NOTE: Important! If you want to configure a Keenetic router as a VPN server, make sure that it has a public IP address, and when using the KeenDNS service, that it works in the 'Direct access' mode. If any of these conditions are not met, it will be impossible to connect to such a server from the Internet.
Configure the VPN server according to the instruction: L2TP/IPSec VPN server. For example:
Then set up an L2TP/IPSec connection on your Android mobile device.
On the 'VPN' screen, add a new entry.
Specify the name, connection type 'L2TP/IPSec PSK', the server address is the public IP address of the router or its KeenDNS domain name, and enter the preshared IPSec key previously installed on the VPN server. Save the connection settings.
Click on the created connection.
Enter the username and password of the router user account that has permission for the VPN connection. Click the 'Connect' button.
After that, the VPN connection to the L2TP/IPSec server on the Keenetic router will be attempted.
To view the connection state, click on the VPN connection entry.
On the same screen, you can disable the VPN connection by clicking the 'Disconnect' button.
When a VPN connection running, you can see statistics of current connections on the Keenetic router.
If your Keenetic is located behind another router, you may need to do some extra steps to access the VPN server.
It is only possible to connect from the Internet to a VPN server with a private IP address if you have configured port forwarding on the upstream router with a public IP to the private IP address of Keenetic. L2TP/IPSec requires UDP 500 and UDP 4500 forwarding. Another option is to forward all ports and protocols, which on some routers is called DMZ.
A typical example of such a router is a CDCEthernet 3G/4G USB modem. It can get a public address from the ISP and give a private address to the Keenetic router. Port forwarding setup depends on the USB modem. There are the ones that forward all ports without any adjustments, and some of them have this option in their own web interface. And there are the ones where it is not allowed at all.
Another example of such a router is an optical GPON ONT. In such devices, the forwarding is configured in their web interface.
If the port forwarding is set up correctly, you can establish a VPN connection with an external public IP address of such a router. It will forward it to Keenetic's private address.