USG Flex 100 H Remote Access VPN (IPSec) problem

Finglow

Last time I set one of these up it was using pre-shared key, and it all worked fine. This has me stumped, though.

I've configured the Remote Access IPSec VPN on the USG:

I/f: ppp1 (it's a PPPoE pass-through log-in on ge1)
Zone: IPSec_VPN
Split tunnel: LAN 1 subnet range
Client network: subnet that doesn't clash with LAN1 or remote subnet
Auth server: local
User: user created for testing

I have an older version of the client software, so to avoid complication (ho ho) am trying to use the Windows VPN client (Win 11). Download the setup batch file and certificate and created the VPN card.

The connection comes up and prompts for credentials. I give the relevant user/password and then it just spins until it times out.

I've looked for step-by-step guides, but can't find anything current that shows anything different to what I'm doing.

Zyxel_Melen

Hi @Finglow,

This issue is because the firewall generate the script lacks of routing rules for the split-tunnel. This issue will be fixed in the next firmware release.

Zyxel_Melen

Hi @Finglow

May I know the firmware version you're using?

Finglow

Firmware 1.32(ABXF.0)

Zyxel_Melen

Hi @Finglow,

This issue is because the firewall generate the script lacks of routing rules for the split-tunnel. This issue will be fixed in the next firmware release.

Finglow

I have used the revised script sent privately, but am still unable to access devices on the remote LAN when the VPN is connected.

Finglow

Apologies, I can't see a way to de-flag the answer.

Although the new script is allowing authentication, no traffic is routing over the VPN. Any attempt to ping or tracert to the remote LAN times out at the first hop, although the loca routing table shows the Client Network as the route to the remote LAN.