[NEBULA] L2TP / VPN / Mandatory RADIUS or AD-SERVER

Mark_Zyxel
Mark_Zyxel Posts: 109  Zyxel Employee
edited April 14 in Nebula
Why is this mandatory to set up a L2TP connection on the NSG100? I can think about situation u are not in the opportunity to buy an extra AD-server or RADIUS server just for setting up a vpn connection?

👾

Comments

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    Radius/Active directory servers is used to authenticate users connecting to L2TP VPN. If you don't use it, how are you going to authenticate them?
    "You will never walk along"
  • DeanTW
    DeanTW Posts: 243  Zyxel Employee
    Hi @Mark_ZYXEL,
    The current configuration for L2TP is only allowing authentication with RADIUS server, so it is required to setup a RADIUS server at the moment.
    However, you will be able to use Nebula Cloud Authentication for L2TP clients in the next update in May.

    @RUnglaube yes indeed , RADIUS/AD servers are required for authentication, but we provide cloud authentication in addition for those who doesn't know how or lack of resources as Mark implied

    Cheers!
  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    @Nebula_Dean great! Actually, I was wondering what was the VPN User option in Cloud authentication :sweat_smile:
    "You will never walk along"
  • sebala
    sebala Posts: 17  Freshman Member
    is it possible to authenticate L2TP VPN users through Active Directory ?
  • Nebula_Irene
    Nebula_Irene Posts: 139  Zyxel Employee
    Hi @sebala
    Welcome to Nebula Forum!

    Yes, of course! B) We support to authenticate L2TP VPN users through Active Directory!

    Before you set up L2TP VPN, please check your network topology with following items,
    1. Internet is connect with WAN 1. (At this stage, NSG is designed to support L2TP VPN connection though WAN 1, but we plan to enhance in the future.)
    2. If NSG is behind NAT, you have to set the NAT rules on your router, UDP port 500 and 4500 are necessary to be enabled on it, or the packet won’t be passed.

    After the above actions, you can go to Gateway > Configure >  My authentication server to add your server (AD or RADIUS). The maximum entries for AD server is two, and also RADIUS server.


    Then go to Gateway > Configure >L2TP over IPSec client, and in the Authentication drop-down menu, you can server AD server you added.


    There is step-by-step for you to set up  L2TP VPN authentication with Active Directory (AD): https://businessforum.zyxel.com/discussion/307/how-to-setup-l2tp-vpn-client-connection-with-authentication-server#latest

Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!