Get ExpressVPN on your router.
Need a VPN for your router?
Get ExpressVPN Now
Refer a friend to use ExpressVPN.
Love ExpressVPN? Want a free month?
Refer a Friend Now

This tutorial will show you how to set up ExpressVPN on your DrayTek router using the L2TP/IPsec protocol.

Important: L2TP/IPsec provides weak security benefits and should only be used for anonymization or for changing locations.

The steps below were tested on the Vigor 2926. However, the L2TP/IPsec setup may not work on all DrayTek models.

DrayTek DrayOS routers include: Vigor 2120, 2132, 2133, 2710, 2760, 2762, 2820, 2830, 2850, 2860, 2862, 2920, 2925, 2930, 2926, 2952, 3200, and 3220.

Sections

1. Find your ExpressVPN account credentials
2. Configure your DrayTek router with the VPN
3. Configure split tunneling on your DrayTek router
Connect to a different VPN server location
Disconnect from a VPN server location


1. Find your ExpressVPN account credentials

Go to the ExpressVPN setup page. If prompted, enter your ExpressVPN credentials and click Sign In.

Enter your account credentials, then click "Sign In."

Enter the verification code that is sent to your email.

On the right, select PPTP & L2TP/IPsec.

Click "PPTP & L2TP/IPsec."

This will show you your username, password, and a list of server addresses around the world.

This will show you your username, password, and a list of server addresses around the world.

Keep this browser window open. You will need this information for the setup later.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


2. Configure your DrayTek router with the VPN

In your browser’s address bar, enter your router’s IP address to access the router’s admin dashboard.

In the left sidebar, click VPN and Remote Access > LAN to LAN.

Click “LAN to LAN.”

In the Index column, select a number to create a new VPN profile.

Once in the profile, enter the following information:

1. Common Settings:

  • Profile Name: Enter any name that will help you recognize your VPN connection. For example: ExpressVPN LA.
  • Enable this profile: Check this box.
  • VPN Dial-Out Through: Select a Dial-Out WAN policy (e.g., WAN1 First).
  • Call Direction: Select Dial-Out.
  • Always on: Check this box.

Enter information for “Common Settings.”

2. Dial-Out Settings:

  • Type of server I am calling: Select L2TP with IPsec Policy and Must.
  • Server IP/Host Name for VPN: Enter one of the server addresses provided (e.g., la-abc-abcd.abcde.com).
  • Username: Enter the username you found earlier.
  • Password: Enter the password you found earlier.
  • IKE Authentication Method: Select Pre-Shared Key and enter 12345678.
  • IPsec Security Method: Select High(ESP) and AES with Authentication.

Enter information for “Dial-Out Settings.”

5. TCP/IP Network Settings:

  • Remote Network Mask: Select 0.0.0.0 / 00.
  • From first subnet to remote network, you have to do: Select NAT.
  • Change default route to this VPN tunnel: Check this box.

Enter information for “TCP/IP Network Settings.”

Click OK.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


3. Configure split tunneling on your DrayTek router

You can use the Policy Route feature, which allows you to select which traffic goes through the VPN tunnel and which does not.

In the left sidebar, click Routing > Load-Balance/Route Policy.

Click “Load-Balance/Route Policy.”

In the Index column, select a number to create a route.

Once in the profile, enter the following information:

  • Enable: Check this box.
  • Comment: Enter any name that is meaningful to you. For example: to_ExpressVPN.
  • Protocol: Select Any.
  • Source: If you want to send all outgoing traffic through the VPN tunnel, select Any. If you want to send the outgoing traffic of a particular LAN (e.g., Guest LAN) through the VPN tunnel, select IP Subnet, then enter the appropriate information for Network and Mask.
  • Destination: Select Any.
  • Destination Port: Select Any.
  • Interface: Select VPN and the VPN connection you created earlier.
  • Gateway: Select Default Gateway.
  • Failover to: If you want another network to be used when the option you selected for Interface (e.g., VPN) is offline, check this box and select an appropriate network.
  • Gateway: Select Default Gateway.
  • Failback: If you want your traffic to be immediately routed through the option you selected for Interface (e.g., VPN) when it is online again, check this box.

Enter the information for your “Route Policy.”

Click OK.

To verify your traffic is flowing through the VPN tunnel, go to VPN and Remote Access > Connection Management.

Once you are successfully connected to the VPN, your connection profile will be shown in green under VPN Connection Status.

Once you are successfully connected to the VPN, your connection profile will be shown in green under “VPN Connection Status."

You can also verify your connection by using ExpressVPN’s IP Address Checker to check your IP address. If you are connected properly, the IP address shown will correlate to the location you are connected to via the VPN.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


Connect to a different VPN server location

To connect to a different VPN server location, create a new VPN profile with a different server address.

After creating a new VPN profile, click Routing > Load-Balance/Route Policy. For Interface, select the new VPN profile you created. Note that only one VPN connection is allowed at any time.

Afterward, you can create a new Route Policy if you only want to send specific traffic to the new VPN profile.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top


Disconnect from a VPN server location

To disconnect from a VPN server location, click VPN and Remote Access > LAN to LAN.

Under 1. Common Settings, uncheck Enable this profile. Click OK.

Need help? Contact the ExpressVPN Support Team for immediate assistance.

Back to top

Hjalp denne artikel dig?Ja Nej
Got it. Could you tell us more?