[NEBULA] How to set L2TP over IPSec VPN on NSG and end devices?

Zyxel_Jason
Zyxel_Jason Posts: 411  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Sales Associate
edited June 2023 in Nebula Security Gateway
In Figure1, there are multiple clients that want to access the server that is behind NSG. To do that, the clients establish the L2TP over IPSec VPN tunnel to NSG.


Figure 1 L2TP over IPSec VPN

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested Nebula gateway, switch, APs with the last firmware version on Nebula Center Control (NCC).

Configuration Setting:

For NSG:
  1. Go to "Configure > Security gateway > Remote access VPN" and configure the parameters.

    Client VPN server: L2TP over IPSec client

    Client VPN subnet: 192.168.100.0/24

    DNS name severs: Use Google Public DNS

    WINS: No WINS severs

    Secret: <Pre-shared key>

    Authentication: Nebula Cloud Authentication

  2. Go to “Configure > Cloud authentication”, select Account type “VPN User” and create(add) user.

    Note: If you only want this account to access specific site via L2TP, you may select Specified sites in Authorized section.
  3. Click Save and make sure NSG’s configuration status is up to date.
  4. Enable "Use VPN" at Security Gateway > Configure > Site-to-Site VPN page.
    (Make LAN devices are pingable by L2TP client)



For Windows 10:
  1. Create VPN profile.
    "Settings > Network & Internet > VPN > Add a VPN connection"
  2. Configure required information and click Save.

For MAC OS:
  1. Create VPN profile.
    "System Preferences > Network"

  2. Configure required information including NSG’s public IP and account name. Click Authentication Settings to setup passwords and shared secret(Pre-shared key)


  3. Click Advanced and check “Send all traffic over VPN connection”

For Linux Ubuntu:
  1. Create VPN connection.
    "Settings > Network > VPN" and choose L2TP

  2. Configure required information including NSG’s public IP, account name and password.

  3. Configure Pre-shared key. Also, “3des-sha1-modp1024” for Phase 1 and “3des-sha1” for Phase 2

  1. Create VPN connection.

For Android 10:
  1. Create VPN connection.

  2. Click connect.

Test the Result:
  1. On Windows 10

    Ping the server

    On NSG, "Security gateway > Monitor > VPN connection".

  2. On MAC OS

    Ping the server

    On NSG, "Security gateway > Monitor > VPN connection".

  3. On Linux Ubuntu (Open terminal and use “ifconfig” commands)

    Ping the server

    On NSG, "Security gateway > Monitor > VPN connection".

  4. On iPhone

    Ping the server

    On NSG, "Security gateway > Monitor > VPN connection".

  5. On Android

    Ping the server

    On NSG, "Security gateway > Monitor > VPN connection".

Jason

See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community
Tagged: