Flex 100H DNS over VPN Tunnel

13»

All Replies

  • PeterUK
    PeterUK Posts: 3,573  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Change VTI for 172.16.0.1 and 172.16.0.2 at both ends

  • P4Colin
    P4Colin Posts: 22  Freshman Member
    First Comment Friend Collector First Anniversary

    Updated VTI to provided (our office 200H to 172.16.0.1/30 and client site 200 to 172.16.0.2/30). Verified I can ping from from computer to server and vice versa again after the VPN reconnected. Traffic from the router still does not traverse the VPN:

    image.png

  • PeterUK
    PeterUK Posts: 3,573  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    That problem must be the FLEX non H side have you got the right zone from to LAN?

  • PeterUK
    PeterUK Posts: 3,573  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 30 Answer ✓

    OK I think I have found what you have done so you will need to remove the VTI and everything for the VTI and start over not sure if this is a bug or not on FLEX H

    so when setting up the VTI DO NOT change the following for Policy and yes you MUST start over

    Screenshot 2025-01-30 014855.png

  • P4Colin
    P4Colin Posts: 22  Freshman Member
    First Comment Friend Collector First Anniversary
    https://community.zyxel.com/en/discussion/comment/74490#Comment_74490

    THIS IS THE FIX! We did have this limited to just to two /24 subnets for each site. We did not need to recreate the VPN in this instance, we just updated the Phase 2 policies to the 0.0.0.0/0 subnets and now I am able to communicate from the router over the tunnel to the server.

    This is a bit confusing compared to the non-H series, where in the Phase 2 settings it removes the local/remote policy options when you choose VTI. Not sure if this is just an oversight and needs to be taken out or if this is intended.

    Thanks @PeterUK for your time and persistence!

  • P4Colin
    P4Colin Posts: 22  Freshman Member
    First Comment Friend Collector First Anniversary
    edited January 30

    When going back into the VPN setting again for further troubleshooting, I saw the options for Active Protocol and Encapsulation completely missing from the Phase 2 settings. I believe this may have occurred from attempting to add a second set of subnets in the Policy here:

    image.png

    The router started locking up to the point where it seemed like it would not send any traffic (computer behind the router lost its internet connection, pinging from Network Tool failed to any external sources). I was able to reboot it through the web interface and these options still did not reappear. I did have to delete the VPN completely and recreate it in order for these options to reappear.

    Possibly a couple of bugs to look at here @Zyxel_Melen

    *Edit - When the VPN gets into this weird mode, I am able to login to the device but it almost seems like something on the routing table is messed up since nothing is routed to the internet. Just by deleting the VPN, internet connectivity was restored.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)