[NEBULA] L2TP VPN to LAN error
Freshman Member
Trying to setup an L2TP VPN (max 5 users) to LAN1 (only network). Tried different settings (Client VPN subnet) but keep getting error "The Client VPN subnet cannot overlap with Site-to-site VPN subnets of **Site_Name** in the same organization" when saving. Found info for USG60 but it's way too complicated (compared to other routers I've successfully set up). Is there a relatively easy way to configure this? (NSG50 has latest firmware).
Accepted Solution
-
You cannot use the same subnet for the VPN and LAN/VLAN interfaces, that's why you can save it when using 192.168.2.221/29, which will anyway give you access to 192.168.1.1/24 network unless you configure a firewall rule to block it.
Think of the VPN subnet as another network interface.
"You will never walk along"6
Ally Member
All Replies
-
Hi @EricBgood ,
Welcome to Nebula community!?
This message shows up because the system detect that your L2TP pool subnet has conflict with NSG LAN/Vlan subnet, can you check on it and feel free to let me know the result.
/Chris
0 -
Hi & thanks for the quick response. I understood the error message but need more of a solution than an explanation. Here is an example similar to what I've done in the past & am trying to do now: Lets say the only LAN is 192.168.1.1/24, DHCP pool is from .100 to .200, when configuring the VPN client subnet I've tried settings like 192.168.1.221/29 which should give me (5) IPs for the VPN clients starting at .221 (I've done similar on other routers).
If I use 192.168.2.221/29 it doesn't error but that's not a LAN that's being used. Hopefully you or someone else can tell me how to get (5) IPs for the VPN clients in the 192.168.1.x LAN. Thanks in advance. Eric
0 -
You cannot use the same subnet for the VPN and LAN/VLAN interfaces, that's why you can save it when using 192.168.2.221/29, which will anyway give you access to 192.168.1.1/24 network unless you configure a firewall rule to block it.
Think of the VPN subnet as another network interface.
"You will never walk along"6 -
Thank you for a simple & concise answer. It now works just as you said. This also explains why I had trouble with other equipment while others worked the way I was trying before (some D-Link routers come to mind). Zyxel & Nebula is is the best way to go now!
2
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 118 Nebula Status and Incidents
- 6.1K Security
- 428 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 422 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
