Apple has changed their certificate security requirements, and it affects the SmartVPN app on iOS13 and macOS 10.15 to create a connection if the Vigor VPN servers are using Self-Signed Certificate. To meet the new security policy of Apple, there have two solutions:

1. For better security level, we recommend applying a DrayDDNS domain and sign it with Let’s encrypt or import a local CA which is signed by a Certification Authority.

2. Using the following firmware version and regenerate the new Self-Signed Certificate.

 Method 1

For a better security level, we recommend applying for a DrayDDNS domain and sign it with Let’s Encrypt or import a local CA signed by a Certification Authority.
After that, selecting the CA on SSL VPN >> General Setup.
For more configuration information, please refer to this article, Use Let’s Encrypt Certificate for your DDNS Domain 

Method 2 – Regenerate self-signed certificate

Step 1

Navigate to System Maintenance >> Time and Date to make sure the router’s time settings are correct, and it’s better to match the client’s time zone. Because when authenticating the server’s identity, the client will check if the current time and date are within the server certificate’s validity period.

 

Step 2

Navigate to Certificate Management >> Trusted CA, click Build Root CA, fill out all of the information , select Key Size as 2048 and apply the settings.

 

Step 3

Go to Certificate Management >> Local Certificate, then click generate
a. Select ID Type as either Domain Name or IP address, depends on which one will the VPN client used for connecting to the server.
b. Type ID Value as the domain name or IP address of the router. It should be the IP address or domain name which VPN clients use for their Server settings.
c. Fill out all the information
d. Select “Enable” for Self Sign
e. Enter CA Key Passphrase to match the CA Key Passphrase of Root CA
f. Click Apply to finish

 

Step 4

Go to System Maintenance >> Access Control >> Access Control and select the local certificate created for Server Certificate, then click Apply to save.

 

Step 5

After the above configuration, the SmartVPN on iOS 13 can connect successfully.

MAC Devices

For MAC devices , it is  recommended to use Xauth or IKEv2 EAP for the VPN connection, to provide a more stable connection with better performance.

More details in the following knowledge base articles:

https://www.draytek.com/support/knowledge-base/5217

https://www.draytek.com/support/knowledge-base/5275