How to setup complete VPN solution for USG110?

mrwee
mrwee Posts: 40  Freshman Member
First Comment Friend Collector Fifth Anniversary
There are many ways a user can connect to our USG110 via VPN: SecuExtender, VPN Client, native iOS & Android & Windows, but I struggle to find a complete setup guide which covers all. Does that exist?
«1

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    edited August 2021
    Hi @mrwee
    You can refer to this FAQ for setup L2TP VPN on different platform.
    It include Windows/ IOS/ Android to setup L2TP VPN tunnel in your environment.
    Also you can refer to handbook for different VPN types for different scenarios.
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Having 8 WAN IP addresses, I assume a physical or virtual WAN interface must exist? Seems like I can only define 4 virtual WAN addresses in additionl to wan1

  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You don't need to setup virtual interface for many wan IPs you use routing rules with SNAT


  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    @PeterUK Not even for L2TP/IPsec "terminating" on the router?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @mrwee
    In current design, user can only add up to 4 virtual interfaces per Ethernet interface.
    So it means, you can configure 5 static public IP address on 1 WAN interface.
    In VPN Gateway setting, "Interface" have to own the public address. And 1 interface can add multiple VPN rules.
    The other 3 public IP addresses, you can create port forwarding rules or policy route with SNAT for different scenario.
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    @Zyxel_Stanley Thought there were some kind of limitation. Can't get VPN to work, but I'll dig some more.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @mrwee
    What kind of VPN type that you would like to configure on your device? You may explain your scenario first, then we can give you some of suggestion.
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Sry, I can see that it wasn't that clear. I'm looking for enabling what I think should be (Not an VPN expert):
    L2TP/IPsec with IKE2 (Assume it's the most secure encryption) for e.g. iOS +Android + w10 / Zyxel VPN Client
    SSL/SecuExtender when L2TP/IPsec is blocked/doesn't work.

    The lack of virtual wan interface, surely messed it up for me, when trying different things, but I still haven't managed to get my head around it :(


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @mrwee

    If you would like to setup and configure IKEv2 on Win10 & IOS client, you can follow this thread.
    It has guide how to setup them on native client without others software.

    According to L2TP/ SecuExtender are using for different protocol.
    L2TP is using for IKEv1.
    SecuExtender is for SSL VPN tunnel the packet is encrypted by HTTPS packets.
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hi @Zyxel_Charlie ...And this brings me back to somewhat fragmented documentation.
    I (and hopefully others) would appreciate a complete "remote worker" manual, covering all these scenarios in one guide. If all was covered in one, it would probably also minimize the error risk in merging multiple configuration suggestions  ;)

Security Highlight