USG Flex 100 H Remote Access VPN (IPSec) problem

Options
Finglow
Finglow Posts: 8  Freshman Member
First Comment

Last time I set one of these up it was using pre-shared key, and it all worked fine. This has me stumped, though.

I've configured the Remote Access IPSec VPN on the USG:

I/f: ppp1 (it's a PPPoE pass-through log-in on ge1)
Zone: IPSec_VPN
Split tunnel: LAN 1 subnet range
Client network: subnet that doesn't clash with LAN1 or remote subnet
Auth server: local
User: user created for testing

I have an older version of the client software, so to avoid complication (ho ho) am trying to use the Windows VPN client (Win 11). Download the setup batch file and certificate and created the VPN card.

The connection comes up and prompts for credentials. I give the relevant user/password and then it just spins until it times out.

I've looked for step-by-step guides, but can't find anything current that shows anything different to what I'm doing.

Accepted Solution

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,514  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Finglow,

    This issue is because the firewall generate the script lacks of routing rules for the split-tunnel. This issue will be fixed in the next firmware release.

    Zyxel Melen


All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,514  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Finglow

    May I know the firmware version you're using?

    Zyxel Melen


  • Finglow
    Finglow Posts: 8  Freshman Member
    First Comment

    Firmware 1.32(ABXF.0)

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,514  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @Finglow,

    This issue is because the firewall generate the script lacks of routing rules for the split-tunnel. This issue will be fixed in the next firmware release.

    Zyxel Melen


  • Finglow
    Finglow Posts: 8  Freshman Member
    First Comment

    I have used the revised script sent privately, but am still unable to access devices on the remote LAN when the VPN is connected.

  • Finglow
    Finglow Posts: 8  Freshman Member
    First Comment

    Apologies, I can't see a way to de-flag the answer.

    Although the new script is allowing authentication, no traffic is routing over the VPN. Any attempt to ping or tracert to the remote LAN times out at the first hop, although the loca routing table shows the Client Network as the route to the remote LAN.