We’re using the Draytek Vigor 2862ac router to demonstrate this process, and we’re going to log on with an ExpressVPN account. You don’t need to install the Smart VPN application on this particular router; the settings can all be accessed via the normal router interface.
To log on, try typing 192.168.0.1 into your browser’s address bar. This often brings up the login page. Otherwise, refer to your manual or your ISP’s instructions.
One final tip: turn off Auto Logout, if it’s active. You’ll need to fill out a large form, and if you’re logged out part-way through, the information won’t be saved.
To get started:
- Log on to your router’s admin interface.
- Find the VPN settings. This will be different for every model, but on our Draytek Vigor 2862ac, the menu option is on the left-hand side: VPN and Remote Access.
- We’re going to connect from one network to another, so we need to click LAN to LAN.
- Add your provider as a new profile in a spare slot. We’re using the slot marked 1. Click it to open the Profile page.
- Configure the profile as follows. The layout of the Draytek page here is not very intuitive, but if we’ve not mentioned an option, just leave it at the default. If your router differs, you should be able to figure out what you need by loosely following this example.
- Common Settings row:
- Profile Name: Any name; we’re using ExpressVPN
- Enable this profile: Check the box here
- VPN Dial-Out Through: Select the WAN port that you’re using here. If you’re not sure, check the Dashboard page, and come back.
- Call direction: Select the Dial-Out radio button
- Tunnel mode: Select Always On and leave the other fields on their default values
- Dial-Out settings row:
- Type of server: PPTP
- Server/IP Host Name for VPN: Paste in the name of the server that you copied from the ExpressVPN list
- Username and Password: Paste in your PPTP credentials from the ExpressVPN website; other credentials won’t work here
- PPP Authentication: Ensure PAP/CHAP/MS-CHAP/MS-CHAPv2 is selected
- Dial-In Settings box:
- Allowed Dial-In Type: Uncheck any boxes that are pre-selected
- Leave all other fields on their default values
- GRE Settings:
- Leave blank
- TCP/IP Network Settings:
- Remote network IP: Type an internal IP address here. Make sure it that is not an IP on your internal network or the public internet. Copy our example if you’re not sure what to put. Leave the other fields as they are. We’ll explain why this is necessary in the section about DNS leaks below.
- From first subnet to remote network, you have to: Select NAT
- Change default route to this VPN tunnel: Check this box. Note: this option only appears once you’ve selected NAT in the drop-down above it.Click OK to save the profile.
Once you’ve saved everything, you’ll be returned to the LAN to LAN page you started on. Don’t panic if you initially see Offline in the status column here. Give it a few seconds, then click LAN to LAN again. You should now see Online in green.
Under VPN and Remote Access on the left, click Connection Management to ensure that the encryption is correctly set up.