This article discusses how to work with Windows VPN with Datto's DNA using the Shrewsoft client.
- The DNA must be the edge router and not behind another router. Using Windows VPN may not work if the DNA is behind another router.
- You must have the Shrewsoft client installed to use Windows VPN with the DNA. Access the downloads here: https://www.shrew.net/download/vpn
Note: for Windows 10, use version 2.2.2-release
For all installs, use the Standard version.
To configure Windows VPN:
- Launch the ShrewSoft application. It may appear as "VPN Access Manager."
- Click the Add button.
- Choose the General Tab and enter the following information
- Under "Host Name or IP Address" input the "ASSIGNED PUBLIC ADDRESS". This is found under the Router Details in the DNA Web UI under Network Overview.
- Make sure Port is set to "500"
- Make sure Auto Configuration is set to "ike config pull"
- From the Adapter Mode drop-down menu, select "Use virtual adapter and assigned address."
- Click "Add" on the Access Manager’s page. Then click Authentication Tab and then choose the Credentials subtab.
- For "Authentication Method" Choose "Mutual PSK + XAuth"
- Now Click Credentials and under "Pre Shared Key" Enter the Authentication "Shared Secret key" from the Client VPN card in the DNA UI under the Security section.
- Click the Phase 1 tab
- Set the Exchange type to "Main."
- Set DH Exchange to "group 2."
- Lastly, choose the Policy tab.
- Set the Policy Generation Level to “Unique.”
- Deselect the Obtain Topology Automatically or Tunnel All checkbox.
- Click the Add button and then type the Subnet and Netmask of the Network(s) you would like to connect to. This will be found under the LAN settings in the DNA.
- Once this is done click Ok and Save.