USG20-VPN VPN-Wizard issues

TTpD
TTpD Posts: 6  Freshman Member
First Comment
edited April 2021 in Security

We own a USG20-VPN, firmware version v4.33_ABAQ.0, and we need to set up 10 vpn connections through l2tp over ipsec.

We used the "VPN-Wizard" from the "Easy-Mode" to get, immediately, the job done. We set up win10 clients as described here: https://support.zyxel.eu/hc/it/articles/360001390914-Configurazione-L2TP-su-USG-Firewall-utilizzando-il-client-integrato-di-Windows but they do not connect, we even considered/tested the usage of SecuExtender client, but it should not be required, isn't it?

We did stuff this way (for testing):

  • all nics were disconnected from lan (wired and wireless)
  • only the wifi nic was connected through external connection (5G tethering and then FTTH)
  • server-side the config was done first by VPN-Wizard then accordingly to: https://support.zyxel.eu/hc/en-us/articles/360000706899
  • the previous link implicitly was referring to Easy-Mode (first part) and Expert-Mode (second part), so the VPN-Wizard in Easy-Mode is not enough...
  • then we considered http://onesecurity.zyxel.com/img/uploads/ZyWALL_L2TP_VPN_Setup.pdf from the Expert-Mode panel link for configuring everything, manually, from scratch

In the end the question is:

what is the fastest way to get L2TP/Ipsec up and running?

All Replies

  • TTpD
    TTpD Posts: 6  Freshman Member
    First Comment

    The vpn connection (l2tp/ipsec) between home (client) and office (vpn server) is up with previous configurations, but you cannot ping or access any resources and it's not due to client's firewalling rules or missing routing, or chapv2, what could be missing?

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,298  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @TTpD

    Welcome to Zyxel community

    Is there any log showed on USG-20 VPN when you try to ping or access the resources?

    What’s the subnet on both site, is it overlapping?

    Can you share your topology with IP address and your configuration with us in private message?

Security Highlight