How do I have to configure L2TP to connect via L2TP over IPSec from integrated VPN-Client in MacOS?
Freshman Member
Dear community,
I'm new in this forum, but I think together we get my problem fixed...
I've bought a new USG20W-VPN, this is connected to our company-LAN.
We have some employees, that need to connect from iPhone, iPad and their home MacOS-Devices to the company-network.
I've tried several configurations, this one was my last try - but sadly without success: http://onesecurity.zyxel.com/img/uploads/zywall_l2tp_vpn_setup.pdf
I also tried the SecuExtender-Software. But also with that software, no success.
I don't want to force our employees to setup some software on their devices. So the best way would be to simply use the integrated macOS VPN-Client.
Actually I don't care about which VPN-Type get's me to work... I just have noticed, that the "Cisco VPN" works very well with AVM-FritzBoxes.
I hope, dear community, that my problem is understandable (my english is a little bad).
If not, feel free to ask ?
My Firmware-Version is: 4.33(ABAR.0)
Thank you very much,
zzkwozz
I'm new in this forum, but I think together we get my problem fixed...
I've bought a new USG20W-VPN, this is connected to our company-LAN.
We have some employees, that need to connect from iPhone, iPad and their home MacOS-Devices to the company-network.
I've tried several configurations, this one was my last try - but sadly without success: http://onesecurity.zyxel.com/img/uploads/zywall_l2tp_vpn_setup.pdf
I also tried the SecuExtender-Software. But also with that software, no success.
I don't want to force our employees to setup some software on their devices. So the best way would be to simply use the integrated macOS VPN-Client.
Actually I don't care about which VPN-Type get's me to work... I just have noticed, that the "Cisco VPN" works very well with AVM-FritzBoxes.
I hope, dear community, that my problem is understandable (my english is a little bad).
If not, feel free to ask ?
My Firmware-Version is: 4.33(ABAR.0)
Thank you very much,
zzkwozz
0
All Replies
-
Hi zzkwozz, for Apple MacOS , no need for external bloatware.....
1) non MDM mac (99%) ... use the stock standard System Preferences / Network Preferences/ UI as:- click on "+" in left side bar to add interface
- Interface : "VPN"
- VPN Type: "L2TP over IPsec"
- Service Mame "any customised name"
- "Create"
- select the amber (yellow) VPN interface in ethernet system prefs / network UI....
- then... "Server Address" = the.externalhostname.com where the VPN is
- Account Name = " you account on the server that validates your VPN" .. this coulee be /Users/ account of an LDAP account where the password is authenticated. If you use LDAP you will ned to have the USG20VPN call an LDAP server with PAP { windows 10 etc| (no encryption)... Else for testing make sure the account has a user/password in the zyxel USG20VPN (Objects: Users...)
- click Authentication Settings :
- Authentication Settings: password for the user account
- Authentication Settings: Machine Authentication: ** pre shared key*** or the certificate for SSL , click OK
- Network Prefs / VPN/ Advanced /Options : untick the stuff you don't want // For a Full tunnel leave "send all traffic over VPN" ticked on.
- Apply
- connect
Really simple...
2) for corporate or company MDM managed macs and devices....for MDM Payload, use MacOS Server Profile Manager. set up a VPN payload for specific account user or group if thats your persuasion .. send them the profile ... the for then install, click and go (iOS and Macs ) .. really simple works great! with Zyxel)
You don't need any zyxel or other bloatware .. use the native L2TP client in Apple MAcOS .
{ FWIW, for WIndoze 10, use the native Windows Built in L2TP client .. works great as well for the zyxel USG ... }}
Tip: Make sure your usg20vpn has the VPN gateway and Vpn connection hashing / encryption etc correct else it work work for ipads/ iPhones... Plenty of stuff on this in the forums.
HTH
warwick
Hong Kong
0 -
Thanks for your answer!I've checked my settings again, but the connection can't be etablished. The error message is:
The L2TP-VPN-Server does not answer. Try again to connect. If the problem persists, check the settings or contact your administrator.
Well... I am the administrator ?If I ping the server, the IP is perfectly resolved and the Router answers.
If I try to connect over VPN Tracker (just for testing) the error tells me (PPP).Do you have any more ideas?0 -
@zzkwozz
Regarding to this case,
can I know is the USG20W-VPN behind the AVM-FritzBoxes? If yes, and FritzBoxes is not bridge mode, you need to add NAT rule on FritzBoxes. The SOP as your reference.
ZyWALL for a L2TP server behind NAT
Also, when you test VPN scenario, the L2TP client(Iphone or PC) cannot establish VPN connection via SSID which USG20W-VPN spreads.
Charlie
0
Ally Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
