-
[ATP/FLEX] Full guide to set up Palworld Dedicated Server with Remote Access VPN on USG FLEX
This post is a showcase and tutorial for educational purposes only. There is no commercial cooperation or affiliation between Zyxel Networks and Pocket Pair, the developers of Palworld. This guide aims to demonstrate the capabilities of the USG FLEX series in setting up a secure gaming environment. Palworld is an…
-
The Auto-Link VPN scenario
Scenario: When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN). In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic…
-
Why can't Nebula site-to-site VPN connect across different organizations?
If you are facing issues connecting two sites using Nebula site-to-site VPN across different organizations (ORGs), it is important to note that current functionality supports the connection only within the same organization, though it can connect across different sites within that ORG. To resolve issues where a connection…
-
[ATP/FLEX] Does Non-Nebula VPN peers configuration support NAT over IPSec VPN?
Question: How to configure IPsec Site-to-Site VPN with NAT over IPSec VPN on Nebula? I want to conceal internal network subnets and not to allow remote site to see the real internal subnet. Answer: Nebula doesn't support inbound/outbound traffic NAT. If you need to use this feature, you can use Cloud Monitoring Mode…
-
How to Configure a Nebula Firewall as VPN Responder?
Question: How is it possible to let one site of the site-to-site VPN tunnel build the tunnel while the other site is just a responder? Answer: Nebula Firewall does not support responed only, it always act as initiator with nailup
-
How to Perform a Connectivity Check Through a VPN Tunnel?
Question: How is it possible to make a connectivity check (ping) through the VPN tunnel to a LAN IP address? Answer: To perform a connectivity check (ping) through a VPN tunnel to a LAN IP address in a Non-Nebula VPN setup, follow these steps: * Navigate to the "Site-Wide>Configure>Firewall>Site to Site VPN * Enter the LAN…
-
[ATP/FLEX] What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean?
Question : What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean? Answer : The error message "Packet (ESP) cannot be sent. Reason: System dropped" is triggered by the VPN log outprint function, an internal kernel function that failed to process the packet correctly. This issue may be caused…
-
[ATP/FLEX] Why can't non-Nebula VPNs set the VPN tunnel interface?
Question : Why can't non-Nebula VPNs set the VPN tunnel interface? As shown below, there is no VPN tunnel interface field. Answer : The non-Nebula VPN only supports the VPN tunnel interface in IKEv2. Please select IKEv2. Then, set the VPN tunnel interface information.
-
[ATP/FLEX] How to resolve the IP conflict issue between the LAN and VPN IP ranges?
Question : How to resolve the IP conflict issue between the LAN and VPN IP ranges?For instance, the LAN1 IP range is 192.168.0.0/16, but the user wants to set the VPN range to 192.168.50.0/24. Answer : Please change the VPN private IP range to resolve the issue. For instance, the user can configure 10.10.10.0/24 as the…
-
Can a VPN dial-in user be assigned a fixed IP?
Question: Can a VPN dial-in user be assigned a fixed IP? Answer: We are unable to fixed user IP from VPN client.
-
How to show VPN config on Nebula Firewall
Question: How to show VPN config on Nebula Firewall ? Answer: Log in Firewall by SSH and perform "debug sdwan show vpn running-config" the VPN config will be present as following format
-
Non-Nebula VPN montior show connected, but no traffic can't pass through how to check ?
Question: Non-Nebula VPN montior show connected, but no traffic can't pass through, how to check ? Answer: 1)Please log in Firewall by SSH and verify the VTI is exist and up The VTI interface is VTI_{Your VPN name} with vtiX 2)If you have manual VTI address, checking you have correct routing settings 3)For this…
-
Non-Nebula VPN peer is connected but no traffic after Nebula 18.30 is released
Question: The connectivity status of Non-Nebula VPN peer is connected but no traffic runs on inbound and outbound after Nebula 18.30 is released. How to resolve this issue? Answer: It is a bug on Nebula 18.30. Please follow the steps to resolve the issue. Go to Configure > Firewall > Site-to-Site VPN > Non-Nebula VPN…
-
Site-to-Site VPN is disconnected after Nebula 18.30 is released
Question: Why is Site to site VPN disconnected after Nebula 18.30 is released? How to resolve this issue? Answer: It is a bug on Nebula 18.30. To resolve this issue, follow the steps to recover Site-to-Site VPN connection. Go to Configure > Firewall > Site-to-Site VPN. For Secondary interface, select "None". For Nebula…
-
Does the Zyxel firewall support NordVPN?
Question: Does Zyxel allow VPN client mode like NordVPN? Answer: No, it does not support this feature in the current design.
-
[ATP/FLEX] Why non-nebula VPNs only work with LAN1 while with LAN2 the tunnel does not work?
The non-Nebula VPN setting doesn't support for route multiple IP segments from local site to remote site. If you have multiple IP segments would like pass-through into VPN tunnel, you have to configure "VTI interface" and "policy route". You can refer to this article.
-
How do I manually add a VPN profile on an iPhone for an IKEv2 VPN connection with Nebula Firewall?
Question : How do I manually add a VPN profile on an iPhone for an IKEv2 VPN connection with Nebula Firewall? Answer : The user can not only import the .mobileconfig file downloaded from the firewall to the iPhone's IKEv2 VPN connection but also manually add an IKEv2 VPN profile on the iPhone. For example, the steps below…
-
How to Enable VPN Split Tunneling in SecuExtender VPN
Question: Is it possible to use split tunneling with SecuExtender VPN when using IKEv2, and how can we set it up? Answer: Yes, it is possible to enable split tunneling on the SecuExtender VPN client, although some manual configuration is required for VPN settings. Steps to Configure Split Tunneling: * Edit your VPN…
-
How to resolve L2TP VPN connection issues on Nebula firewall?
Question: Why can't my iPhone connect to the L2TP VPN server of Nebula firewall? What settings should I check on Nebula? Answer: If your iPhone shows the error "The L2TP VPN server is not responding" follow these steps to troubleshoot: 1. Verify if the WAN IP address assigned to your Nebula firewall is private or public:…
-
How to change the L2TP VPN Pre-Shared Key on Nebula?
Question: How to change the L2TP VPN Pre-Shared Key on Nebula? Answer: On Nebula, go to Configure > Firewall > Remote access VPN > L2TP VPN server. You can modify the Pre-Shared Key of the field "Secret".
-
Is SecuExtender VPN Client chargeable?
Question: Is SecuExtender VPN Client chargeable? Answer: Yes, SecuExtender VPN Client is a subcription based software. You can vist Zyxel Marketplace and go to License Store > Software Licenses > VPN Client to purchase SecuExtender license.