USG Flex 100 L2TP VPN problem with shared folders
Hi everyone,
I have a working L2TP VPN Remote Access on a USG Flex 100 installed in a office. Connecting a PC with hotspot from my phone I simulate an external connection and it connects. When I try to navigate to the server in the office through IP it doesn't respond.
What I'm looking for is:
PC1 uses the VPN to the office and then start working from home in the shared folders that are in the server. But if he needs to use internet for browsing or whatever, he's gonna use his/her public IP.
I managed to make it communicate with the server but I have to activate from Windows the flag "Use default gateway on remote network" (or something along those lines, I'm translating it from Italian), but if I flag that setting then the PC won't be able to navigate in the network anymore (don't know why).
These are the screenshots of my VPN (didn't want to make it way longer with screenshots):
LAN is 10.0.0.0/24, the server (10.0.0.2) is in the LAN. Behind the Firewall there is a router (192.168.0.1) that goes directly to the internet.
I don't have any Policy Route or Static Route, nor NAT.
If you need other screenshots or info just let me know.
Thank you all.
Accepted Solution
-
Hi @Rgnvdjfgdfg ,
Greeting Forum, That is split tunnel setting on Windows.
For your inquirement, unselect "Use default gateway on remote network" is correct.
But in order to reach 10.0.0.0/24 . You have to add route manually.
Please find the powershell command. I've tested it work fine.
Add-VpnConnectionRoute -ConnectionName "Your VPN profile name" -DestinationPrefix "10.0.0.0/24"
("route add" command must know client VPN address at first. It will be changed everytime and it is difficult for end users')
Thank you
1
All Replies
-
What the IP of PC1? Is it on 10.? or even 192.168.51.? before connecting to the VPN
0 -
SO some testing here...its a limitation of the client VPN that can't send 10. IP down the VPN when "Use default gateway on remote network" is unchecked.
With MS a way round this is to set LAN USG with 10.0.0.1 with subnet 255.255.255.128 and the VPN pool 10.0.0.128 subnet 255.255.255.128
0 -
I thought about it too, but I saw many times when setting it up that i couldn't use as VPN pool any subnet already in use.. I'm going to try it right now and see if it works, thank you.
0 -
I did some testing:
Can't set it up as you said because we have some PC at the office with IP like 10.0.0.140 so can't use Subnet as 255.255.255.128 . I should use 255.255.255.32 to not have problems but seems like the USG doesn't accept it. Tried to set 255.255.254.0 in the LAN and VPN pool from 10.0.1.0 to 10.0.1.100 but still nothing.. Looking from ipconfig in PC1 I saw that it gets 255.255.255.255 as subnet and gateway is blank, could that be the cause of it? Or is there a client I could use instead of using the VPN function of Windows?
0 -
Hi @Rgnvdjfgdfg ,
Greeting Forum, That is split tunnel setting on Windows.
For your inquirement, unselect "Use default gateway on remote network" is correct.
But in order to reach 10.0.0.0/24 . You have to add route manually.
Please find the powershell command. I've tested it work fine.
Add-VpnConnectionRoute -ConnectionName "Your VPN profile name" -DestinationPrefix "10.0.0.0/24"
("route add" command must know client VPN address at first. It will be changed everytime and it is difficult for end users')
Thank you
1 -
Hi,
I used the command you just posted:
Add-VpnConnectionRoute -ConnectionName "Your VPN profile name" -DestinationPrefix "10.0.0.0/24"
but it didn't give any response. I looked for something about it around the network, and I found the same command with the add of "-PassThru" at the end. Tried it and now it seems to work just fine.
Thanks a lot
2 -
nice command😎
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 238 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight