PeterUK  Guru Member

update It seems the FLEX H does not like Domain Name so use IP or interface but good news is behind NAT when using interface works if you use Domain Name you run into “policy match error” so if you want to use a DDNS you have to set to Domain Name download the setup Configuration then change back to interface and for Auto…

update I went back to V1.10(ABWV.0)b9s3 and it tested fine for Domain Name then booted to V1.20(ABWV.0)ITS-m4447 and now its fine….so may be a reboot was needed and the settings are not updating in the Flex?

The interface is external VLAN443 to which you have the interface ping to no-ip.org and bounceme.net which you will fail then allow by other firewall The way in which the routing ping check is not blocked when you fail interface ping check to interface of other firewall (all be it thats not how my setup works as I NAT ICMP…

The easy free way is to setup a DDNS with no-ip you then point that subdomain to your IP Setup a Email server like: https://www.hmailserver.com/ https://www.mailenable.com/ setup a admin Email under your subdomain Go to sslforfree do a 90 days free certificate for your subdomain to which you will verify by receiving Email…

Check my Video You have to fail the interface ping check first but not the routing ping check then allow interface ping check then fail routing ping check. It took some attempts to do it

have your ISP give you 2Gb speed and you will see your limited to 1Gb

Link speed will be 2.5Gb even if you connect modem to router WAN because you go from client to 2.5Gb switch to 1Gb LAN on router to WAN 2.5Gb to modem. Just because you have the modem to switch will not mean you can go faster then 1Gb because client to 2.5Gb switch WILL go from switch to LAN 1Gb LAN on router then WAN…

I think Zyxel know about and should be able to fix it however at some point may not work due to encrypt client hello which if DNS over HTTPS is used unless Zyxel also add block if no SNI

I don't think you fully get the problem your in you are still limited to 1Gb with your setup as you have done it. you need a 2.5Gb router for WAN and LAN

Could be to do with this https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/ use DNS Content Filter will work if client don't use DNS over HTTPS clear browser cache and run this in Flex debug content-filter https-domain-filter cache flush

Think I have found the reason for self-signed certificate not working windows for IKEv2 only supports (going by testing with a Flex H self-signed certificate) ECDSA-SHA256 which the Flex 200 (non H) supports doing but not for VPN as it don't show up when selecting a certificate. but a certificate you get for DDNS is not…

you will need the certificate with private key on the client device just checked you don't just the certificate and Intermediate certification authorities

I use noip.com and dynu.com with certificate by RapidSSL Basic DV, No-IP Vital Encrypt DV and sslforfree.com You will need to install the Intermediate certification authorities and then your certificate in personal

I seems MS now don't like self-signed certificate but a real certificate by DDNS works