USG Flex 200 advice
thisisliam
Posts: 10
Hi all and happy 2023.
I've been looking at the USG Flex 200 with the purpose of creating a site-to-site IPSec VPN to handle streaming from a location abroad (Location "A") to my home in the US (Location "B"). The streaming boxes only work/see each other on a local subnet and I see that the 200's support IGMP/multicast which is fantastic.
The 200's would be a separate LAN between both locations and not a part of the day-to-day network used at either location, with the only purpose to connect these streaming boxes as if they were on the local LAN in Location A. Do the 200's support any form of IP masking or creating the network on the "same subnet" to trick the streaming boxes? With the price point of each unit (x2) I'm curious about opinions before the investment and deployment is made.
Thank you!
I've been looking at the USG Flex 200 with the purpose of creating a site-to-site IPSec VPN to handle streaming from a location abroad (Location "A") to my home in the US (Location "B"). The streaming boxes only work/see each other on a local subnet and I see that the 200's support IGMP/multicast which is fantastic.
The 200's would be a separate LAN between both locations and not a part of the day-to-day network used at either location, with the only purpose to connect these streaming boxes as if they were on the local LAN in Location A. Do the 200's support any form of IP masking or creating the network on the "same subnet" to trick the streaming boxes? With the price point of each unit (x2) I'm curious about opinions before the investment and deployment is made.
Thank you!
0
All Replies
-
Not sure IGMP/multicast will work over site-to-site but as for the other bit yes.
Site A 192.168.138.0/28 with virtual interface 192.168.138.4
Site B 192.168.255.48/28
At site A you use a advance settings in site-to-site for inbound source NAT so that site A see you on the network as 192.168.138.4 from your home at say 192.168.255.50
0 -
Hi PeterUK. That’s great news. As for the first part you’re unsure about, I found the following link that put the Zyxel product line on my radar:PeterUK said:Not sure IGMP/multicast will work over site-to-site but as for the other bit yes.
Site A 192.168.138.0/28 with virtual interface 192.168.138.4
Site B 192.168.255.48/28
At site A you use a advance settings in site-to-site for inbound source NAT so that site A see you on the network as 192.168.138.4 from your home at say 192.168.255.50
https://support.zyxel.eu/hc/en-us/articles/360015684519-VPN-Configure-IPSec-to-Route-IGMP-Multicast-Traffic-over-VPN-Tunnel
cheers0 -
Hi @thisisliam
Currently, Zyxel firewall supports IGMP proxy over IPSec VTI interface, you could refer to the below links:
How can I configure IPSec site-to-site VPN by using VTI on the USG ?
IGMP Multicast with VTI Tunnel
VPN IPSec Multicast
May I know what kind of applications/protocols/services are between those two streaming boxes? If you could share the topology with us that would be better to clarify this requirement. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
Hi @Zyxel_JeffZyxel_Jeff said:Hi @thisisliam
Currently, Zyxel firewall supports IGMP proxy over IPSec VTI interface, you could refer to the below links:
How can I configure IPSec site-to-site VPN by using VTI on the USG ?
IGMP Multicast with VTI Tunnel
VPN IPSec Multicast
May I know what kind of applications/protocols/services are between those two streaming boxes? If you could share the topology with us that would be better to clarify this requirement. Thanks.
Thank you for sharing these links! Bookmarking this thread for reference.
Unfortunately the manufacturer/service provider has not made these specs public, ideally to avoid what I’m trying to set up, so I'm reluctant to share the specific Service/models publicly. So far through trial and error I’ve narrowed it down to the boxes not seeing each other due to different subnets, and further to the lack of IGMP/Multicast support on routers I’ve tried, including the TP-Link ER605. A user on a similar thread that I cannot seem to find now have said they've successfully configured the same service over VPN, however they refused to post how they did it, likely due to my concerns above.
The closest similar scenarios I've found online are as follows:
A user on Reddit attempted something similar with his TiVo's found here:
https://www.reddit.com/r/WireGuard/comments/lzwsku/site_to_site_vpn_with_same_subnet_on_both_sites/
A user on the following forum was trying to configure something similar between Sky Q satellite boxes in the UK where the master receiver is connected via the satellite dish and the additional receiver boxes connect over wifi/ethernet to allow viewing in separate rooms, thus attempting to connect them via ethernet over a VPN:
https://community.ui.com/questions/Sky-Q-network-paths-and-STP/667c1dc0-eeef-4cb8-a182-5f66c4672dd2
https://www.avforums.com/threads/anyone-got-sky-q-working-over-vpn.2343846/
https://www.reddit.com/r/TPLink_Omada/comments/1000lga/er605_same_subnet/
(you'll have to scroll down and click "Continue this thread")
Alas, still no dice as I'm now looking at more expensive routers and come to find out that the lack of IGMP and multicast support on the router could be the issue. With the aspect of upload speeds aside as I've not managed to test this feature I found the Zyxel routers which appear to offer much of what is missing on other routers I've tried.
Either way, The Zyxel router have appear to offer the most features in order to make this work - i.e. setting the Source NAT and support for IGMP/Multicast.
Apologies I couldn't offer a more concrete answer to your question, but you both have answered my initial question so it might be a matter of purchasing the 200's and testing them with a set of used TiVo's as they seem to be the closest to what I'm trying to do. If they don't work, then I'll factory reset and return.0 -
See how you've made an impact in Zyxel Community this year!
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
