Working from Home with DrayTek VPN Solutions

With the current effort to slow the spread of the COVID-19 coronavirus, many businesses are looking at how they can operate by having employees work from home. Accessing company resources such as file servers and cloud servers, even PBX phone systems, is all possible over the Internet using a secure VPN (Virtual Private Network) but how is it done?

We will explain this below by first looking at VPN topology, then the types of VPNs available and the level of security and other advantages or disadvantages they offer. Then we’ll look at how to choose the most suitable router for the task.

VPN Topology for Working from Home

There are two basic VPN topologies to connect to an office network – LAN to LAN VPNs and Remote Dial-in VPNs.

A LAN to LAN VPN is used to connect multiple computers or devices to the main network. For example connecting a branch office to the head office, or connecting a single employee with multiple devices such as a laptop, tablet and IP Phone to the main office simultaneously. LAN to LAN VPNs require the use of routers at both ends which support LAN to LAN VPNs.

A Remote Dial-in VPN is used to connect a single device to another network. The connection from the remote device will be made using a software VPN client such as DrayTek’s free Smart VPN client. The receiving or server end will require a VPN server or a router which supports dial-in VPNs.

Types of VPNs

PPTP, IPSec, L2TP and SSL are all types of VPNs but which is the best to use and when?

PPTP is one of the simplest types of VPNs, requiring just a username and password to authenticate. It is quick and easy and can even be used to connect to a server with a dynamic public IP address.

L2TP offers a higher level of security than PPTP by adding an IPSec policy pre-shared key to authenticate.

IPSec offers the highest level of VPN security and is generally the way to go for business networks. It uses a pre-shared key with varying levels of encryption to authenticate. It generally requires a static (fixed) IP address at the server end but this can be worked around using DrayTek’s “Aggressive Mode” IPSec VPN which uses Peer ID to authenticate the connection.

SSL VPNs use the same HTTPS protocol used by secure websites. This means that they can usually connect to a server on the other side of a router without requiring any special configuration on the router to allow it. As long as the router allows HTTPS, an SSL VPN will work. DrayTek’s free Smart VPN Client has an option to use SSL and is supported on most operating systems.

The following table shows VPN compatibility and suggested VPN types to use with different operating systems on both Linux and DrayOS DrayTek routers.


Suggested Built-in VPN Type

For Windows clients, download Smart VPN Client to use SSL VPN.
For Android/mac OS/iOS, built-in VPN type is natively supported by the OS and no Smart VPN Client required.

OS Suggested VPN Type Matched VPN in DrayTek Router Security Advisory FAQ
Windows For V2960 & V3900 SSL(With Smart VPN Client) SSL For IPsec, use AES-SHA256 security method for highest security and best performance! link
For DrayOS Models L2TP over IPsec(Built-in) L2TP over IPsec link
Android For All Vigor Router Models IPsec XAuth(Built-in) IPsec XAuth link
macOS Cisco IPsec(Built-in) IPsec XAuth link
iOS IPsec(Built-in) IPsec XAuth link


Alternative VPN Type

For all clients, download Smart VPN Client for alternative VPN type.

OS VPN Type in Vigor Router Note FAQ
Windows For All Vigor Router Models SSL VPN or OpenVPN Download Smart VPN Client for free to dial SSL VPN and OpenVPN link
Android link
macOS link
iOS link


Which DrayTek router?

Two main factors decide which router will best suit your needs – What type of Internet connection you have and how many simultaneous VPNs you require.

The following table shows the number of supported VPN tunnels in models featuring an ADSL modem, or VDSL2 modem for NBN FTTN and FTTB connections.


VDSL2/ADSL2+ VPN Routers

The table below shows the number of supported VPN tunnels in models featuring an Ethernet WAN port which is suitable for Cable Internet and NBN FTTP, FTTC, HFC, Fixed Wireless and Sky Muster connections.


Broadband VPN Routers

The table below shows DrayTek products featuring a built-in LTE modem which just needs a SIM to connect to 4G. The Vigor LTE200n and 2620 LTE series can be configured in bridge mode to connect to more advanced routers like the Vigor3910 in the table above.


4G LTE VPN Routers

DrayTek VPN Matcher

Some ISPs only assign private IP addresses which are not suitable for VPNs. This is fairly common for example amongst LTE/4G providers. This makes it difficult to establish LAN to LAN VPN tunnels between two routers that are connected to LTE/4G networks. DrayTek’s VPN matcher is a solution developed by DrayTek which works around this problem by providing an authentication server known as the DrayTek VPN Matcher Server. This feature is currently available on the higher end routers such as the Vigor2862, Vigor2926 and Vigor3910 running the latest firmware. For more information click here.

For more information