USG 60 L2TP IPsec VPN not working from local LAN2

Hey guys,

Recently users asked my if they can connect to our VPN from our company WIFI.
The company LAN (LAN1) and the company WIFI (LAN2) are both connected to our usg60 which handles all traffic to and from the internet. VPN L2TP IPsec is already set up and working via the WAN port of the usg60 and lands inside of LAN1 in a new subnet. A few details:

WAN: <WAN IP> (Landing IP for VPN connections)
LAN1: 10.0.0.X + 10.0.1.X (for VPN clients)
LAN2: 192.168.2.X

I tried working out how to enable users to connect to the VPN from our LAN2 as well, but am stuck. When clients try to connect via normal VPN settings, they run into an error 789 on both Win7 and Win10. Now I found this thread: but it's not really the same as there isn't any NAT between LAN2 and WAN, but there is between LAN2 and LAN1 of course. I also checked the policies and didn't find anything that looked like it would prevent traffic from LAN2 to WAN.

What am I missing here? How can users connect to VPN from another internal LAN?


  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @Stephan,
    Can you post your network topology with IP subnet and VPN client where you connected from?

  • stephanstephan Member Posts: 9
    edited June 19, 2018 3:23PM

    Here our topology.

    We can connect to VPN if the connection originates from the internet. We also want to connect to VPN when connected to one of the Wifis. The VLANs are handled on our Netgear switches if that makes any difference. Wifi clients get a successfull resolution from to the WAN public IP. Though on connecting from Wifi to VPN, Windows 7/10 does time out with the above mentioned error 789.

    Let me know if you need more details.
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @stephan,
    It does not support VPN connection from internal interface at V4.31. we will support multi-interface for l2tp over IPSec VPN at V4.32.
  • stephanstephan Member Posts: 9
    edited June 20, 2018 1:51PM
    Thanks for that! Tough to find out with just the user manual.

    @Zyxel_Cooldia would the USG 100 or the USG 310 support L2TP IPSec over internal intefaces? Will V4.32 be released for the USG 60? Do you have a rough estimate on when V4.32 will be released?
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @stephan,
    USG310 and USG60 are in V4.32 release plan, the schedule might be around end of July.
  • stephanstephan Member Posts: 9
    edited June 20, 2018 3:14PM
    @Zyxel_Cooldia Thank you again for you swift reply! We will wait for the next FW upgrade and then try to solve this issue this way :)

    Can I mark this as solved anywhere?
Sign In to comment.