[Guide] Draytek router LAN to LAN PIA VPN

edited May 2015 in VPN Setup Support Posts: 10

How to configure a Draytek router to perform LAN to LAN VPN
with Private Internet Access and protect your whole network.

These steps were performed with a  Vigor2850n Firmware Version
which has a built in VDSL modem but should work on other Draytek models.

First you need to log into your Client Control Panel at IPA
and generate a PPTP/L2TP/SOCKS Username and Password.

In your router  go
into WAN >> General Setup. You have to disable any other interfaces
leaving just your ISP’s connection. It’s not enough to just have them not

Now go into VPN and Remote Access >> LAN to LAN and
click on the profile you want to configure.

Section 1:

Give it a name and click enable.

VPN Dial-Out Through WAN 1
Only ( or whatever your ISP is on )

Call Direction – Dial Out only and always on


Section 2: Dial Out Settings

Leave only L2TP with IPsec selected and change Policy to “Nice
to have”

In Server IP/Host Name for VPN enter the IPA hostname e.g  uk-london.privateinternetaccess.com

Under Username and password enter details from you IPA
control panel  (username should start
with x NOT p )

IKE Authentication Method click the Pre-Shared Key button
and enter mysafety as the key.


Section 5: TCP/IP Network Settings

Change “From first subnet to remote network, you have to do”
to NAT

Click on “Change default
route to this VPN tunnel ( Only single WAN supports this )”

Click OK to save.


Under VPN and Remote
Access >> Connection Management you should be able to dial IPA and after
a short delay see the VPN status.

I found the speed on my
connected machines was very slow until I changed the DNS settings to be those
at IPA under LAN >> General Setup.

Now check your IP address
from a machine on your LAN. It should match IPA and not your ISP ( you can see
your ISP in the online status page ).

Good luck

Post edited by CatWeazel on


  • Posts: 2
    Thank you for the guide and taking the time to do so CatWeazel
  • Thanks for the guide!

    I can confirm these settings are working on my 2820n (firmware
  • Posts: 2
    First off, thanks for the guide, it was a great help.
    However, by selecting:
    'Leave only L2TP with IPsec selected and change Policy to “Nice to have”'
    Does this not mean that the connection is not necessarily encrypted and simply an L2TP tunnel?
    I'm trying to find IPsec settings which work with the IPsec policy set to "Must" but no luck so far...

  • Posts: 1
    This guide really helped after a struggle, thanks.
    Does anyone know how to configure the Draytek to block internet access if the VPN tunnel is down so nothing leaks?
  • Posts: 1
    Hi, thanks for the guide, it helped a lot.
    I was struggling for a different reason though and I think it worth mentioning in case it catches others; I'd recently upgraded my firmware and I'd not noticed that my time settings had reverted 2000.  When I corrected the time on the router the VPN picked up straight away.
    Just thought I'd add it, in case it helps somebody else.

  • Tnx worked on my Draytek Vigor 2920n. Does anyone have the answer to the above question regarding the safety of 'nice to have' in comparison to 'must'?
  • Solved that, Draytek support informed me, and as you can also clearly determine if you would just read what is says: if connection is shown as green in the connection management, it is encrypted. If not, it isn't. In my case, it isn't. Did someone figure out how to make an encrypted tunnel to PIA with a Draytek router?
Sign In or Register to comment.