VPN - Zyxel Community

[ATP/FLEX] Full guide to set up Palworld Dedicated Server with Remote Access VPN on USG FLEX
This post is a showcase and tutorial for educational purposes only. There is no commercial cooperation or affiliation between Zyxel Networks and Pocket Pair, the developers of Palworld. This guide aims to demonstrate the capabilities of the USG FLEX series in setting up a secure gaming environment. Palworld is an…
Why is LDAP not available for IPSec VPN Authentication on Nebula?
Question: Why is LDAP not available for IPSec VPN Authenticationon Nebula? Answer: The LDAP server is not listed as an authentication option for IPSec VPN because it is not supported. Authentication options for different VPN types are as follows: IKEv1 (L2TP VPN): Nebula Cloud Authentication, Active Directory (AD), RADIUS,…
IPSec Remote VPN is connected but it's not passing any traffic, what should I check?
Question: IPSec Remote VPN is connected but it's not passing any traffic, what should I check? Answer: Check if the remote subnet is conflict with other interfaces. Check if the security policy blocks the traffic Check if the policy route direct the traffic to another place.
How to choose which LAN network the VPN user can connect in Nebula mode?
Question: How to choose which LAN network the VPN user can connect in Nebula mode? Answer: In Nebula mode, remote VPN user can access all the local interfaces since the default security policy allows it.
The SD-VPN(Nebula VPN) can't connect
Question: The SD-VPN(Nebula VPN) can't connect Answer: 1)Please check you have correct Primary interface settings. The SD-VPN / Nebula VPN is easy to setup as desgin If the issue is persist, Please kindly contact Zyxel Support
[ATP/FLEX] Where can I control the split tunnel mode on Nebula?
Question: [ATP/FLEX] Where can I control the split tunnel mode on Nebula? Answer: The remote access VPN tunnel only supports full tunnel mode. It does not support split tunnel mode.
[ATP/FLEX]Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs?
Question: Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs? Answer: No. Currently, the Non-Nebula VPN function does not support failover scenarios, even if the peer firewall has two public IPs.
Can I configure Client VPN subnet the same as LAN/VLAN interfaces?
Question: Why my remote VPN users are on 192.168.50.1 and my local users are on 192.168.1.1? I want them to be on the same. Can I configure Client VPN subnet the same subnet as LAN/VLAN interfaces? Answer: No, you cannot use the same subnet for the Client VPN subnet and LAN/VLAN interfaces. It would create IP address…
How to configure Auto-Link VPN on Nebula?
Question: How to configure Auto-Link VPN on Nebula? Answer: Since Nebula version 19.00, Non-Nebula VPN is renamed to Auto-Link VPN. You can follow the guide to configure Auto-Link VPN.
With the Base Pack, can I configure L2TP over IPSec VPN server on Nebula?
Question: With the BASE package can I configure L2TP over IPSec VPN server? Do I need to activate a license for this feature? Answer: Yes, you can configure L2TP over IPSec VPN server on Nebula with Base Pack and download VPN configuration script.
The Auto-Link VPN scenario
Scenario: When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN). In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic…
Certificate is outdated How to check VPN Certificate of Remote Access on Nebula Firewall ?
Question: You are not able to connect ikev2 VPN on Nebula Firewall, The logs from SecuExtender said "Certificate is outdated". How to check VPN Certificate of Remote Access ? Answer: 1)Click "Site-wide>ConfigureFirewall>Remote access VPN", 2)Download Windows script You will see the Certificate under "IPsec VPN" folder and…
Why can't Nebula site-to-site VPN connect across different organizations?
If you are facing issues connecting two sites using Nebula site-to-site VPN across different organizations (ORGs), it is important to note that current functionality supports the connection only within the same organization, though it can connect across different sites within that ORG. To resolve issues where a connection…
[ATP/FLEX] Does Non-Nebula VPN peers configuration support NAT over IPSec VPN?
Question: How to configure IPsec Site-to-Site VPN with NAT over IPSec VPN on Nebula? I want to conceal internal network subnets and not to allow remote site to see the real internal subnet. Answer: Nebula doesn't support inbound/outbound traffic NAT. If you need to use this feature, you can use Cloud Monitoring Mode…
How to Configure a Nebula Firewall as VPN Responder?
Question: How is it possible to let one site of the site-to-site VPN tunnel build the tunnel while the other site is just a responder? Answer: Nebula Firewall does not support responed only, it always act as initiator with nailup
How to Perform a Connectivity Check Through a VPN Tunnel?
Question: How is it possible to make a connectivity check (ping) through the VPN tunnel to a LAN IP address? Answer: To perform a connectivity check (ping) through a VPN tunnel to a LAN IP address in a Non-Nebula VPN setup, follow these steps: * Navigate to the "Site-Wide>Configure>Firewall>Site to Site VPN * Enter the LAN…
[ATP/FLEX] What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean?
Question : What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean? Answer : The error message "Packet (ESP) cannot be sent. Reason: System dropped" is triggered by the VPN log outprint function, an internal kernel function that failed to process the packet correctly. This issue may be caused…
[ATP/FLEX] Why can't non-Nebula VPNs set the VPN tunnel interface?
Question : Why can't non-Nebula VPNs set the VPN tunnel interface? As shown below, there is no VPN tunnel interface field. Answer : The non-Nebula VPN only supports the VPN tunnel interface in IKEv2. Please select IKEv2. Then, set the VPN tunnel interface information.
[ATP/FLEX] How to resolve the IP conflict issue between the LAN and VPN IP ranges?
Question : How to resolve the IP conflict issue between the LAN and VPN IP ranges?For instance, the LAN1 IP range is 192.168.0.0/16, but the user wants to set the VPN range to 192.168.50.0/24. Answer : Please change the VPN private IP range to resolve the issue. For instance, the user can configure 10.10.10.0/24 as the…
Can a VPN dial-in user be assigned a fixed IP?
Question: Can a VPN dial-in user be assigned a fixed IP? Answer: We are unable to fixed user IP from VPN client.
How to show VPN config on Nebula Firewall
Question: How to show VPN config on Nebula Firewall ? Answer: Log in Firewall by SSH and perform "debug sdwan show vpn running-config" the VPN config will be present as following format

Welcome!

It looks like you're new here. Sign in or register to get started.