Zyxel USG20W-VPN setup and PPPoE connection

mlik
mlik Posts: 18  Freshman Member
First Anniversary First Comment
edited September 2021 in Security
Hello,

I have set up a Zyxel USG20W router on my network. For this I used the wizard to configure the PPPoE connection. I configured additional settings, eg redirection, etc. Everything worked for 2 days. Today, the team only connects to RDP, the viewer does not have, you can see that the problem, because the eset did not download, only was a problem. I logged in via RDP to the router and noticed that in the settings

Configuration-> Network-> Interface> Ethernet has WAN from the DHCP Center got some strange address 10.0.0. *. From what I remember it was 0.0.0.0.

I solved the problem for a while by rewriting the WAN_PPP address to the WAN as static. I think I am missing a setting that will redirect traffic from WAN_PPP to WAN. This will solve the problem if the ISP changes the address.

Accepted Solution

«1

All Replies

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Did you updated to 3.30BDR9 WK48 firmware?


  • mlik
    mlik Posts: 18  Freshman Member
    First Anniversary First Comment
    edited September 2021
    i have version: V4.33(ABAR.0) / 2019-01-09 17:32:53 I did not update
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    So your device is actually USG20W-VPN, and not USG20W. Version 4.33 is quite old, latest is 4.65P1. I strongly suggest you to update firmware on your device as soon as possible.
    As far as i can remember, should not be a straight path, at least you have to upgrade to an intermediate version...
  • mlik
    mlik Posts: 18  Freshman Member
    First Anniversary First Comment
    Yes, sorry this is the USG20W-VPN. Do you think that firmware update may be important here? There is some simple setting that I could have skipped? example forward wan to wan_ppp?
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2021
    mlik said:
    Do you think that firmware update may be important here?
    I am certain that there are important security issues solved into recent firmwares, this is why i strongly suggest you to update as soon as possible.
    Moreover, 4.33 is almost 3 years old, and i think that quite a lot of problems has been resolved.
    Take a run on the changelog... ;)


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @mlik
    Since the running firmware version (V4.33) on your USG20W-VPN is quite out of date, it’s highly recommended to upgrade the firmware to V4.65p1(https://portal.myzyxel.com/my/firmwares) firstly.
    In addition, normally the ISP may terminate the PPPoE lease periodically,  you can choose the PPPoE connectivity to Nailed-Up to keep the internet connection so that the IP address will keep renewed.

  • mlik
    mlik Posts: 18  Freshman Member
    First Anniversary First Comment
    I have concerns about the latest firmware version.

    Today I installed the same USG20W-VPN router with version V4.33 (ABAR.0). Before configuration, I updated the router to 4.64 (ABAR.0) - the oldest available on the website. Then to 4.65 (ABAR.1).

    After setting up PPPoE, I set the IP address to LAN1 - 192.168.100.100 and turned on DHCP. The internet worked. I set up a wifi network - it worked.

    Configuration of LAN interfaces:
    LAN1 - 192.168.100.1
    LAN2 - 192.168.2.1

    Despite the configuration as shown in the picture below, the devices were assigned different addresses - some devices had addresses 192.168.100. *, Part 192.168.2. *. It looked as if P4 was assigned the LAN1 interface and P5 was assigned LAN2. WHAT'S GOING ON. I did a reset - it did not help.






    The solution was to set the P3, P4, P5, P6 configuration to LAN2.Currently.
    I am afraid to upload new versions. Maybe someone will explain it to me?

    This is the Nailed-Up setting I turned on at the very beginning.


  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Did you cleared the browser cache after firmware upgrade? You can also consider to have a quick test on "in private" access for double check.

    As your declaration, this could be the "right" set of your ports.


    Assuming P3 for LAN1/lan1 (192.168.100.1/24) and P4 for LAN2/lan2 (192.168.2.1). P5 and P6 i did not understand if they are connected (and to what...) or not.

    Please also don't forget that...
    LAN1 and lan1 are... not the same thing, by USG perspective.

    LAN1 and LAN2 are zones, a group/subset of network interfaces that share similar goals. As an example, consider that network of offices and network of production devices might be two separate interfaces (phisical or virtual, as vLANS) called "Office1" and "Production1" who might be into LAN1 zone. LAN2 could be the zone for the Wireless networks OfficeWLAN and "ProductionWLAN"... 
    But a different sysadmin could consider that arrangement not good, and use this setup:
    LAN1 (Office1, OfficeWLAN), LAN2 (Production1, ProductionWLAN).

    lan1 and lan2 are network interfaces. phisical or virtual the migth or might not have different subnets (i strongly suggesto your to have different) and might be or might not be into the same zone.

    One of the most (for beginners) confusing thing are that.. Ports, Interfaces and Zones can be mixed (and messed) a lot! You could have on P6 the interface Lan5 which lay on LAN1  and it's your... internal lan! The one that by default has 192.168.1.1/24 subnet, called Lan1 on P3 into zone LAN1.

    Spending enough time with paper and pen, design the whole network before put in place with settings is time consuming. But avodids a lot of time consuming later in troubleshooting.
  • mlik
    mlik Posts: 18  Freshman Member
    First Anniversary First Comment
    Today I updated the router with which I started the thread on the forum. The update went smoothly. As for the second rotuer - I suppose I must have lost my way at some point. The update is ok. Thank you very much mMontana for your help. Sorry, but I'm a novice user.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    @mlik today i was headbanging against some wrong settings on a USG60W that I made. And still I haven't solved all the issues of the arrangement.

    All we are novice in something. There's nothing wrong, but sometimes is necessary study and knowing theory for solving issues or... design something without that issues. And create it into settings.

    I hope that this suggestions helps you into the future: update the firmware of routers and security devices is sometimes a time critical task.
    And Zyxel recently had to be... swift in create and publish solutions to the issues...
    So updating both your devices was important, not only for (maybe) solving the issue of your PPPoE ;)



Security Highlight