[NEBULA] L2TP VPN to LAN error
Freshman Member
Trying to setup an L2TP VPN (max 5 users) to LAN1 (only network). Tried different settings (Client VPN subnet) but keep getting error "The Client VPN subnet cannot overlap with Site-to-site VPN subnets of **Site_Name** in the same organization" when saving. Found info for USG60 but it's way too complicated (compared to other routers I've successfully set up). Is there a relatively easy way to configure this? (NSG50 has latest firmware).
Accepted Solution
-
You cannot use the same subnet for the VPN and LAN/VLAN interfaces, that's why you can save it when using 192.168.2.221/29, which will anyway give you access to 192.168.1.1/24 network unless you configure a firewall rule to block it.
Think of the VPN subnet as another network interface.
"You will never walk along"6
Ally Member
All Replies
-
Hi @EricBgood ,
Welcome to Nebula community!?
This message shows up because the system detect that your L2TP pool subnet has conflict with NSG LAN/Vlan subnet, can you check on it and feel free to let me know the result.
/Chris
0 -
Hi & thanks for the quick response. I understood the error message but need more of a solution than an explanation. Here is an example similar to what I've done in the past & am trying to do now: Lets say the only LAN is 192.168.1.1/24, DHCP pool is from .100 to .200, when configuring the VPN client subnet I've tried settings like 192.168.1.221/29 which should give me (5) IPs for the VPN clients starting at .221 (I've done similar on other routers).
If I use 192.168.2.221/29 it doesn't error but that's not a LAN that's being used. Hopefully you or someone else can tell me how to get (5) IPs for the VPN clients in the 192.168.1.x LAN. Thanks in advance. Eric
0 -
You cannot use the same subnet for the VPN and LAN/VLAN interfaces, that's why you can save it when using 192.168.2.221/29, which will anyway give you access to 192.168.1.1/24 network unless you configure a firewall rule to block it.
Think of the VPN subnet as another network interface.
"You will never walk along"6 -
Thank you for a simple & concise answer. It now works just as you said. This also explains why I had trouble with other equipment while others worked the way I was trying before (some D-Link routers come to mind). Zyxel & Nebula is is the best way to go now!
2
Zyxel Employee
Categories
- All Categories
- 428 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 348 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
