How to set up an additional internal VPN connection with an USG60?

stephan
stephan Posts: 31  Freshman Member
First Comment Friend Collector Sixth Anniversary
edited April 2021 in Security

I am having problems figuring out how to set up an additional VPN connection to our existing VPN connection so our users can connect to the VPN through our internal Wifi networks.

Our current configuration is as follows:

VPN does work through external connections arriving at the WAN public IP. The goal is to allow clients using the NATed Wifis to also connect to the same (or a very similar) VPN.

I originally posed this question here, and was instructed that USG60 devices do not support connections to VPN over internal ports before Firmware V4.32.

Now I upgraded to V4.32 and have tried to set up objects for an internal VPN connection:

Address Object

VPN Connection


VPN Gateway


Now when I go to the L2TP page, I can only select one of the 2 VPN Connections


What am I missing here? How do I configure this so users can connect to the VPN from internal connections?

Accepted Solution

All Replies

  • stephan
    stephan Posts: 31  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    I forgot to add: with the above settings clients in the Wifis can not connect to VPN regardless on if they try to connect to IP of port 1 or port 4.
  • stephan
    stephan Posts: 31  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hi Stanlley,

    I had problems using firefox and chrome opening the console. Java plugins don't seem to be supported anymore. I used putty to connect and this seemed to work.

    After entering the commands there and rebooting, clients can now connect.

    If you can please, can you comment on if the internal vpn objects I created are even necessary? Or can I delete them? Because it seems internal clients use the regular VPN now.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @stephan

    According the objects that you added, you can delete that and just keep objects those been referenced in VPN rule.


Security Highlight