Setting up a VPN Tunnel on two (2) routers

A Virtual Private Network (VPN) is a connection between two endpoints - a VPN router, for instance – in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This establishes a private network that can send data securely between these two locations or networks through a "tunnel." A VPN tunnel connects the two PCs or networks and allows data to be transmitted over the Internet as if it were still within those networks. It is a connection secured by encrypting the data sent between the two networks.

To setup a VPN Tunnel on a Linksys router you need to perform four steps:

  1. Connecting Devices Together
  2. Verifying the VPN Settings Needed on the Two Routers
  3. Configuring VPN Tunnel settings on Router A
  4. Configuring VPN Tunnel settings on Router B

Connecting Devices Together

Before connecting to a VPN tunnel you need to ensure that there is an active Internet connection between the two routers that will communicate. For instructions, click here. After ensuring that there is an active Internet connection, you need to verify the VPN settings. To verify the VPN settings of the two routers, follow the instructions below.

Verifying the VPN Settings Needed on the Two Routers

In order for you to successfully configure a VPN tunnel, you need to take note of the settings needed to set-up a tunnel. To verify the settings needed for your VPN Tunnel follow the steps below.

Step 1:
Access the router’s web-based setup page. For instructions, click here.

NOTE: If you're using a Mac to access the router's web-based setup page, click here.

Step 2:
Click Status then Gateway and take note of the Internet/WAN IP address.

Router A’s Status page:

Router B’s Status page:

Step 3:
Click Status then Local Network and take note of the IP address.

Router A’s Status page:

Router B’s Status page:

NOTE: If the screen on your router’s web-based setup page looks different, click here.

Step 4:
Make sure the Local IP Address of the two routers are different. Take note that the Local IP Address of Router A will be Router B’s Remote Secure Group.

NOTE: To change the local IP address of a Linksys router, click here.

In this example, we will use the following:

Step 5:
After verifying the settings needed to setup a tunnel, you need to configure the settings on Router A. For instructions, follow the steps below.

Configuring VPN Tunnel settings on Router A

 

Step 1:
Access the router’s web-based setup page. For instructions, click here.

NOTE: If you're using a Mac to access the router's web-based setup page, click here.

Step 2:
When the router’s web-based setup page appears, click Security then VPN.

NOTE: If the screen on your router’s web-based setup page looks different, click here.

Step 3:
Select the Tunnel entry you wish to create.

Step 4:
Look for VPN Tunnel then select Enabled.

Step 5:
Under Tunnel Name enter the name you want to set your tunnel. In this example Tunnel 1 was used.

Step 6:
Look for Local Secure Group and select either Subnet, IP Addr. or IP Range, then on the fields provided enter the appropriate values of the router. In this example, we selected Subnet and entered “192.168.1.0” for the IP and “255.255.255.0” for the Mask.

Step 7:
Under Remote Secure Group, select either Subnet, IP Addr., IP Range, Host or Any, then on the fields provided enter the appropriate values of the remote router. In this example, we selected Subnet and entered “192.168.2.0” for the IP and “255.255.255.0” for the Mask.

Step 8:
Look for the Remote Security Gateway drop down menu and select either IP Addr., FQDN or Any, then enter the WAN/Internet IP address or the DDNS of the remote router. In this example, we selected IP Addr. and entered “10.100.16.60” for the IP Address field.

 

Step 9:
Under Encryption, select the encryption level you wish to enable on your tunnel. In this example we used DES.

NOTE: Make sure the Encryption level selected is the same with the router you wish to establish a VPN tunnel with.

Step 10:
Under Authentication, select the authentication mode you wish to enable on your tunnel. In this example we used MD5.

NOTE: Make sure the Authentication mode selected is the same with the router you wish to establish a VPN tunnel with.

Step 11:
Under Key Management, select Auto (IKE).

Step 12:
Make sure PFS (Perfect Forward Secrecy) is Enabled. This will ensure that the initial key exchange and IKE proposals are secured.

Step 13:
Under Pre-shared Key, enter the key you want to enable on your tunnel. In this example “MySecretKey” was used.

Step 14:
Under Key Lifetime, enter the time period you want the key to expire on your tunnel. In this example “3600” was used.

NOTE: Make sure the Pre-shared Key and Key Lifetime entered are the same with the remote router.

Step 15:
Click .

Step 16:
After verifying the settings needed to setup a tunnel, you need to configure the settings on Router B. For instructions, follow the steps below.

Configuring VPN Tunnel settings on Router B

Step 1:
Access the router’s web-based setup page. For instructions, click here.

NOTE: If you're using a Mac to access the router's web-based setup page, click here.

Step 2:
When the router’s web-based setup page appears, click Security then VPN.

NOTE: If the screen on your router’s web-based setup page looks different, click here.

Step 3:
Select the Tunnel entry you wish to create.

Step 4:
Look for VPN Tunnel and select Enabled.

Step 5:
Under Tunnel Name, enter the name you want to set your tunnel. In this example Tunnel 1 was used.

Step 6:
Look for Local Secure Group and select either Subnet, IP Addr. or IP Range, then on the fields provided enter the appropriate values of the router. In this example, we selected Subnet and entered “192.168.2.0” for the IP and “255.255.255.0” for the Mask.

Step 7:
Under Remote Secure Group select either Subnet, IP Addr., IP Range, Host or Any, then on the fields provided enter the appropriate values on your router (this values should be from the remote router). In this example we select Subnet and enter “192.168.1.0” for the IP and “255.255.255.0” for the Mask.

Step 8:
Look for the Remote Security Gateway drop down menu and select either IP Addr., FQDN or Any, then enter the WAN/Internet IP address or the DDNS of the remote router. In this example, we selected IP Addr. and entered “22.15.160.53”  for the IP Address field.

 

Step 9:
Under Encryption, select the encryption level you wish to enable on your tunnel. In this example we used DES.

NOTE: Make sure the Encryption level is the same with the router you wish to establish a VPN tunnel with.

Step 10:
Under Authentication, select the authentication mode you wish to enable on your tunnel. In this example we used MD5.

NOTE: Make sure the Authentication mode is the same with the router you wish to establish a VPN tunnel with.

Step 11:
Under Key Management, select Auto (IKE).

Step 12:
Make sure PFS (Perfect Forward Secrecy) is checked. This will ensure that the initial key exchange and IKE proposals are secured.

Step 13:
Under Pre-shared Key, enter the key you want to enable on your tunnel. In this example “MySecretKey” was used.

Step 14:
Under Key Lifetime, enter the time period you want the key to expire on your tunnel. In this example “3600” was used.

NOTE: Make sure the Pre-shared Key and Key Lifetime entered are the same with the remote router.

Step 15:
Click .

Step 16:
Click .

 

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT

Linksys Premium Technical Support

For technical support beyond your warranty period, or for assistance with advanced features not covered by basic support, you have several options.  Learn More