|
kmoore251
Anon
2015-Jan-30 2:38 pm
Help with Zyxel Zywall USG50 VPN setupHi, all. First, I fully admit to knowing almost nothing about networks...but I am fairly computer savvy and am good at following directions. I don't know anyone locally to help with this (either free or for a fee) so I'm hoping I can figure it out with some help.
We are trying to set up a VPN so that I can access our office LAN from home. We have been able to set up the VPN connection and I can apparently connect. Using the built in VPN connection client in Windows, it does show that I am connected to the VPN. However, none of the network drives or other computers on the network are accessible. All network drives have a red "x" and I get the "local device is already in use" error if I click on them. I tried deleting and remapping the drives, but I cannot connect to any of them.
Any chance someone here can help? |
|
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2015-Jan-30 10:30 pm
Over VPN you need to use IP addresses when mapping a drive, you can't use network name. Did you try with IPs?
Can you ping any of the remote servers? It may be a firewall issue. |
|
|
Kmoore251
Anon
2015-Jan-31 10:06 am
Thanks for your reply.
I'll check these things on Monday and reply back unless I can find out the IP addresses before then. I believe these are external drives attached to one of the computers at work, not attached directly to the network. Does that complicate things? |
|
Kmoore251 |
Kmoore251
Anon
2015-Feb-2 2:11 pm
So I think I tried to ping one of the computers on the network while connected via the VPN connection. I went to the command prompt and ran ipconfig /all and found the address on the computer I was trying to ping. I also tried to ping a couple of devices that are sent up in the Port Forwarding area of the Zyxel interface. Both of those attempts timed out. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON (Software) OPNsense Ubiquiti UniFi UAP-AC-PRO Ubiquiti NanoBeam M5 16
|
Brano
MVM
2015-Feb-3 7:26 am
Is this a L2TP over IPsec VPN? Or is this straight IPSec VPN? What are your endpoints? When you go to Monitor -> VPN Monitor -> IPSec do you see the tunnel up? What firmware are you on? Consider upgrading to the latest 3.30(BDS.7) » ftp:// ftp.zyxel.com/ZyWALL_USG ··· irmware/ |
|
|
Kmoore251
Anon
2015-Feb-3 8:25 pm
I'm sorry, I didn't get a notification that you had posted and I just saw this. I was home sick today, anyway. The walk-through provided by Zyxel said to set up something in IPSec and L2TP so I did both. If I go in tomorrow, I'll look and see if I can see the active tunnel. Where do I look at that? Thank you so much for your help and patience |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2015-Feb-3 8:36 pm
Is this a router-to-router VPN or PC-to-router VPN? |
|
|
Kmoore251
Anon
2015-Feb-3 8:37 pm
PC to router |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2015-Feb-3 8:45 pm
What is the OS on the PC? |
|
|
Kmoore251
Anon
2015-Feb-4 10:41 am
Windows 8.1. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON (Software) OPNsense Ubiquiti UniFi UAP-AC-PRO Ubiquiti NanoBeam M5 16
|
Brano
MVM
2015-Feb-4 5:52 pm
|
|
|
kmoore251
Anon
2015-Feb-11 5:00 pm
Yes, it appears to be. I can see that I am connected when I look in the monitor section of the router's admin panel, but I still can't get to the networked machines. |
|
JPedroT Premium Member join:2005-02-18 |
JPedroT
Premium Member
2015-Feb-12 3:55 am
Both IPSec and L2TP is connected?
Then I would check policy/routing/firewall rules. One way to debug is to create firewall rules for ping and set them to log, then you will see when packet crosses zones. |
|
|
KMoore251
Anon
2015-Feb-12 11:08 am
I'm not sure how to tell if both IPSec and L2TP are connected. When I looked in the monitor while my PC showed to be connected to the VPN, I could see me. When I disconnected from the VPN on my PC, I could not.
The second part...is a bit over my head. I have the firewall rules as outlined in Brano's post, though, if that matters. |
|
JPedroT Premium Member join:2005-02-18 |
to kmoore251
Under Monitor there is an option to view all current IPSec connections and an option to view all L2TP connections.
When its working fine, you should see a connection under both menus. I have noticed that when I try to connect with my Android phone, only IPSec has a listing, while its blank under L2TP. I do not know why, but my android is not able to connect over L2TP after finishing the IPSec setup. In the hotel I am, depending on where I am physically, I can get a setup working or just the IPSec connection working, just like the Android. If I am in my room everything works, while in the lobby/restaurant it does not work. Even though its the same SSID, ie should be the same NAT GW etc.
So you might be experiencing what I am experiencing in this hotel. |
|
JPedroT 1 edit |
JPedroT
Premium Member
2015-Feb-13 8:18 am
Would also be interesting if you could do a pathping from you PC to the ZyWALL WAN IP address, this just to find the MTU in the path between your PC and ZyWALL.
I found ithe ssue of my inability to connect to the ZyWALL was due to the fact that one AP connection had a to low MTU.
One AP supported a ping size of 1480 bytes and the other only supported 1457.
I tested it from my Mac using this ping command, not sure windows ping support the same switches.
ping -g 1444 -G 1508 -c 2 -h 1 -D ZyWALL_IP_Address
Pathping on windows should figure out the MTU, in its own way.
My hotel woes was fixed by enabled ignore fragmentation, an option I do not like, but it atleast made thing work. Then again I assume certificate based vpn connections will break, but since I use PSK for now, its not a pressing issue for me. |
|
|
Kmoore251 to JPedroT
Anon
2015-Feb-24 3:19 pm
to JPedroT
I do see my connection under both areas, I just logged in and looked. |
|
JPedroT Premium Member join:2005-02-18 |
JPedroT
Premium Member
2015-Feb-25 11:49 am
If you still can not ping, then you need to look at your firewall setup. Did you try to do a pathping to the wan ip of the zywall, without the vpn connected? |
|