This is not meant to be an exhaustive step by step how-to, I'll only put in the settings that are different to those in Brano's how-to located at the following URL:
»
L2TP VPN on USG - quick how-toThis VPN was created for use by an iOS device (iPod/iPad) connecting to a Zyxel USG20W. Specifically it was iOS 7 and USG20W with firmware 3.30 (BDR.1).
If any of the experts on this board see any blinding errors or feel the need to add anything please feel free to make comments below. In the case of errors I will change this how-to accordingly.This is a VPN where you can connect to your home network from outside of the network and use your device as though you were connected directly from inside the network.
So for those that are not familiar with VPN's; you can go away on holidays, connect to the internet using the hotels connection and then establish a VPN using say an iPod or iPad and it will be just like you were connected from home.
This is good for things like home automation/security systems where the client software is loaded on your iPod/iPad and needs to be on the home network to function. Some of these home automation systems allow users to connect via an intermediate server but they usually charge a yearly fee for this. Using a VPN allows you to connect directly thus avoiding those yearly fees.
So firstly read Brano's quick how-to post and then make these additions which will make it work for an iOS device connecting into a network that is bridged.
When setting up the VPN gateway and VPN connection in your Zyxel the only encryption and authentication you need for an iOS 7 device is 3DES/SHA1, you can remove all the others.
The main difference is the routing rules, specifically the 2nd rule in the list needs to be added because of the local
'General' type bridge. The source 'Bridge' is simply an address object of address type 'Interface Subnet' and the interface set to the bridge:
Below are the firewall rules, you should be able to lock them down even further. The WAN to Zywall rule is one of the default rules that comes preconfigured on the firewall, the relevant services being ESP, IKE and NATT (as per Brano's how-to)
Below is a screen shot of the iPod VPN connection setup where XX.XX.XXX.XX is your WAN IP address, the 'Account' is a user created on the USG20W together with a password, the 'Secret' is the pre-shared key entered into the VPN gateway: