[NEBULA] L2TP / VPN / Mandatory RADIUS or AD-SERVER

[Deleted User]
[Deleted User] Posts: 118  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited April 2021 in Nebula
Why is this mandatory to set up a L2TP connection on the NSG100? I can think about situation u are not in the opportunity to buy an extra AD-server or RADIUS server just for setting up a vpn connection?

Comments

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Radius/Active directory servers is used to authenticate users connecting to L2TP VPN. If you don't use it, how are you going to authenticate them?
    "You will never walk along"
  • Zyxel_Dean
    Zyxel_Dean Posts: 237  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @Mark_ZYXEL,
    The current configuration for L2TP is only allowing authentication with RADIUS server, so it is required to setup a RADIUS server at the moment.
    However, you will be able to use Nebula Cloud Authentication for L2TP clients in the next update in May.

    @RUnglaube yes indeed , RADIUS/AD servers are required for authentication, but we provide cloud authentication in addition for those who doesn't know how or lack of resources as Mark implied

    Cheers!
  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    @Nebula_Dean great! Actually, I was wondering what was the VPN User option in Cloud authentication :sweat_smile:
    "You will never walk along"
  • sebala
    sebala Posts: 17  Freshman Member
    First Anniversary Nebula Gratitude First Comment
    is it possible to authenticate L2TP VPN users through Active Directory ?
  • Zyxel_Irene
    Zyxel_Irene Posts: 118  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @sebala
    Welcome to Nebula Forum!

    Yes, of course! B) We support to authenticate L2TP VPN users through Active Directory!

    Before you set up L2TP VPN, please check your network topology with following items,
    1. Internet is connect with WAN 1. (At this stage, NSG is designed to support L2TP VPN connection though WAN 1, but we plan to enhance in the future.)
    2. If NSG is behind NAT, you have to set the NAT rules on your router, UDP port 500 and 4500 are necessary to be enabled on it, or the packet won’t be passed.

    After the above actions, you can go to Gateway > Configure >  My authentication server to add your server (AD or RADIUS). The maximum entries for AD server is two, and also RADIUS server.


    Then go to Gateway > Configure >L2TP over IPSec client, and in the Authentication drop-down menu, you can server AD server you added.


    There is step-by-step for you to set up  L2TP VPN authentication with Active Directory (AD): https://businessforum.zyxel.com/discussion/307/how-to-setup-l2tp-vpn-client-connection-with-authentication-server#latest

Nebula Tips & Tricks