Android 12 - LT2P over ipSec

Hockingp

Android 12 has a disabled the above protocol and I'm running a very old USG 100 Firewall.
I recently updated the firmware, it was some kind of "special" firmware which enabled TLS 1.2 so the USG 100 would work with modern browsers.

Does any such firmware exist to allow the setup of ipsecv2 VPNs on such an old device??

Or does anyone know of an Android non native VPN Client which supports L2TP over IPSEC.

CHS

You may have a try strongswan VPN client APP, maybe it still support L2TP VPN connection.

dasher_nielin

strongswan seems not support L2TP over IPsec anymore
how about upgrade the firewall to USG FLEX 100?

mMontana

@Hockingp long story short: no IPSec v2 support for original USG family.

Hockingp

Thanks for the comments.i really need a cheap solution for this. My current USG 100 is used with 1 LAN port and 1 DMZ and at most 2 concurrent VPNs.

Does like the VPN2s do that and support ipsecv2? Or is there a Flex 50 or USG20-VPN?

mMontana

Hockingp said:

Thanks for the comments. I really need a cheap solution for this.

IMVHO better pay once than less before than something more later.

If you don't need WAN2 interface, USG20-VPN (AKA USG50 Flex into 5.x firmwares) is a way better device (and supported) than VPN2S. If you need 2 WAN interfaces, USG100 Flex should be the cheapest option.
IDK if VPN2S is/will be supported in 2023.

Personal opinion...

Hockingp

Agree with your advice.

I only need one Wan link so will proceed as you advise.

Is there any difference between the USG20-VPN and the USG50 Flex?

Do they both support the same firmware versions and have similar firmware upgrade paths?

Also is the configuration similar to setting up the original USG devices? It's been a while since we started out with all the USG100s!!!!

mMontana

Everithing wrote after this is my personal opinion.

Is there any difference between the USG20-VPN and the USG50 Flex?

As far as I know, USG 50 Flex does not exists.
Zyxel renamed USG20-VPN as USG50 Flex for Firmware 5.x release and two USG20-VPN I manage are referred as USG50 Flex into firmware writings. So more or less... they should be the same exact device.

Also is the configuration similar to setting up the original USG devices? It's been a while since we started out with all the USG100s!!!!

It's a firewall, it's a zyxel, it's designed only 12-15 years later. I started using these devices with Zywall 5 and ZLD 2.x. and fundamentals are not that different now (I simply love using objects), simply... a lot less headbanging as logic.
You should do a favor to yourself reading the file named "Handbook" which contains a lot of "recipes" for do something "the right way". Particularly, the Chapter 8, more or less 120 pages for general rule of thumbs on "starting up" the thing.
Then apply the recipes you need for the duty of your device.

mMontana

mMontana said:

As far as I know, USG 50 Flex does not exists.

And I was totally wrong.
A customer ordered today USG Flex 50 for replace a USG20.
Yippie kay yay.

Sorry @Hockingp
(your nickname is related to Hockenheimring?)

Zyxel_James

Hockingp,
USG20-VPN is renamed to USG FLEX 50 since V5.10, thanks