Unable to Establish VPN Connection
Freshman Member
I was recently setting up a VPN, and it turns out that when I used the wizard tool, it didn't work when executing the .bat file; it basically didn't establish a connection. I believe the problem is that the USG Flex 100 is not directly connected to the internet but to a router. Can anyone advise me on which ports or forwarding settings I should configure on the router for the VPN to work?
All Replies
-
Yes correct you can get a DDNS and use Domain Name / IP instead of interface then disable/enable the VPN to make new config
or you can edit the .bat with the WAN IP
0 -
Don't let me select the certificate
0 -
try without the wizard
0 -
I tried, I charged the certificate but doesn't work
I'm connecting with the .bat
0 -
Ok with wizard put in "Domain Name / IP" your WAN IP this should make a certificate under auto.
0 -
I already tried that before posting in the forum and it didn't work for me.
0 -
Ok its a bit of a problem more here
But I have worked out the problem
So you should have a VPN config with your WAN IP but it don't work good thats the one you want now go to system > Certificates make a note of the Certificate with your WAN IP then go back to VPN settings set Certificate to Manual and select the noted Certificate then set Domain Name / IP to 0.0.0.0 and now when the VPN client connects it will work
0 -
Hi @Brandix
If you want to set up an L2TP VPN behind NAT, you'll need to configure port forwarding on your primary router to allow VPN traffic to reach the USG Flex 100.
For more details, please refer to this discussion thread:
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Hi Kay
The problem is much more then port forwarding due to how simple the VPN setup is that is causes a problem when setting with auto Certificate.
So you use Incoming Interface WAN but that put the wrong IP in config and make a Certificate for like 192.168.2.2 and so the client will not connect so you would think for Incoming Interface set the WAN IP which make the config with the right IP and Certificate but you will get “policy match error” on the VPN client so you change the Incoming Interface to 0.0.0.0 but then this make a new Certificate with 0.0.0.0 and config to IP 0.0.0.0 which is wrong. So in order for it to work you must use the config with the Certificate of the WAN IP by Manually selecting it with Incoming Interface to 0.0.0.0 then it all works.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 150 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 269 USG FLEX H Series
- 273 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
