ATP-100 Surfshark VPN

Miky
Miky Posts: 11  Freshman Member
First Comment Friend Collector Second Anniversary

Hi community,

first…i'm a home user with basic network skills and try to configure a VPN to the provider Surfshark.

Surfshark available connection methods: Openvpn, Wireguard, IKEv2

As i understand only IKEv2 is working on my Zyxel ATP-100, so i try to apply the settings.

Surfshark don't provide a presharedkey, instead provide a certificate (.crt)

In the VPN settings i can only choose from "My certificates" but im not able to upload the certificate.

The system response is:

errno: -17010

errmsg: PKI certificate request does not exist.

How i can create such a request to import this certificate?

Else in the "trusted certificates" section the certificate upload works well.

One more thing:

The surfshark certificate is with SHA256 RSA encryption 4096bit

If i try create a certificate there is no higher option then 2048bit

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Even if you could upload the certificate it will not help you as for reasons I do not know you can't setup VPN to connect to such VPN providers to route traffic to the VPN maybe that will change one day I don't know.

    The only way I know of was to use a VPN providers with PPTP which only works because some ISP require this but you can use it to route traffic down it.

  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi Peter,

    many thanks for the fast reply.

    I'm wondering that not Zyxels IKEv2 not works with VPN providers. In the VPN wizard i choose the option "Remote connection client role". So i hope maybe works for me.

    I come back to my initial question how import the certificate to try at least if the VPN works. May with the latest firmware it's possible.

    If IKEv2 not works as you say, can you give me a hint how configure the PPTP connection?

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 22

    So for PPTP go to object > ISP account there you can make a PPTP with mppe-128 weak encryption due to how old PPTP is and MSCHAP-V2 authentication along with user name a password and server then go to network > interface > PPP and setup base port you WAN zone the account profile you made then it will connect and you can make routing rule to have traffic go down the PPTP of your VPN if your VPN providers supports PPTP that is.

  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Many thanks for the instructions regarding PPTP. Seems that Surfshark support this type of connection but i read that this type of connection is old not safe. I try it out and let you know…

    For the mentioned security reason i will also try to establish the IKEv2 connection. Any hint to import the certificate?

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,583  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi Melen,

    thank you for the FAQ link.

    The FAQ talk about merging a key with a certificate. Also i see pem and pfx files are used.

    I have only a crt file from my VPN provider.

    Please excuse me for not having a deep knowledge of certificate types.

  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi Peter, i follow your clear instructions but didn't work. The connection can't established. I'm wondering why in the PPP settings afterwards i found an assigned IP and DNS.

  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @Miky,

    I don't think it can be done.

    As I know, Zyxel firewall not support as an IPsec client to request IP address from VPN server.

    It support site to site and VPN server only.

  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi,

    I have to accept that with my device it‘s not possible to establish a Sursharc VPN connection.

    Nevertheless i‘m surprised of the very quick and professional help in these community.

    Thank YOU!

    May you have a recommandation for a small device to add to my ATP100 to manage only the VPN connection?

    I don‘t know if it‘s important but i have also a Zyxel NWA210AX wifi access point.

  • Miky
    Miky Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi OllyBe,

    thank you to share your experience.

    After i read your message i requested the correct settings for PPTP from my VPN provider. Unfortunately this protocol is no longer supported.

    So remain only the possibility with IKEv2 on ATP100 (other members in this community tell me it's not possible)

    or

    Use an additional device supports IKEv2, OpenVPN or the most recommended, Wireguard.

    Any suggestion?

Security Highlight