How to Configure SSL VPN Connection on Zyxel USG FLEX H Series (with OpenVPN Connect)

Created - Updated
Serhii Boiarynov
Idea generator
Great answers
Master (Platinum)
Print Friendly and PDF
Have more questions? Submit a request

This article describes how to set up an SSL VPN remote access using the OpenVPN Connect client on Zyxel USG FLEX H series firewalls, and clarifies a common issue that can prevent the SSL VPN connection from establishing.

sssa.png

Configure SSL VPN on the Firewall

  1. Log in to the USG FLEX H Web GUI.
  2. Navigate to: VPN → SSL VPN
  3. Configure the SSL VPN settings:
    • Incoming Interface: WAN (or the interface used for remote access)
    • Server Port: Default 10443
    • Client IP Pool: Define an IP range for VPN clients
    • Authentication: Assign users or user groups
  4. Save the configuration.

Note: If the firewall is managed by Nebula and does not have a static public IP address, it is recommended to use Nebula Assigned Domain Name. This ensures the VPN server remains reachable even if the WAN IP address changes.

For more details, refer to: Nebula Assigned Domain Name

Allow SSL VPN Port in WAN-to-Device Policy (Mandatory)

SSL VPN traffic is blocked by default unless the service port is explicitly allowed.

Verify or Create SSL VPN Service Object

Go to: Object → Service

Create or verify a service object:

  • Protocol: TCP
  • Port: 10443 (or the configured SSL VPN port)
  • Add the SSL VPN service object to the service group Default_Allow_WAN_To_AyWALL.
  • Add Service to WAN → Device Policy - The SSL VPN service port was successfully added to the service port group.

Download and Verify OpenVPN Configuration File (.ovpn)

After all settings have been applied, the configuration file can be downloaded. It is important to note that the configuration should be downloaded only after all changes have been completed and applied.

Additionally, keep in mind that if you modify any VPN settings, you must re-upload the configuration and reapply it on the client device. Only then will the changes take effect on the client side.

 

Download and Verify OpenVPN Configuration File (.ovpn)

SSL VPN status.png
Open the OpenVPN Connect client on your PC and upload the .OVPN file. Type the username and password, then click "CONNECT" to wait for the SSL VPN connection to be established successfully. Once it's done, the status will show CONNECTED.

Open SSL VPN client_1.png

 

 

 

How to verify the result?

If you navigate to the USG Flex H GUI path: VPN Status > SSL VPN > Remote Access VPN, you will find that the SSL VPN connection has been established.

SSL VPN status.png

 

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.