How to configure L2TP VPN with Android Mobile Devices
Zyxel_Charlie
Posts: 1,034 Zyxel Employee
The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely and allow traffic from L2TP clients to go to the Internet.
Topology:
Note:
All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG310 (Firmware Version: 4.13) and Android version (Firmware Version: 5.0)
Step
Step 1: Set Up the L2TP VPN Tunnel on the ZyWALL/USG
1. In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings for L2TP VPN Settings wizard to create a L2TP VPN rule that can be used with the remote Android Mobile Devices. Click Next.
Quick Setup > VPN Setup Wizard > Welcome
2. Then, configure the Rule Name and set My Address to be the wan1 interface which is connected to the Internet. Type a secure Pre-Shared Key (8-32 characters).
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings
3. Assign the remote users IP addresses range from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel and check Allow L2TP traffic Through WAN to allow traffic from L2TP clients to go to the Internet. Click Next.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings (L2TP VPN Settings)
4. This screen provides a read-only summary of the VPN tunnel. Click Save.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings (Summary)
5. Now the rule is configured on the ZyWALL/USG. The rule settings appear in the VPN > L2TP VPN screen. Click Close to exit the wizard.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings > Wizard Completed
6. Go to CONFIGURATION > VPN > L2TP VPN > Create new Object > User to add User Name and Password (4-24 characters). Then, set Allowed User to the newly created object (L2TP_Remote_Users/zyx168 in this example).
CONFIGURATION > VPN > L2TP VPN > Create new Object > User
Configure the L2TP VPN
7. If some of the traffic from the L2TP clients need to go to the Internet, create a policy route to send traffic from the L2TP tunnels out through a WAN trunk. Set Incoming to Tunnel and select your L2TP VPN connection. Set the Source Address to be the L2TP address pool. Set the Next-Hop Type to Trunk and select the appropriate WAN trunk.
CONFIGURATION > Network > Routing > Policy Route
0
Comments
-
Hi i tried this tuto, never worked, and tried other tutorials too, I didn't found a solution to connect via l2tp, can you pleas help me, I did exactly the way you explained0
-
Hi @srihiruCan you provide your device config file to us via private message for further investigation?
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
Could you provide a USEFUL documentation, instead of spreading the same misleading documentation, like this one.
Just read the first paragraph of this tutorial:
"The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely and allow traffic from L2TP clients to go to the Internet."
What a nonsense!
Have a look at the picture above. Is the "Networking Pool" on the other side of the tunnel, on the "Android Device"? Really?
The old saying RTFM does apply only if the FM are correct and well written, which unfortunately for zywall manuals, since Zywall 2 if i remember, is not the case.
Regards,
A.
0 -
Hi @anno_t34
Thanks for your suggestion.
We had corrected this title to “How to configure L2TP VPN with Android Mobile Devices”
You can refer to our latest handbook of P.242~253.
https://download.zyxel.com/ATP500/handbook/ATP500_ZLD5.10_Handbook.pdf
BTW, "Networking Pool” means the L2TP client's IP address pool.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
1. Title "IPSec/L2TP Connection: RemoteClient to Site (zywall Server Role).
2. Enumerate the requirements for implementing the connection.
2.1 : Server Side requirements, includes ISP services.
2.3 : Client Side requirements, includes ISP services.
Can you build an IPSec/L2TP VPN Connection from a client device which is behind a firewall, that filters IPSec/L2TP protocols?
Can you build an IPSec/L2TP VPN Connection to a VPN Server which is NAT'ed by the ISP (private NAT or CGNAT, out of your control?
How can you build an IPSec/L2TP VPN connection, if the VPN Server has a dynamic public IP address?
Anyway, establishing an IPSec/L2TP channel per se has no value. What matters is a full case scenario, that describes ALL steps including the implementation of the required firewall security policies, troubleshooting methods, etc.
From the tutorial above, you can get the impression, that configuring a VPN connection is a piece of cake, which is not. Securing one is another story.
I made this picture, that should provide a more realistic view of the landscape. Feel free to correct me, if I'm wrong.
Regards,
A.
0 -
Hi @anno_t34Thanks for your suggestion.We will enhance the contents of the technical document for L2TP behind NAT scenarios in the future.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight