VPN - Zyxel Community

Does Windows native VPN support split tunnel?
Question: This problem is on the Windows native VPN, it does not support split tunnel, so even set it as a split tunnel, Windows still does not create a route after installing the script. Answer: No. The problem is on the Windows native VPN, it doesn't support split tunnel. So even we set it as split tunnel, Windows still…
L2TP VPN doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do?
Question My L2TP VPN on Nebula doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do? Answer It looks like the issue you're experiencing is related to specific Windows updates on Windows 10. The patches KB5036893 and KB5036892 have been reported to break VPN connections. To resolve this issue,…
Can we export the cfg from a perpetual VPN client and import it into time-based VPN client?
Question Can we export the configuration file from a perpetual VPN client V3.8.204.61.32 and import it into a time-based VPN client V7.7.40.019 or V6.6.87.108? Answer Since the feature sets of the perpetual VPN client and the time-based VPN client are different, we can not import the configuration from a perpetual VPN…
Intel® Killer™ Control Center casue SSL VPN disconnecting immediately
If you are experiencing SSL VPN disconnecting immediately after connecting, it might be related to the Intel's Killer Control Center. To troubleshoot this issue, follow these steps: Disable the Killer Network Service. If disabling the service resolves the problem, please contact Zyxel Support for further helps
How do I set up NAT port forwarding for remote AP usage on the firewall?
Scenario : Users may wish to use the remote AP service behind a NAT scenario. For example, in the topology below, the remote AP will establish a VPN service to the destination firewall USG Flex 100. Remote AP === internet === USG Flex 200 === (NAT ports forwarding) === USG Flex 100 Users may wonder how to set up NAT port…
WebGUI show Site to Site VPN is up but traffic cannot pass through
Checking: 1)You have allow ESP Protocol from WAN to Device. Firewall cannot decrypt packets without allowing ESP rule. 2)You have allow rule for zone "IPsec_VPN" if you use Policy based VPN (If you customize the VPN zone, please make sure you have the corresponding allowed rules) 3)Check you have correct static…
Why the site-to-site VPN tunnel will disconnect hourly? How to reslove it?
Scenario : Users may encounter a situation in the site-to-site VPN tunnel that will disconnect hourly. This article will guide you on how to identify the possible reasons and resolve this problem. Answer : The possible reason for the site-to-site VPN disconnecting hourly is that the Phase 2 SA Lifetime is set to 3600…
SecuExtender SSLVPN can't connect
Symptom: 1)SSLVPN can not connect on Windows SecuExtender clients, but always can connect on MacOS clients. 2)You have Destinat NAT to SSL Port on upper device, which means the port have been translated, For example. Firewall_IP:50000 → Firewall_IP:10443 (SSLVPN Port) Workadound: Since requst from windows SecuExtender…
Sign self-cerfictate for remote VPN
Scenario: You need to sign a self-certificate since the original cerficate had expired .And you tried to sign from Firewall GUI. Solution: For remote VPN certificate usage, You need to be awared for these 1)Key Type must be "RSA-SHA256" 2)Extended key Usage must contain "IKE Intermediate"
What does "Ignore Don't Fragment setting in IPv4 header" in VPN connection page?
Question: What does "Ignore "Don't Fragment" setting in IPv4 header" in VPN connection page? Answer: Select this to fragment packets larger than the MTU (Maximum Transmission Unit) that have the “Don't Fragment” bit in the IP header turned on. When you clear this the Zyxel Device drops packets larger than the MTU that have…
Why can't we select a certificate in VPN Phase 1 for authentication?
Question: I can import a third-party certificate to FLEX/ATP without any errors. However, I am unable to select this certificate for VPN phase 1 authentication. What could be the issue? Answer: ZLD does not support ECDSA certificates in the VPN module, so we cannot select them in Phase 1. Please sign the certificate again…
Implement NAT over IPSec VPN by Route-Based VPN
Topology & Scenario: Your headquarter office may have many IPsec VPN tunnels with Branch, However, all branch offices have the same subnet for example 192.168.11.0/24. To meet the application, need a fake subnet represent for each Branch which means the headquarter only know the fake subnet. For example: 192.168.100.0/24 →…
Policy Based IPSec Site to Site VPN with Overlapping Subnet
Topology & Scenario: Your headquarter office may have many IPsec VPN tunnels with Branch, However, all branch offices have the same subnet for example 192.168.11.0/24. To meet the application, need a fake subnet represent for each Branch which means the headquarter only know the fake subnet. For example: 192.168.100.0/24 →…
What proposal should be configured on ATP/USG FLEX for IKEv2 native client on macOS 14 Sonoma?
Question: What proposal should be configured on ATP/USG FLEX for IKEv2 native client on macOS 14 Sonoma? Answer: Phase 1: AES256, SHA256, Key Group=DH19 Phase 2: AES256, SHA256, PFS=none
Why is L2TP VPN client on macOS not able to ping LAN gateway?
Question: L2TP VPN clients on macOS are connected successfully. However, they are not able to ping LAN gateway. Answer: On MacBook, you need to turn on the option “Send all traffic over VPN connection”.
How to collect the console log on SecuExtender IPSec VPN client?
Question: How to collect the console log on SecuExtender IPSec VPN client? Answer: The console log on SecuExtender helps us to troubleshoot the issue including connection issue, software issue, or configuration issue.
Is there any way to remove saved IP from Secure Extender History?
Question: Every time when we connect to a new device via SecuExtender, the IP is automatically saved to server list. The list of server IP grows gradually. Is there any way to remove saved IP from Secure Extender History? Answer: Yes, the IP information is saved to an xml file which is located at windows user's folder.…
Does VPN Client IPSec_SSL_VPN_7.7.40.019 work with ATP/USG FLEX?
Question: Does VPN Client IPSec_SSL_VPN_7.7.40.019 work with ATP/USG FLEX? Answer: You can use IPSec_SSL_VPN_7.7.40.019 to establish IKEv2 with ATP/USG FLEX. USG FLEX H ATP/USG FLEX IKEv2 SSL VPN IKEv2 SSL VPN IPSec_SSL_VPN_7.7.40.019 (Windows) o o o x IPSec_6.6.87.108 (Windows) o x o x
Android 13 strongswan IKEv2 VPN
Operation StepsTo connect to IKEv2 VPN with Android 13, please follow the steps below. 1. enable IPSec VPN server (IKEv2) at Firewall > Configure > Remote access VPN 2. Click Send Email to receive the SecuExtender IKEv2 VPN script and it's a TGB file. 3. Change the file from .tgb to .txt and open it with Notepad. 4. Remain…
Troubleshoot if you have site to site VPN issue
Scenario: Assuming the Tunnel built successfully but there are some traffic/unstable/disconnecting issues. Checking: 1)Reauth action must ahead of Rekey, Please check phase1 lifetime greater than phase2. 2)Recommend to use ikev2 beacuse it implements a more complete rekey mechanism to prevent tunnel reconect.

Welcome!

It looks like you're new here. Sign in or register to get started.