniFi USG v.4.4.51.5287926 and
- Draytek Vigor 2210 v.3.6.8.6
Upgrading the firmware may not guarantee VPN to continue working.

This demonstration assumes we have WAN and LAN IP addresses on both devices as below picture.

Unifi USG

Configuring a site-to-site VPN in the UniFi Network Controller can be done in Settings > Networks > Create New Network. Then set up the network as below picture. (Change configuration as a highlight)

Don’t forget to note down Pre-Shared Key as we need to use it again when configuring Draytek Router.

Draytek Vigor

You need to Enable IPSec before configuring a site-to-site VPN by goto VPN and Access Control > Remote Access Control. Then Enable IPSec VPN Service as shown in the below picture.

Next Step. Configuring a site-to-site VPN in the Draytek Router can be done in VPN and Remote Access> LAN to LAN > Select an Empty Index. Then set up the profile as below picture. (Change configuration as a highlight)

Before clicking “OK” button, click “Advanced” button in 2. Dial-Out Settings section. Then set up the IKE advanced settings as below picture. (Change configuration as a highlight)

Establish the VPN Connection

Normally, when either side tries to communicate with another (for example, 192.168.0.1 ping to 192.168.5.1 and vice versa). The IPSec tunnel will be established.

But Draytek provides easy to establish and monitor VPN connections. To establish the site-to-site VPN connection from Draytek goto VPN and Remote Access> Connection Management > Click Dial button. Wait for about 10 seconds, you will see the connection established like below picture.

Side Notes:

  • Configuring both dial-in and dial-out on Draytek router will create 2 tunnels instead of 1. This doesn’t interrupt from working. But since Draytek Vigor 2110 supports up to only 2 VPN connections, this prevents me to log in remotely using roaming VPN.
  • On Unifi Controller, you can add a VPNs widget to your own dashboard to see VPN connection status like the below picture.

--

--

Heang Yuthakarn

Data Engineer | Infrastructure | Gadget Crazier | Drama King