Configuring VPN Load Balance using DrayTek Routers

This guide will show you how to configure VPN load balance between two DrayTek routers. In the example we use the Vigor3900 as the Head Office router and the Vigor3200 as the Branch office router.

Head Office  (Vigor3900)		Branch Office (Vigor3200)
WAN1: 10.10.10.1	GRE: 10.0.0.1	WAN1: 10.10.10.2	GRE: 10.0.0.2
WAN2: 10.10.1.1	GRE: 10.0.0.3	WAN2: 10.10.1.2	GRE: 10.0.0.4
LAN IP:           192.168.1.1		LAN IP:              192.168.10.1

 

For VPN load balance configuration we will need to enable GRE over IPSec VPN in both the Head Office router and the Branch Office router.

Head Office Router Configuration

Step 1: Set up two IPSec VPN profiles on Vigor3900

Go to VPN and Remote Access>>LAN to LAN configuration menu.

Click on Add to add a VPN profile

On the next page enter the required details.  Here we enable this profile (VPN1) and  select “always on”.  Enter the required details as shown in the diagram below

Leave “Advanced” settings at default values.

Enter GRE settings

Enter IKE Proposal Settings

Repeat the above procedure for second VPN profile (VPN2)

VPN2 GRE Settings

VPN1 and VPN2 Configured

Step 2: Configure VPN Load Balance

Go to VPN and Remote Access>>VPN Trunk Management configuration menu. 

Select Load Balance Pool and click on Add to add a VPN Load Balance Pool profile

Create Profile  (Pool1) and click apply

After profile created, Select profile “Pool1” and click on Edit to configure this profile.

Select Load Balance Tab and select two VPN profiles (VPN1 and VPN2) for Interface.

Click Apply to save

Select Load Balance Rule Tab and click on Add

Enter required details, Select Load Balance Pool created in previous step and Click on Apply.

Load Balance rule now created.

Remote Office Router Configuration

Step 1: Set up two IPSec VPN profiles on Vigor3200

VPN1 Configuration

Go to VPN and Remote Access>>LAN to LAN configuration menu.

Click on the first index to add a VPN profile.

Enter the required details:

1. 1. Enable VPN Profile and give it a name.
   2. Set to Dial-Out and Always on
   3. Select Dial-Out Settings to IPsec Tunnel
   4. Enter IKE Pre-Shared Key for IKE Authentication Method 
   5. Select High (ESP) DES Without Authentication for IPsec Security Method
   6. In GRE over IPsec Settings Enable IPsec Dial-Out function GRE over IPsec and enter GRE IP addresses
   7. In TCP/IP Network Settings section enter the remote and local IP address details.

VPN2 Configuration

Repeat the steps for VPN1 configuration but configure for WAN2 using WAN2 details.

Step 2: Configure VPN Load Balance

Go to VPN and Remote Access >> VPN TRUNK Management configuration menu.

1. Under General Setup menu select the two VPN profiles and assign them to Member 1 and Member 2.
2. Select Enable for Status and select Load Balance for Active Mode.
3. Then Click [Add]

You should now see the VPN trunk listed under Load Balance Profile List as shown below:

Now Go to VPN and Remote Access >> Connection Management configuration menu, you will see the VPN tunnels are up and running in Load Balance mode.