VPN by Domain Name not working for remote access VPN

PeterUK
PeterUK Posts: 3,316  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
in USG FLEX H Series

USG FLEX 200H V1.20(ABWV.0)ITS-m4447

Domain Name / IP for Domain Name like dnsip11.ddns.net that points to 192.168.255.235 not working when PC on the same LAN but if I use IP or interface it works for downloading the configuration get “policy match error” when using dnsip11.ddns.net when I tested this on V1.10 it I'm sure it was working working

All Replies

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    update

    I went back to V1.10(ABWV.0)b9s3 and it tested fine for Domain Name then booted to V1.20(ABWV.0)ITS-m4447 and now its fine….so may be a reboot was needed and the settings are not updating in the Flex?

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited May 11

    update

    It seems the FLEX H does not like Domain Name so use IP or interface but good news is behind NAT when using interface works if you use Domain Name you run into “policy match error”

    so if you want to use a DDNS you have to set to Domain Name download the setup Configuration then change back to interface and for Auto Certificate download both Domain Name and interface and copy the .crt over to the Domain Name Configuration.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hello @PeterUK

    May we know whether this symptom persists for now? Thanks.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited May 14

    yes you can't use set to  Domain Name give you “policy match error” on the VPN client.

    if you quickly set to a Domain Name and click on the client VPN it works but that likely because the change over was not made then next connection “policy match error” only setting to interface is stable

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 3

    USG FLEX 200H V1.20(ABWV.2)

    Just checked this now get no “policy match error” when using Domain Name for VPN IPsec/IKEv2

    or not

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 3

    Ok update on the problem more if Flex is behind NAT without getting a WAN IP

    WAN IP > NAT > 192.168.254.10 WAN on flex

    When the flex is behind NAT you can't use Domain Name / IP like zyxel-router7.ddns.net or you get “policy match error” on the VPN client but you can get the config when its set to this then set the Incoming Interface to WAN interface or IP 0.0.0.0 for the VPN client to then connect

    But if the Flex is not behind NAT getting a WAN IP when Domain Name / IP like zyxel-router7.ddns.net then it works

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)