Follow up on zyxel vpn tutorial - and soft ether vpn server
My_IT_Hurts
Posts: 13
Hello guys,
To sum things up quick, i followed these tutorials:
https://support.zyxel.eu/hc/en-us/articles/360001390914
https://support.zyxel.eu/hc/en-us/articles/360000706899
And i get stuck with windows 10 stating that the remote server doesn't respond.
On the zywall log all i see is "
"
I've added port 1701 (udp/tcp) to the security policy wan_to_zywall on top of the default one (which has 51/50/443/500/4500...), but zywall doesn't care it seems.
What could i be doing wrong ?
Also i've tried setting up a soft ether server, and i got also issues with the firewall that throws a fit with ping, always logging ping type 8 or 15 issues/anormality issues even though ive seem to have authorized it.
Is this issue related my first question (wrong config) or is soft ether incompatible with zywall ?
To sum things up quick, i followed these tutorials:
https://support.zyxel.eu/hc/en-us/articles/360001390914
https://support.zyxel.eu/hc/en-us/articles/360000706899
And i get stuck with windows 10 stating that the remote server doesn't respond.
On the zywall log all i see is "
Security Policy Control | Match default rule, DROP [count=3] |  my_ip:47653 | public_ip:1701 | ACCESS BLOCK |
I've added port 1701 (udp/tcp) to the security policy wan_to_zywall on top of the default one (which has 51/50/443/500/4500...), but zywall doesn't care it seems.
What could i be doing wrong ?
Also i've tried setting up a soft ether server, and i got also issues with the firewall that throws a fit with ping, always logging ping type 8 or 15 issues/anormality issues even though ive seem to have authorized it.
Is this issue related my first question (wrong config) or is soft ether incompatible with zywall ?
0
All Replies
-
[edit: sorry didn't see the edit button...]0
-
AFAIK 1701 UDP is L2TP port. Probably your appliance is considering Softether a L2TP client and not an IPSec Client.
0 -
Hi mMontana,
I see my post was confusing... the softether vpn server issue is another question.
my issue with port 1701 blockage is after following the zyxel campus tutorial.
To be clearer, i see on the zywall that a session is started but after 5 seconds it stops with windows 10 saying no response from remote server
0 -
Hi @My_IT_Hurts
Could you have a check the VPN disconnect log entries in Monitor > Log for check the reason?
You may share the screenshot of log entries for further check.0 -
Hi Zyxel_Stanley,Zyxel_Stanley said:Hi @My_IT_Hurts
Could you have a check the VPN disconnect log entries in Monitor > Log for check the reason?
You may share the screenshot of log entries for further check.
i don't find anything in the monitor / log for vpn (is it vpn dashboard in the filter ? i also look at l2tp over ipsec...)
i just select all logs and the only thing with my ip is:52022-07-01 15:02:35noticeSecurity Policy ControlMatch default rule, DROP [count=2]distant_client_ip:64434public_ip:1701ACCESS BLOCK
in Monitor \ VPN Monitor i get this during a few seconds:
0 -
As stated before...
Confirmed by both your images...mMontana said:AFAIK 1701 UDP is L2TP port. Probably your appliance is considering Softether a L2TP client and not an IPSec Client.
Your Softether connection is "recognized" ad L2TP, not IPSec.
As stated by Softether, the client is a IPSec client; if you need L2TP, Softether suggest to use the integrated OS client, and not softether.
If you're using (as stated) SoftEther Server, you need to setup in a different way your Zyxel device.0 -
Hi,
@mMontana : thanks but please read again my first post. The softether issue was simply a additional question.
Ok i shouldn't have added it but really the current issue is only with the tutorial made by zyxel campus, and the sec policies that need to be added on the zywall after (in my case it's an issue with port 1701
best regards0 -
Hi @My_IT_Hurts
You may have a check if L2TP Pool IP address has overlap to others interfaces, then caused routing issue.
If it still doesn't help, you may send your configuration to me by private message have further check.
0 -
@Zyxel_Stanley : no it doesn't.
But since then i switched to a ssl vpn method, which works fine.0 -
Hi @My_IT_Hurts
It's good to know you use SSL VPN tunnel as workaround and tunnel works well.
If you like, we could help to check L2TP VPN tunnel issue continually.
You can provide startup-config or HTTPS access privilege by private message to me for further check this issue.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
