VPN - Zyxel Community

How to make H series as VPN server role?
Scenario: The branch1, 2 would access HQ subnet and vice versa through Site to Site VPN Solution: If you don't want to use Route based VPN, You can use Policy based VPN as alternative. HQ Site: 1)Setup Peer Address is Dynamic Addeess 2)Check Iniation is Responder Only and Remote TS is "0.0.0.0/0" You don't need to add…
How to verify which traffic will into VPN tunnel on H series?
Question: How to verify which traffic will into VPN tunnel on H series? Answer: You can fine which traffic will into Tunnel by following command usgflex700h> show ipsec xfrm-policy vrf main
How to trace IPsec log?
Scenario: You have IPSec VPN problem, It may be disconnection or traffic problem, Please collect the following information to Zyxel Support Maintenance > Diagnostics > Network Tool 1)Network Tool: IPsec Trace Log , click "Start" 2)Try to replicate issue or wait the issue happened then stop 3)Download the "ipsecvpn.log" and…
Why I can't find the allow subnets in ovpn file?
Question: You have setup split tunnel for OpenVPN, but can't find the allowed subnet in ovpn srcipt? Answer: The VPN server tell OpenVPN client what subnets allowed during "Connecting Phase" instead of ovpn script. You can see the process from OpenVPN log.
Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0?
Question: Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0? Answer: The old SecuExtender SSL VPN Client Windows client 4.0.5.0 is not compatible with USG FLEX H series.…
How to configure site to site VPN with multiple subnets between ZLD and uOS using route-based?
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device using route-based VPN. And there are multiple subnets can commuicate each other The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be…
How to configure site to site VPN between ZLD and uOS using route-based?
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device using route-based VPN. The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely. Set up IPSec VPN Tunnel for uOS VPN >…
Why can't I establish a VPN connection after updating to iOS 18? How can I resolve this issue?
Question : Why can't I establish an IKEv2 VPN connection after updating to iOS 18? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for iOS's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model settings:…
How to find the license key from a client workstation that uses SecuExtender VPN Client?
Question: How to find the license key from a client workstation that uses SecuExtender VPN Client? Answer: On SecuExtender VPN Client, click "About..." to check the licnese key and registration Email.
How do I access a specific LAN subnet exclusively via SSL VPN's split tunnel?
Question : In some circumstances, the user may want to access a specific LAN subnet via the SSL VPN tunnel only, while accessing the internet through the local network. How can this be set up? Answer : Please navigate to VPN > SSL VPN > Client will use VPN to access > Choose Local Network Only (Split Tunnel) and add the…
Why can't you establish an SSL VPN connection with the USG Flex H models?
Question : Why can't you establish an SSL VPN connection with the USG Flex H models, and why are there "Match default rule DROP" log messages? Answer : The possible reason is that the SSL VPN service port is not allowed from the WAN to Device security policy. For example, the Server port of the SSL VPN is 10443. The user…
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Question : Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model…
How to debug ipsec dial up problem on H series
We have real time debug command on H series. 1)Please login by SSH and pefrom the following command cmd debug ipsec trace log 2)Replicate issue, trying to dial-up Remote Access VPN or Site to Site VPN. 3)Provide the output of command to Zyxel Support.
How to Use OpenVPN Client with USG FLEX 200H Behind Router NAT?
Question: Is it possible to use the OpenVPN client when the USG FLEX 200H is behind a router with NAT (Private IP in WAN)? Answer: Yes, it is possible to use the OpenVPN client with the USG FLEX 200H behind a router with NAT (Private IP in WAN). Solution: To resolve the issue, you need to change the private IP to the…
How do I set up SecuExtender on a USG FLEX H device to generate a tbg file?
Question: How do I set up SecuExtender on a USG FLEX H to generate a tbg file? Answer: After you enable "Remote Access VPN" on your USG FLEX H device, go to SecuExtender VPN Client and click Configuration > Get from Server. The SecuExtender VPN Client will fetch the configuration file from USG FLEX H.
How to edit mobileconfig to use account and password authentication
How to edit mobileconfig to use account and password authentication The default authentication method is to use credentials. You can edit mobileconfig to let it use username/password. 1)Please edit the following lines WAS: IS: 2)Please add the following lines upper <key>ChildSecurityAssociationParameters</key>
Is there any VPN client software for macOS that supports IKEv1?
Question: I would like to build IKEv1 VPN connection with macOS, which VPN software should I use? Answer: macOS ternimated the support for IKEv1, so currently we don't have a VPN software for macOS that supports IKEv1.
Why are some DH options missing from SecuExtender?
Question: For old version of SecuExtender(IPSec_6.6.87.108), it supports the DH options from DES, 3DES, SHA-1, DH1, all the way to DH21. However, why DES, 3DES, SHA-1, DH 1, DH 2, DH 5 are missing from the new version of SecuExtender VPN client (IPSec_SSL_VPN_7.7.40.019). Answer: We remove DES, 3DES, SHA-1, DH 1, DH 2, DH…
Why is IKEv1 missing from SecuExtender?
Question: For old version of SecuExtender(IPSec_6.6.87.108), it supports IKEv1, however, why IKEv1 is missing from the new version of SecuExtender VPN client (IPSec_SSL_VPN_7.7.40.019). Answer: We remove IPsec/IKEv1 from SecuExtender(IPSec_SSL_VPN_7.7.40.019) for security reasons, this protocol is already deprecated by the…
How to show IKE state by CLI
Question: How to show IKE state by CLI Answer: usgflex500h running config# show state vrf main ike

Welcome!

It looks like you're new here. Sign in or register to get started.