This article discusses how to work with Windows VPN with Datto's DNA using the Shrewsoft client.
- You must have the Shrewsoft client installed to use Windows VPN with the DNA. Access the downloads here: https://www.shrew.net/download/vpn
Note: for Windows 10, use version 2.2.2-release
For all installs, use the Standard version.
- The DNA must be the edge router and not behind another router. Using Windows VPN may not work if the DNA is behind another router.
To configure Windows VPN:
- Launch the ShrewSoft application. It may appear as "VPN Access Manager."
- Click the Add button.
- Choose the General Tab and enter the following information
- Configure the IP with the IP that shows on your DNA interface.
- Set Port to 500 if it isn't already.
- From the Auto Configuration drop-down menu, select "ike config pull."
- From the Adapter Mode drop-down menu, select "Use virtual adapter and assigned address."
- Choose the Access Manager’s Authentication Tab and then choose the Credentials subtab.
- From the Authentication Method drop down menu, select "Mutual PSK + XAuth."
- In the Pre Shared Key field, enter the Shared Key that you set up when setting up a client VPN on the DNA. Access the Shared Key from the DNA’s Security tab in the Client VPN section.
- Choose the VPN Site Configuration’s Phase 1 tab.
- Set the Exchange type to "Main."
- Set DH Exchange to "group 2."
- Lastly, choose the Policy tab.
- Set the Policy Generation Level to “Unique.”
- Deselect the Obtain Topology Automatically or Tunnel All checkbox.
- Click the Add button to add network information about the LAN that you are connecting to.