"No proposal chosen" VPN IPSEC L2TP Connection between Zyxel USG50 flex and MacOS Sonoma
Hi,
due to the SSL_VPN Client 1.2.6 for MacOS ist EOL we try to switch from SSL_VPN to L2TP IPSEC VPN. I configured everything like in the description even the encryption to AES256/SHA256 which seems to be nessesary for Sonoma.
But i only got this when i try to connect:
my config for the Gateway is:
whats wrong?
best, moe
All Replies
-
Hi @moe5k ,
Please try using these proposals and check if the issue is resolved.
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Hi Zyxel_Judy,
thy for your reply.
Meanwhile i could manage to establish the connection Phase1 (at least with IKEv1) and even Phase2 (at least with MacOS, not yet with Win10). But now i am struggling with the the routing
inside the VPN-Connection. I cannot only reach the internal networks when i enable in the client that all the traffic should go via VPN. Is it possible to tell the (MacOS/Win) client to use only the VPN if network YXZ is used?
best, moe0 -
Sorry … my Request was may be a bit confusing..
What i mean is:
i need to send all traffic trough the tunnel otherwise the routing to the remote network does not work.
Any suggestions?thx moe
0 -
unless the VPN client can send traffic out side the the VPN by default the VPN client sends all traffic down the tunnel.
have you setup a policy rule to allow from VPN zone to given LAN?
0 -
thx for your answer.
Yes the VPN-Zone can send traffic to the LAN behind the Zywall. But only as long i force ALL traffic to the tunnel everything is fine. But when i disable the option "send all traffic through VPN Connection" then MacOS tries to reach the remote LAN via its normal interface what of course not works.
We use the MacOS integrated VPN-client not the IPSEC-client from Zyxel. Does this makes the diffrent maybe?0 -
So in windows you can do this option by PowerShell with "use default gateway on remote network" disabled on VPN TCP/IP settings
add-vpnconnectionroute -connectionname "VPN name" -destination "192.168.138.0/28" -passthru
or
add-vpnconnectionroute -connectionname "VPN name" -DestinationPrefix "192.168.138.0/28" -passthru
Not sure about MacOS
(1) Split Tunneling - L2TP & IPSec SecuExtender – Zyxel Support Campus EMEA
0 -
Yes, i think it is possile to set the routes for that in MacOS too.
But i don´t want to force my users to do that.I thought may be there is an option to set routes for remote networks automatic after the VPN-Connection is established?
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight