dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
868

kmoore251
@cox.net

kmoore251

Anon

Help with Zyxel Zywall USG50 VPN setup

Hi, all. First, I fully admit to knowing almost nothing about networks...but I am fairly computer savvy and am good at following directions. I don't know anyone locally to help with this (either free or for a fee) so I'm hoping I can figure it out with some help.

We are trying to set up a VPN so that I can access our office LAN from home. We have been able to set up the VPN connection and I can apparently connect. Using the built in VPN connection client in Windows, it does show that I am connected to the VPN. However, none of the network drives or other computers on the network are accessible. All network drives have a red "x" and I get the "local device is already in use" error if I click on them. I tried deleting and remapping the drives, but I cannot connect to any of them.

Any chance someone here can help?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Over VPN you need to use IP addresses when mapping a drive, you can't use network name. Did you try with IPs?

Can you ping any of the remote servers? It may be a firewall issue.

Kmoore251
@cox.net

Kmoore251

Anon

Thanks for your reply.

I'll check these things on Monday and reply back unless I can find out the IP addresses before then. I believe these are external drives attached to one of the computers at work, not attached directly to the network. Does that complicate things?
Kmoore251

Kmoore251

Anon

So I think I tried to ping one of the computers on the network while connected via the VPN connection. I went to the command prompt and ran ipconfig /all and found the address on the computer I was trying to ping. I also tried to ping a couple of devices that are sent up in the Port Forwarding area of the Zyxel interface. Both of those attempts timed out.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

Is this a L2TP over IPsec VPN? Or is this straight IPSec VPN? What are your endpoints?
When you go to Monitor -> VPN Monitor -> IPSec do you see the tunnel up?

What firmware are you on? Consider upgrading to the latest 3.30(BDS.7) »ftp://ftp.zyxel.com/ZyWALL_USG ··· irmware/

Kmoore251
@cox.net

Kmoore251

Anon

I'm sorry, I didn't get a notification that you had posted and I just saw this. I was home sick today, anyway. The walk-through provided by Zyxel said to set up something in IPSec and L2TP so I did both. If I go in tomorrow, I'll look and see if I can see the active tunnel. Where do I look at that?

Thank you so much for your help and patience

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Is this a router-to-router VPN or PC-to-router VPN?

Kmoore251
@cox.net

Kmoore251

Anon

PC to router

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

What is the OS on the PC?

Kmoore251
@cox.net

Kmoore251

Anon

Windows 8.1.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

Is your VPN configured correctly? Try re-tracing using these steps:
»L2TP VPN on USG - quick how-to
»L2TP VPN on USG - quick how-to (Win7 updated)

kmoore251
@cox.net

kmoore251

Anon

Yes, it appears to be. I can see that I am connected when I look in the monitor section of the router's admin panel, but I still can't get to the networked machines.
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

Both IPSec and L2TP is connected?

Then I would check policy/routing/firewall rules. One way to debug is to create firewall rules for ping and set them to log, then you will see when packet crosses zones.

KMoore251
@cox.net

KMoore251

Anon

I'm not sure how to tell if both IPSec and L2TP are connected. When I looked in the monitor while my PC showed to be connected to the VPN, I could see me. When I disconnected from the VPN on my PC, I could not.

The second part...is a bit over my head. I have the firewall rules as outlined in Brano's post, though, if that matters.
JPedroT
Premium Member
join:2005-02-18

JPedroT to kmoore251

Premium Member

to kmoore251
Under Monitor there is an option to view all current IPSec connections and an option to view all L2TP connections.

When its working fine, you should see a connection under both menus. I have noticed that when I try to connect with my Android phone, only IPSec has a listing, while its blank under L2TP. I do not know why, but my android is not able to connect over L2TP after finishing the IPSec setup.
In the hotel I am, depending on where I am physically, I can get a setup working or just the IPSec connection working, just like the Android. If I am in my room everything works, while in the lobby/restaurant it does not work. Even though its the same SSID, ie should be the same NAT GW etc.

So you might be experiencing what I am experiencing in this hotel.
JPedroT

1 edit

JPedroT

Premium Member

Would also be interesting if you could do a pathping from you PC to the ZyWALL WAN IP address, this just to find the MTU in the path between your PC and ZyWALL.

I found ithe ssue of my inability to connect to the ZyWALL was due to the fact that one AP connection had a to low MTU.

One AP supported a ping size of 1480 bytes and the other only supported 1457.

I tested it from my Mac using this ping command, not sure windows ping support the same switches.

ping -g 1444 -G 1508 -c 2 -h 1 -D ZyWALL_IP_Address

Pathping on windows should figure out the MTU, in its own way.

My hotel woes was fixed by enabled ignore fragmentation, an option I do not like, but it atleast made thing work. Then again I assume certificate based vpn connections will break, but since I use PSK for now, its not a pressing issue for me.

Kmoore251
@mycingular.net

Kmoore251 to JPedroT

Anon

to JPedroT
I do see my connection under both areas, I just logged in and looked.
JPedroT
Premium Member
join:2005-02-18

JPedroT

Premium Member

If you still can not ping, then you need to look at your firewall setup.
Did you try to do a pathping to the wan ip of the zywall, without the vpn connected?