Central VPN Management (CVM) on Vigor3900
Posted by Roy Panetta on 10 October 2018 02:59 PM
Central VPN Management (CVM) is built into DrayTek routers. It is used to configure and monitor VPN connections from the central router running CVM and branch routers.
Building and managing VPN connections between multiple sites can be a time consuming and frustrating if the VPN tunnels do not come up. Usually for IPSec VPN tunnels there are many parameters to synchronise as well as security associations to build. These include Pre-Shared key, subnet, encryption mode and so on. It just takes one wrong parameter to be entered for the VPN to fail to come up and sometimes you need to trace through the settings or capture the VPN syslogs to discover where you went wrong. Using CVM, it just takes a few clicks and the routers will self-configure the VPN tunnel, thus taking the frustration out of the configuration process.
This application note describes the configuration process to set up CVM on the Vigor3900 to create and manage VPN tunnels up to 16 CPE devices.
The network topology we will be using is shown in the diagram below.
The Vigor3900 is the CVM server and will establish VPN tunnels to each of the CPE routers.
Step 1: Configure the Vigor3900 as the Central VPN Management Router
1. Go to Central VPN Management >> General Setup >> General Setup menu.
2. Configure VPN General Setup
3. Allow Access to Router Management
Step 2: Configure TR069 in CPE Devices
Part A: Enable Remote Management
The router will restart to save the settings.
Part B: Enable TR069 Settings
Vigor2926-B / Vigor2926-C
Configure the other CPE devices similarly to Vigor2926-A router. They all should show the green icon appear indicating that communication has been established with the CVM server.
Step 3: Edit the Managed Device List in the Vigor3900
In the CVM Router (Vigor3900) go to Central Management>>VPN>>CPE Management menu.
You should see the CPE devices in the Managed Devices Status page. A green tick below the CPE shows that it is online.
Selecting a CPE and clicking on Edit allows the Name and Location to be entered.
Step 4: Establishing VPN connections
To establish VPN connection: Go to Central Management >> VPN >>CPE Management menu.
The VPN tunnels will take a few seconds to be automatically configured and brought online.
Once the VPN tunnels are established they will be listed in the connected devices section on this page as shown below.
With CVM, we can also perform CPE maintenance tasks from the central router, such as backup and restore configurations as well as firmware upgrades. To carry out CPE Maintenance tasks, go to Central Management >> VPN>>CPE Management >> CPE Maintenance menu.
Click on Add in the Maintenance section to create a profile.
Now select the required device and action to perform including the scheduled time and date for the action.
Firmware files can be uploaded to the CVM router by clicking on the File Explorer tab on this page. The backed-up configuration files can also be downloaded to your computer via File Explorer. Choose the filename and click Download, and the file will be saved to the directory.