VPN - Zyxel Community

How to install IKEv2 VPN script to iPhone?
Zyxel Firewall allows users to download the VPN script for iOS/macOS, how do we install the .mobileconfig file to iPhone? To install the mobileconfig file, you may download it on your iPhone, and then Save to Files Then go to VPN & Device Management, you will a download profile, please click on it and install it.
How can we check the Windows L2TP VPN connection log when troubleshooting a connection issue?
Question: How can we check the Windows L2TP VPN connection log when troubleshooting a connection issue? Answer: Press Win + X and select "Event Viewer" from the menu. In the Event Viewer window, expand "Windows Logs" in the left pane and select "Applicatoin." Filter the event log by the source "RasClient". You will be able…
Why Windows 11 build-in L2TP/IPSec VPN is slow in both download and upload activity?
Question Some users have encountered Windows build-in L2TP/IPSec VPN slow performance issues recently. Why would this happen? Answer It could be affected by the Patch updates of Windows update KB5025305 which is acknowledged by the company that cause problems with L2TP/IPsec VPN connections on Windows 11 PCs. It’s…
Why am I receiving an incorrect username/password error when connecting to SSL VPN?
Question Sometimes, I can confirm the username/password is correct, but when I try to connect to SSL VPN, I still get an error showing "incorrect username/password", and the logs also show this kind of information. why would this happen? Answer: There are two scenarios you would get rejected by incorrect username/password…
How to allow SSL VPN clients to access some internal servers only but not all local networks?
Question: How to allow SSL VPN clients to access some internal servers only but not all local networks? Answer: Disable “Force all client traffic to enter SSL VPN tunnel”. If “Force all client traffic to enter SSL VPN tunnel” is enabled, the setting of Network List will be ignored. It means SSL VPN clients are allowed to…
How to allow L2TP VPN when WAN interface doesn't exist in default WAN trunk?
QUESTION In this scenario, the WAN interface for L2TP connection does not exist in the default WAN trunk, how to allow L2TP VPN such a WAN interface that is not in the default WAN trunk? ANSWER You can add policy routes to resolve this situation because policy route priority is higher than the default WAN trunk. Policy…
Why no traffic pass through the tunnel as it's established?
Question: Why no traffic pass through the tunnel as it's established? Answer: 1.Make sure to allow ESP from WAN to Device. Without allowing ESP, the firewall cannot unencrypt encapsulated packets. Check Policy Route/Static Route. Check if any policy routes or static routes that could interfere with routing traffic into the…
What's the purpose of Auto disable VPN service?
Question: What's the purpose of Auto disable VPN service? Answer: This option means disabling UDP ports 500 and 4500 from WAN to ZyWall when no IPSec VPN rules are configured on your device. This option helps to prevent hackers from attacking your device through UDP 500 and 4500 when you're not using IPsec VPN.
How to build dual WAN site to site VPN tunnel
Branch office won’t lost access if headquarter primary WAN is dead Setting In Headquarter: Phase1: My Address: 0.0.0.0 Peer Address: Dynamic Address Phase2: Application Scenario: Remote Access (Server Role) Select server role will force Headquarter respond negotiation only. It is helpful to decrease headquarter loading.…
How to use L2TP VPN client to connect to an intranet PC using VNC software?
Background and Scenario: Sometimes, we might need to use the L2TP VPN client to connect to an intranet PC via VNC for handling some office tasks. Answer: Please refer to the below lab: Topology: (WAN:10.214.48.135) PC : L2TP client (192.168.50.1) => (WAN:10.214.48.25)USG Flex200 => LAN1=>PC :Ultra VNC server(192.168.1.121)…
How to use CLI to check the current VPN connection status?
Background and Scenario: After establishing the site-to-site VPN and L2TP VPN connections, how can you use CLIs to check the current VPN connection status? Answer: You can use the commands "show sa monitor" and "show sa counter" to display the current VPN tunnel connection status and the number of VPN tunnels.
What does "Network Extension Local IP" mean?
Question: In CONFIGURATION > VPN > SSL VPN > Global Setting, Network Extension Local IP is 192.168.200.1. Can I assign IP pool for SSL VPN as 192.168.200.0/24? Answer: This IP address is SSL VPN interface. After the SSL VPN is established in the client successfully, it will create a routing for SSL VPN pool IP address. To…
How do I enable trace mode in Zyxel IP sec VPN client?
Question Assume we encounter some issues on Zyxel IP sec VPN client How do I enable trace mode to gather more log on IP sec VPN client? Answer Please send shortcuts key Ctrl+Alt+T to enable trace mode on Zyxel IP sec VPN client, The log will store at C:\ProgramData\Zyxel\ZyWALL IPSec VPN Client\LogFiles").
iPhone won't be applied DNS setting if use IKEv2
Symptom: If you use ikev2 with split tunnel on iPhone, The internal domain can’t resolve because DNS won’t be applied. Workaround: This is iPhone designed, Please use ikev2 with Full tunnel as alternative.
Some PC can’t connect L2TP VPN if gateway is behind NAT
Root Cause: This is windows issue. Workaround: Log on to the Windows client computer as a user who is a member of the Administrators group. 1)Select Start > All Programs > Accessories > Run, type regedit, and then select OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your…
How to send all traffic to the IPSec tunnel with IPSec VPN client
To route the entire network traffic of your local client into the IPSec tunnel with the IPSec VPN Client, please make some changes to your firewall and IPSec VPN Client configuration as below. On IPSec VPN Client Disable Request configuration from gateway Set up Static IP within the Remote VPN subnet pool On Firewall VPN…
Why iphone’s Safari browser cannot get IKEv2 provisioning file from the VPN provision port?
Background and Scenario: The user attempted to use an iPhone’s Safari browser to retrieve an IKEv2 provisioning file from the firewall through a specific VPN provision port but encountered a failure. What could be the reason behind this issue? For example, the user wants to download IKEv2 provision config file from the…
Windows 10 can not establish l2TP over IPSEc VPN to the FLEX/ATP
SCENARIO DESCRIPTION: I set up L2TP over IPSec VPN on USG, all the settings are correct, and it works perfectly on every device, for example windows 7, android phone, iPhone etc except for Windows 10 where Windows 10 will have VPN connection issue. It just hangs for no reason. No error message pops up while I connect to…
Implement Split Tunnel on Windows Client
Symptom: By default, when using the L2TP service, clients will go through a Full Tunnel. However, In certain situations, you may not want all traffic to go through the VPN tunnel Workaround: 1)Find the L2TP profiles in Control Panel->Network and Internet->Network Connections. Right-click it and go to properties >…
What can we do when SecuExtender IPsec VPN client does not work on macOS
Symptom The status always remains grayed out or turns into a red light and back to gray within a second after clicking “Open tunnel”. And the console is empty after you change anything or fail to open tunnel. Root Cause If SecuExtender IPsec VPN client cannot work on your macOS, it's likely the default security settings…

Welcome!

It looks like you're new here. Sign in or register to get started.