VPN Guideline - Choosing the right VPN-type for your Home-Office (+Useful Links & Tutorials)
Zyxel Employee
Need VPN? We got your back covered!
The demand for remote access VPN is growing more and more, and Home-Office setups are becoming more relevant to all IT-based employees - this trend becomes obvious especially in times where travel and public life is restricted (e.g. in the 2019/2020 CoViD-19-pandemic).
To cover this demand and to give you insight on what scenario to setup and how to do so, we from Zyxel want to be one step ahead of the curve and offer you an comprehensive guideline to help you find the right VPN setup as well as hint you toward useful knowledgebase-articles to get your VPN setup up and running as quickly and as efficient as possible.
Table of Contents
- Choosing the right VPN for your Roadwarrior / Home-Office setup
- SSL VPN
- L2TP over IPSec VPN
- IPSec VPN
- Resources & Downloads
Choosing the right VPN for your Roadwarrior / Home-Office setup
When it comes to work from home scenario, how to ensure secured access is a challenge to all companies? The de-facto technology is VPN, which is commonly used for secure remote access helping IT achieve productivity and security.
Different VPN technologies are implemented in different scenarios now days, here it is the most popular VPN technologies with its best practice. Users can refer to those scenarios and make the decision about what kind of VPN solution to choose:
- If you are using a Windows PC or laptop, the IPSec VPN solution can be the choice
IPSec VPN via the ZyWall IPSec VPN Client offers the most sophisticated setup in terms of security settings (it requires a paid license for Windows machines)
- If you tend to use Mac OS, the SSL VPN solution is a proper and easy to use solution to implement.
SSL VPN is more flexible than the others due to using the standard SSL/HTTPS Port (avoiding potentially blocked ports by local internet service provider)
- IF you are using mobile devices running iOS or Android, you can consider to deploy L2TP over IPSec VPN to build up the VPN tunnel .
L2TP over IPSec VPN doesn’t need users to install any additional APPs on their mobile devices and can fulfill the basic security connection requirement.
You may have already received guidelines/instructions from your employer or client, which VPN type is to be used or established. The guidelines below shall help you in finding the setting up the right product for your needs and help you with upcoming challenges!
Let's use this opportunity to make your home-office-setup a true success story!
SSL VPN (via SecuExtender software client)
SSL VPN is a VPN setup which uses the SecuExtender software. It's major benefit is that it runs via SSL / HTTPS, so its first of all very secure. Another benefit is, that the standard HTTPS port rarely is blocked in any kind of setup, because this is the port used for normal VPN, meaning that it is very flexible in avoiding blocked ports. It's capability to be combined with an Active Directory user-database makes it a staple in the VPN setups.
· If you have problems getting your client licenses to run on your USG, check these · articles:
· ●Activating and linking licenses to your Zyxel Device (e.g. linking SSL VPN license client license · to USG)
· ●How to setup DNS on a USG (In case "Service License Refresh" on Zyxel Firewall is not · properly working)
· ●I cannot link my SSL client license on my ZyWall USG on myZyxel!
· ●SecuExtender for MacOS Catalina version 10.15
· If you have problems with setting up SSL VPN, please have a look at these articles:
· ●How to create an SSL VPN Tunnel (via SecuExtender software)
· ●USG Series - Authenticate SSL VPN clients with Microsoft Active Directory
· ●SecuExtender is not working with my ZyWall USG - Why is this?
· ●Virtual Lab - End-to-Site VPN (SSL)
· If you have setup SSL VPN, but encountering issues, take a look at these articles:
· ●SecuExtender SSL VPN Client is disconnecting right after connection! What to do?
· ●Can´t connect SSL VPN (Firewall misconfiguration)
· ●Windows XP and SecuExtender SSL VPN not working
· ●The most common reasons may caused SSL VPN issues
· Useful tips from forum:
· ●No access to email server while on SSL VPN
· ●SSL VPN built, How to turn OFF the Login Screen available via WAN IP?
· ●VPN without open HTTPS port
· ●Problem assigning ip of a VPN pool
L2TP over IPSec VPN
L2TP VPN at its core is quite an old standard, but still remains a legit option for big VPN setups these days. Using a technology which combines L2TP over the newer IPSec VPN standard, it is ultra-flexible platform wise, since all common platforms offer integrated L2TP-client software/drivers. Also, L2TP over IPSec VPN can be easily linked to an Active Directory, which makes it especially useful for big company setups.
· Setups & Basic Tutorials:
· ● L2TP-configuration on a USG-Firewall using the Windows built-in client
· ● Creating an L2TP over IPSec connection on a computer with MAC OS X
· ● L2TP on Linux (Ubuntu) setup
· ● Creating a L2TP over IPSec VPN-Tunnel on your Nebula-Security Gateway (NSG)
· ● How to use the VPN Setup Wizard to create a L2TP VPN on the ZyWALL/USG
· ● Virtual Lab - End-to-Site VPN (L2TP)
· More sophisticated/special scenarios:
· ● How to configure L2TP behind NAT
· ● How to Import ZyWALL/USG Certificate for L2TP over IPsec in Windows 10
· ● L2TP behind NAT on a Windows client
· ● How to let L2TP clients surf via USG
· Debugging/Analyzing setup issues:
· ●L2TP/IPSec VPN Connection Issue - Things to consider
· ●Can L2TP and the VPN IPSec client be used on the same machine?
· ●Typical error messages for IPsec VPNs
· Useful tips from forum:
· ●How to set up an additional internal VPN connection with an USG60?
· ●No Internet after L2TP behind NAT Configuration
· ●The L2TP connection attempt failed
· ●USG60 problem forwarding traffic to branch site server after client established VPN tunnel
IPSec VPN
IPSec VPN is the old standard when it comes to flexibility in encryption of the VPN Tunnel - at least when using proper client software. IPSec VPN using the ZyWall IPSec VPN Client is very flexible in setting up encryption algorithms and can provide the perfect compromise between payload and security that you need for your network. Unlike L2TP over IPSec VPN, IPSec VPN by default does not push all client traffic through the VPN tunnel, which is great if you seek to access business-related resources, but do not want to load your VPN Tunnel with the client related traffic toward the internet.
· Setups & Basic Tutorials:
· ● VPN Client-To-Site Setup on USG/ZyWall Devices
· ● Next-Gen USG IKEv2 VPN (Client-to-Site)
· ● How to setup IKEv2 VPN Tunnel with Zyxel IPSec VPN Client
· More sophisticated/special scenarios:
· ● VPN Configuration Provisioning on a USG-Firewall
· ● IPSec Client - All Traffic into VPN
· Debugging/Analyzing setup issues:
· ● L2TP/IPSec VPN Connection Issue - Things to consider
· ● Can L2TP and the VPN IPSec client be used on the same machine?
· ● Typical error messages for IPsec VPNs
· ● Description of IPsec VPN Client Error Codes after Software Activation
Resources & Downloads
SecuExtender SSL VPN software download
ZyWall IPSec VPN Client download
For further information, please check our VPN solutions page: https://www.zyxel.com/products_services/VPN-Client-Software-SecuExtender-Software/
If you have any questions/problems regarding to home VPN connection, you are welcome to leave your posts in this category and we are glad to help on you.
Categories
- All Categories
- 388 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 330 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 875 Nebula FAQ
- 414 Security FAQ
- 220 Switch FAQ
- 193 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 61 Security Highlight
