This article shows how to configure L2TP VPN on your Windows PC, MacOS X computer, and iPhone iOS built-in client using USG FLEX / ATP / VPN Series. This show where to navigate and enter VPN type, sign-in info, and pre-shared key, how to use full tunnel mode.
Note:
If you wish to connect to an L2TP Gateway located behind NAT, Windows users are required to enable a specific registry key. You need to import this registry key into your Windows client and then reboot your PC. This necessity arises from the default settings in Windows.
Microsoft's official documentation, which applies to Windows 10 and Windows 7 as well: Microsoft L2TP/IPsec Server Configuration Guide
Table of Content
1. Configure L2TP on Windows 10
1.1 Navigate to Network & internet -> Add VPN connection
1.2 Insert parameters into the VPN configuration (Connection)
1.3 Configure MS-CHAPv2 & pre-shared key under Properties
1.4 Connect to the L2TP VPN tunnel
1.5 When the L2TP behind NAT on a Windows Client
2) Configure L2TP on MacOS X
2.1 Navigate to Mac Network Settings
2.2 Configure your L2TP connection
2.3 Configure Full tunnel mode (Optional)
2.4 Connect to the L2TP VPN Connection
3) Configure L2TP on iPhone iOS
3.1 Navigate to the VPN settings on your iPhone
3.2 Insert the L2TP information
3.3 Activate the VPN
4) If something goes wrong
Note! To configure L2TP on your USG, please check this article:
How to use the VPN Setup Wizard to create a L2TP VPN on USG/ATP/VPN
1. Configure L2TP on Windows 10
VPN connections enable access to far-away sites. However, using L2TP over IPSec, you can grant even mobile access to your sites, using standardized built-in clients on phones as well as on windows-built in clients. This Step-by-Step guide (including video) will show you what to do in order to grant a smooth connection to your remote site and your windows built-in client!
This section explains how to setup L2TP VPN to your USG using the setup wizard and a Windows 10 client.
Use this video to look how to configure and connect to your L2TP VPN:
1.1 Navigate to Network & internet -> Add VPN connection
To configure L2TP VPN in Windows 10 operating system, go to Start > Settings > Network & Internet > VPN > Add a VPN Connection and configure as follows.
1.2 Insert parameters into the VPN configuration (Connection)
- For the option VPN Provider, set it to Windows (built-in).
- Configure Connection name for you to identify the VPN configuration.
- Set Server name or address to the firewalls WAN IP address
- Select VPN type to Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec).
- Enter User name and Password which the same as Allowed User created on your firewall.
1.3 Configure MS-CHAPv2 & pre-shared key under Properties
Go to Control Panel > Network and Internet > Network Connections and right click Properties.
Set the type to Layer 2 Tunneling Protocol with IPSec (L2TP/IPsec)
For protocols you choose MS-CHAPv2. If the connection does not work you might also try to use PAP instead.
Continue to Security > Advanced settings and select Use pre-shared key for authentication.
1.4 Connect to the L2TP VPN tunnel
Navigate to Network & Internet Settings window and click Connect.
1.5 When the L2TP behind NAT on a Windows Client
If you would like to connect to an L2TP Gateway, that is behind NAT, it is required for Windows Users to enable a special registry key. First, you have to import the registry key to the windows client and reboot your pc. This is due to Windows default programming.
You can find an explanation by Microsoft here (please note that this also complies to Windows 10 / 7)
2) Configure L2TP on MacOS X
This section describes how to create a L2TP over IPSec connection on a computer running MAC OS X to connect to a hardware ZyWALL USG series gateway? Setting up an L2TP over IPSec connection on ZyWALL USG series hardware gateways is described in the article:
USG/ATP/VPN - L2TP over IPSec VPN Configuration Handbook (On-Premise mode)
2.1 Navigate to Mac Network Settings
To create a L2TP over IPSec VPN tunnel on Mac OS X computers, click on the Apple icon in the upper left corner of the screen, and then on System Preferences.
In System Preferences,click on the Network icon. When the network settings window appears, click on the+icon in the lower left corner of the screen (you must have administrator rights).
A new window will appear. In theInterfacefield, in the drop-down list, select theVPNvalue. In theVPN Typefield, select theL2TP over IPSecvalue from the drop-down list.
In theService Namefield you can enter the name of the connection (for example, USG or L2TP). Then click theCreatebutton to create a new VPN connection.
2.2 Configure your L2TP connection
Now you can see the settings for the new VPN connection. In the Server Address field, enter the domain name (FQDN) or IP address of the ZyWALL USG hardware gateway with which the L2TP over IPSec connection will be established. In the Account Name field, enter the name of the account with L2TP connection rights (you must first create an account in the ZyWALL USG).
Now click on the Authentication Settings button. In the window that appears, in the User Authentication section, in the Password field, enter the password for an account with L2TP connection rights.
In the Machine Authentication section, specify Shared Secret and enter the key. Next, click OK and then click Apply.
2.3 Configure Full tunnel mode (Optional)
Now click the Advanced button and be sure to check the box Send all traffic over VPN connection.
By default, this option is disabled, and if it is not enabled, then even after successfully establishing an L2TP over IPSec connection, the traffic between the ZyWALL USG and the Mac OS X computer will not go through the VPN tunnel.
Attention! When you turn on the tick in the Send all traffic over VPN connection field, all network traffic, including traffic to the Internet, will be routed (routed) to the VPN connection. If you need a client connected to the ZyWALL USG hardware security gateway using the L2TP over IPSec tunnel to connect to the Internet through it, configure the ZyWALL USG under article: KB-2741.
Then click the OK button and then click the Apply button again.
2.4 Connect to the L2TP VPN Connection
The settings for creating an L2TP over IPSec connection have been made. Now you can make a VPN connection. Click the Connect button.
After clicking on the Connect button, the L2TP over IPSec VPN tunnel will be installed with the ZyWALL USG.
If the connection is successful, the Status line will display the value Connected.
KB-00010
3) Configure L2TP on iPhone iOS
This section will show how to successfully configure an L2TP VPN connection with your iPhone device. Follow the steps below to set up the L2TP VPN option on your iOS device for VPN connection to a ZyWALL (ZLD) series firewall.
Table of Content
1. Navigate to the VPN settings on your iPhone
2. Insert the L2TP information
3. Activate the VPN
4. If something goes wrong
3.1 Navigate to the VPN settings on your iPhone
3.1.1 On your iOS device click on the "Settings" button.
3.1.2 In the Settings menu select General → VPN.
3.1.2 Click on the "Add VPN Connection…" option to insert the L2TP rule.
3.2 Insert the L2TP information
Select L2TP as the option and enter the information based on what you've configured on the ZyWALL L2TP VPN.
3.3 Activate the VPN
Once the L2TP setup is saved you will be able to connect the tunnel by clicking on the greyed-out button that will turn green.
4) If something goes wrong
Please check these articles out:
How to let L2TP clients surf via USG
L2TP/IPSec VPN Connection Issue - Things to consider
Can L2TP and the VPN IPSec client be used on the same machine?