[NEBULA] L2TP VPN to LAN error

EricBgood

Trying to setup an L2TP VPN (max 5 users) to LAN1 (only network). Tried different settings (Client VPN subnet) but keep getting error "The Client VPN subnet cannot overlap with Site-to-site VPN subnets of **Site_Name** in the same organization" when saving. Found info for USG60 but it's way too complicated (compared to other routers I've successfully set up). Is there a relatively easy way to configure this? (NSG50 has latest firmware).

RUnglaube

You cannot use the same subnet for the VPN and LAN/VLAN interfaces, that's why you can save it when using 192.168.2.221/29, which will anyway give you access to 192.168.1.1/24 network unless you configure a firewall rule to block it.

Think of the VPN subnet as another network interface.

Zyxel_Chris

Hi @EricBgood ,

Welcome to Nebula community!?

This message shows up because the system detect that your L2TP pool subnet has conflict with NSG LAN/Vlan subnet, can you check on it and feel free to let me know the result.

/Chris

EricBgood

Hi & thanks for the quick response. I understood the error message but need more of a solution than an explanation. Here is an example similar to what I've done in the past & am trying to do now: Lets say the only LAN is 192.168.1.1/24, DHCP pool is from .100 to .200, when configuring the VPN client subnet I've tried settings like 192.168.1.221/29 which should give me (5) IPs for the VPN clients starting at .221 (I've done similar on other routers).

If I use 192.168.2.221/29 it doesn't error but that's not a LAN that's being used. Hopefully you or someone else can tell me how to get (5) IPs for the VPN clients in the 192.168.1.x LAN. Thanks in advance. Eric

EricBgood

Thank you for a simple & concise answer. It now works just as you said. This also explains why I had trouble with other equipment while others worked the way I was trying before (some D-Link routers come to mind). Zyxel & Nebula is is the best way to go now!