How to setup complete VPN solution for USG110?

mrwee

There are many ways a user can connect to our USG110 via VPN: SecuExtender, VPN Client, native iOS & Android & Windows, but I struggle to find a complete setup guide which covers all. Does that exist?

Zyxel_Stanley

Hi @mrwee
You can refer to this FAQ for setup L2TP VPN on different platform.
It include Windows/ IOS/ Android to setup L2TP VPN tunnel in your environment.
Also you can refer to handbook for different VPN types for different scenarios.

mrwee

@Zyxel_Stanley

Having 8 WAN IP addresses, I assume a physical or virtual WAN interface must exist? Seems like I can only define 4 virtual WAN addresses in additionl to wan1

PeterUK

You don't need to setup virtual interface for many wan IPs you use routing rules with SNAT

mrwee

@PeterUK Not even for L2TP/IPsec "terminating" on the router?

Zyxel_Stanley

Hi @mrwee
In current design, user can only add up to 4 virtual interfaces per Ethernet interface.
So it means, you can configure 5 static public IP address on 1 WAN interface.
In VPN Gateway setting, "Interface" have to own the public address. And 1 interface can add multiple VPN rules.
The other 3 public IP addresses, you can create port forwarding rules or policy route with SNAT for different scenario.

mrwee

@Zyxel_Stanley Thought there were some kind of limitation. Can't get VPN to work, but I'll dig some more.

Zyxel_Stanley

Hi @mrwee
What kind of VPN type that you would like to configure on your device? You may explain your scenario first, then we can give you some of suggestion.

mrwee

Sry, I can see that it wasn't that clear. I'm looking for enabling what I think should be (Not an VPN expert):

L2TP/IPsec with IKE2 (Assume it's the most secure encryption) for e.g. iOS +Android + w10 / Zyxel VPN Client

SSL/SecuExtender when L2TP/IPsec is blocked/doesn't work.

The lack of virtual wan interface, surely messed it up for me, when trying different things, but I still haven't managed to get my head around it

Zyxel_Stanley

Hi @mrwee

If you would like to setup and configure IKEv2 on Win10 & IOS client, you can follow this thread.
It has guide how to setup them on native client without others software.

According to L2TP/ SecuExtender are using for different protocol.
L2TP is using for IKEv1.
SecuExtender is for SSL VPN tunnel the packet is encrypted by HTTPS packets.

mrwee

Hi @Zyxel_Charlie ...And this brings me back to somewhat fragmented documentation.

I (and hopefully others) would appreciate a complete "remote worker" manual, covering all these scenarios in one guide. If all was covered in one, it would probably also minimize the error risk in merging multiple configuration suggestions