---
title: "Setting up site-to-site on Linksys router"
slug: "site-to-site-linksys-router"
description: "Using the Linksys management interface, you can configure the VPN using the web interface.If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead."
updated: 2026-05-07T09:04:52Z
published: 2026-05-07T09:04:52Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nordlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting up site-to-site on Linksys router

**Note**: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

## Configuring the tunnel on the Linksys Web Interface

1. Open the Linksys management interface (typically 192.168.1.1)
2. In the left panel, select VPN, then select Gateway to Gateway
3. Fill in the following information:

![Screenshot 2021-05-26 at 13.29.33.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/Screenshot%202021-05-26%20at%2013.29.33.png)

### Add a New Tunnel:

- **Tunnel Name**: Choose a name of your own choice.
- **Interface**: WAN1

### Local Group Setup:

- **Local Security Gateway Type**: IP Only
- **IP Address**: Your external IP address (should be filled automatically)
- **Local Security Group Type**: Subnet
- **IP Address**: Enter the local IP address.
- **Subnet Mask**: Enter the subnet mask.

### Remote Group Setup:

- **Remote Security Gateway Type**: IP Only
- **IP Address**: The IP of your NordLayer server with a dedicated IP
- **Remote Security Group Type**: Subnet
- **IP Address**: 10.6.0.0
- **Subnet Mask**: 255.255.240.0

1. Continue to IPSec Setup and fill in accordingly:

![Screenshot 2021-05-26 at 13.29.44.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/Screenshot%202021-05-26%20at%2013.29.44.png)

- **Keying Mode**: IKE with PSK
- **Phase 1 DHG**: Group 5 (if your device supports Group 14, using that is recommended)
- **Phase 1 Encryption**: AES256
- **Phase 1 Authentication**: SHA1 (SHA256 is recommended)
- **Phase 1 SA Lifetime**: 28800
- **PFS**: Enabled
- **Phase 2 DHG**: Group 5 (if your device supports Group 14, using that is recommended)
- **Phase 2 Encryption**: AES256
- **Phase 2 Authentication**: SHA1 (SHA256 is recommended)
- **Phase 2 SA Lifetime:** 3600
- **Pre-shared Key**: Generate a pre-shared key (we will need this on our end as well)

*Select Advanced. Enable Keep-Alive and set Dead Peer Detection Interval to 10 seconds. Leave the rest of the advanced settings with the default values.*

![Screenshot 2021-05-26 at 13.29.52.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/Screenshot%202021-05-26%20at%2013.29.52.png)

## Ending note:

In order to finalize the site-to-site tunnel, please create a setup in [Sites tab of the NordLayer Control Panel](/v1/docs/site-to-site).

- Pre-shared key - you can generate it or we can provide it
- Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
- Remote gateway/router public IP (must be reachable while connected to the server with a dedicated IP)
- Remote subnet and mask (the subnet is used in your local network)

**Note**: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our [24/7 customer support team](/docs/how-do-i-contact-nordlayer-customer-support).