Non-Nebula VPN Peers two IP Ranges

Hello together,

i'am step by step will change from local webinterface configuration to Nebula configuration. (usgflex200)

This time i test the relevant functions for our network and have a problem with the VPN configuration.

Site A - With local webinterface configuration
Public IP: 85.55.66.77
must connect via VPN to 11.11.14.0 Subnet (1)
must connect via VPN to 192.168.69.0 Subnet (2)

Site B - With Nebula configuration
Public IP: 86.54.32.10
must connect via VPN to 192.168.20.0 Subnet (1)
must connect via VPN to 192.168.21.0 Subnet (2)

With local webinterface configuration on both sides, it work well, with none-nebula and nebula only one VPN connection.

------------------------------------------------------------------------

Site A - With local webinterface configuration

IPSec VPN->VPN Gateway
VPN_14_SUB created
VPN_69_SUB created

IPSec VPN->VPN Connection
VPN_14_SUB created - Local Policy 192.168.20.0 / Remote Policy 11.11.14.0
VPN_69_SUB created - Local Policy 192.168.21.0 / Remote Policy 192.168.69.0

Site B - With Nebula configuration

Firewall->Site-To-Site VPN
Select Network 11.11.14.0/24 + 192.168.69.0/24

Non-Nebula VPN Peers:
Name: VPN_20_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.20.1/24
Name: VPN_22_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.21.1/24

------------------------------------------------------------------------

Only the 11.11.14.0 Subnet is reachable and build the VPN up, when both IP Subnets in Nebula are active.
When I deactivate the Subnet 11.11.14.0/24 and activate 192.168.69.0/24 in Nebula, the first VPN disconnect and the second connected.

I hope you can help me.

Best regards
Matthias Lagenstein


Accepted Solution

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @Ray00731
    Your networks subnets are:
    Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
    Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24

    1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
    On Nebule site:
    Create Non-Nebula VPN setting

    Routing for VPN traffic


    On-premise device site:
    Create VPN tunnel with "Virtual tunnel Interface".

    Create VTI interface

    Create static route for VPN traffic


    There is only 1 VTI  VPN tunnel, you could add multiple subnets what you needed.

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @Ray00731
    Your networks subnets are:
    Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
    Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24

    1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
    On Nebule site:
    Create Non-Nebula VPN setting

    Routing for VPN traffic


    On-premise device site:
    Create VPN tunnel with "Virtual tunnel Interface".

    Create VTI interface

    Create static route for VPN traffic


    There is only 1 VTI  VPN tunnel, you could add multiple subnets what you needed.
  • Hello Stanley,

    you saved my weekend. It works, so i can start the project next week!

    Many thanks!

Nebula Tips & Tricks