L2TP VPN Connection on USG Flex 200 V5.39(ABUI.0) | 2024-08-22

Antares3000
Antares3000 Posts: 26  Freshman Member
First Comment Third Anniversary
in Security

I'm trying to configure a VPN on this device. Client can connect correctly. It is ok. If client ping 8.8.8.8 it works. However if client try to navigate www.google.com or some other addresses dosn't work. Cannot understand why dosn't work. I think some rules is missing. In attachment the configuration i did. Can someone help me? Thanks. CB

VPN.pdf

Accepted Solution

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary
    Answer ✓

    I solved the problem. In the static rule i changed next hope from the Trunk to the specific WAN channel. I don't know why it dosn't work with trunk setting. I checked trunk setting and there was only the wan channel. So it should be the same. But it seems not.

All Replies

  • PeterUK
    PeterUK Posts: 3,390  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    seems odd you can connect and ping 8.8.8.8 but not get to google site.

    can you DNS and that the DNS uses your connection

    check your logs for blocked access

    you can make a routing rule for the VPN if needs

    incoming tunnel VPN

    next hop WAN1

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary

    check your logs for blocked access → nothing result blocked

    you can make a routing rule for the VPN if needs → i did. you can see the rule in the last page of the pdf document i uploaded in the post. It is done as you said.

  • PeterUK
    PeterUK Posts: 3,390  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 25

    so can you DNS?

    i did. you can see the rule in the last page of the pdf document i uploaded in the post. It is done as you said.

    remove rule 1

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary

    so can you DNS?


    what do you mean ?

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary

    I've an other similar VPN. Already configured months ago. It worked in the past. Don't know till when. But in august i used it. Now it dosn't work and it has the same problem too. I didn't change anything. Since a long time. Cannot understand what is happening. Maybe a firmware upgrade?

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary

    I understood what you mean. No. Doesnt DNS

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    Do security policies allow from L2TP to "DNS" to Google or other external ip addresses?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Antares3000 ,

    You also can share the remote session information with us to access to your firewall directly for further investigation? If yes, please check the steps on your Community inbox.

    Untitled Image

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • Antares3000
    Antares3000 Posts: 26  Freshman Member
    First Comment Third Anniversary
    Answer ✓

    I solved the problem. In the static rule i changed next hope from the Trunk to the specific WAN channel. I don't know why it dosn't work with trunk setting. I checked trunk setting and there was only the wan channel. So it should be the same. But it seems not.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)