CHS  Master Member

In your trunk settings, there's an option to create a "User Configured Trunk". This feature should be suitable for your scenario.

Since your logs are showing "no Proposal chosen," it's likely that there's a mismatch in the Phase 1 or Phase 2 settings between the USG100 and the Flex 200. Ensure that both sides are using the same settings for Phase 1 and Phase 2 negotiations. This includes encryption, hash, Diffie-Hellman Group, and lifetime settings.

On remote office, You can add all of your intranet IP segments as a group abject first. And add policy route to route traffic to main office. e.g. Source: IP Group, Destination: Any, Next Hop: VPN tunnel Of course, you have to add the same rule to route traffic back to remote office. e.g. Source: Any, Destination: IP…

One possible solution to this issue is to configure a "new IP pool" for remote VPN clients on the USG110, and then ensure that the ERP site is configured to route traffic from this "new IP pool" back to the local site. You can refer to the article which provides detailed instructions on how to forward traffic to a branch…

You can have a try to setup DNS Server. (e.g. 8.8.8.8)

You can have a try Server Name & URL in DDNS within user custom setting. Server: dyndns.strato.com URL: /nic/update?

You can try 'Fast Forwarding' on the USG60, which allows traffic to pass without content checking. (Configuration > System > Advanced > Fast Forwarding)

Are there many users did not authorised by Web Authentication function?

The default firewall policies allow traffic to and from the IPSec VPN Tunnel because the latest rule blocks all traffic "From Any to Any". Therefore, the rules you mentioned should not cause any problems. You can check if any policy route rules are affecting your VPN traffic.

For Layer3 router, ZyXEL firewall doesn't support block client by MAC address(Layer 2). You can only block MAC address by swtich or by AP profile. Or you can consider block client "IP traffic(Layer 3)" by current functions. (1) Add MAC address into "Static DHCP Table" settings, and assign a specific IP address for client.…

You may have a try strongswan VPN client APP, maybe it still support L2TP VPN connection.

@Kepir Your VPN connection scenario is different as previous one which setting is "client to site VPN"... Here is FRITZBOX site to site VPN configuration guide: https://en.avm.de/service/vpn/tips-tricks/connecting-the-fritzbox-with-a-companys-vpn/ In IKEv1 setting on USG could be: #6 The VPN ID on USG doesn't support space…

You may have a try key group setting on ATP200: Phase1(VPN Gateway): DH2 Phase2(VPN Connection): none If still doesn't help, you can share VPN connection fail log entries.

The Verizon WiFi Calling seems working with IPSec VPN tunnel. https://community.verizon.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659 Did you create Port Forwarding(NAT) rule to mapping IPSec VPN traffic from WAN zone to your iPhone?

There is no SSL VPN client for Linux OS. You could try to build VPN tunnel by other types. (e.g. L2TP VPN)