dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1038
share rss forum feed

apocalyp

join:2013-10-20

VPN connection on USG20W

Everything I seem to find is about making it possible for clients to connect through a zexel. I'm trying to make my internet bound traffic go trough the tunnel instead.

More specifically I'm trying to build a vpn connection to privateinternetaccess.com

I'm completely lost with zyxel gui and I'm at a lost on how to grab the information in »www.privateinternetaccess.com/pa···wrt_pptp and using it to build the tunnel I need.

Thanks ahead of time for any help.

gb5102

join:2003-10-07
Saint Paul, MN
kudos:2
I personally have never set up PPTP, but try this:

pptp account setup is under System>ISP Account.

Create a new user-defined entry. Looks like the Encryption Method is going to be mppe-128, not sure about Authentication Type, try default CHAP/PAP first. Compression off. Other fields are pretty self-explanatory.

Then go to Interface>PPP and create new user-defined interface. Base Interface: WAN1, Zone: WAN. Under ISP Setting choose the account you set up previously.

After entering your info, try to connect. If not connecting, check the Zywall's system log and see if you get a hint what is not working. Try changing the encryption and authentication settings.

Once connected you will need to setup policy route(s) to send the desired traffic thru that interface.

For example:
Incoming:LAN1, src:any, dst:any, dscp:any, service:any, source-port:any, Next-hop:interface:[your_pptp_connection], SNAT:outgoing-interface.

Also set the 'auto-disable' option to disable the route when the PPTP connection is down.

Hopefully that gives you a good starting point at least...

apocalyp

join:2013-10-20
I've gone through those settings and confirmed with PIA that the encryption should be mppe-128 and authentication is mschap-v2.

When I try connecting I get the following 2 messages:

1
2013-10-22 13:48:50
alert
Interface
Interface Private_VPN connection terminated.

PPP STATUS
2
2013-10-22 13:48:41
notice
Interface
Interface Private_VPN start dialing.

PPP STATUS

Of course very useful error logs lol.

Anyone have any ideas?

gb5102

join:2003-10-07
Saint Paul, MN
kudos:2
can you enable logging for all 'Deny' rules set in the firewall, including the default rule(if set to 'Deny')? Then try connect again, and check logs again for anything blocked during this time period.

apocalyp

join:2013-10-20
I only have the default rule as deny and I set it to allow for my tests because it was blocking it initially.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to apocalyp
I do not believe what you're trying is possible with USG. The PPTP connections are meant to be primary ISP connections only. Your scenario will likely not work and is unsupported. I've tried this once but never succeeded.
If you really want to terminate your VPN on USG find a VPN provided that supports plain IPSec or L2TP over IPSec.

EDIT: After quick look at your VPN provider they do offer L2TP/IPSec ... configure that instead.

apocalyp

join:2013-10-20
My understanding is that the L2TP/IPSec on the USG is to connect to it not the other way around. If there's a way to connect it the other way around any help would be appreciated.

Also I went ahead and tried configuring the IPSec portion of it and when I try and connect I get the following message in the log:

Tunnel [PIAVPN] dns update is not ready.

Any ideas?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
Ah right, what was I thinking, the VPN provider is dial-in only.
Unfortunately, I see you have these 3 options:
1) Terminate the VPN on some other VPN device (not USG) that is capable of PPTP or L2TP or OpenVPN dial-out.
2) Find another VPN provided that supports plain IPSec. USG can dial-out this VPN.
3) Use the VPN from your PC only (pretty much same as option #1 but for one client only)