This is an example of using the L2TP VPN and VPN client software included in Windows 10 operating systems. When the VPN tunnel is configured, users can securely access the network behind the ZyWALL/USG and allow traffic from L2TP clients to go to the Internet from a Windows 10 computer.
1. Set Up the L2TP VPN Tunnel
Setup a basic L2TP Over IPSec tunnel following the preferred method as shown in this handbook:
Once configured, modify this VPN to make use of a certificate instead of Pre-shared key. Go to
CONFIGURATION > VPN > VPN Gateway
Change the Authentication method to be Certificate and select the certificate from the Firewall device to identify itself to the Window 10 computer.
2. Export a Certificate and Import it to Windows 10 Operating System
Go to the page
CONFIGURATION > Object > Certificate
Select the certificate (default in this example) and click Edit.
Export the default certificate from the Firewall device clicking on "Export Certificate with Private Key" (zyx123 in this example)
In your Windows 10 device, Save the default certificate as *.p12 file. Then go to Start Menu > Search Box. Type mmc and press Enter.
In the mmc console window, click File > Add/Remove Snap-in...
In the Available snap-ins, select Certificates click Add. Then, click Finished.
Press OK to close the Snap-ins window.
In the mmc console window, go to Certificates (Local Computer) > Trusted Root Certification Authorities, right click Certificate > All Tasks > Import…
Click Browse..., and locate the .p12 file you downloaded earlier. Then, click Next.
Type zyx123 in the Password field and click Next.
Select Place all certificates in the following store and then click Browse and find Trusted Root Certification Authorities. Click Next, then click Finish.
Each Firewall device has its own self-signed certificate by factory default. When you reset to default configuration file, the original self-signed certificate is erased, and a new self-signed certificate will be created when the Firewall boots the next time.
3. Setup the Tunnel on Windows 10
To configure L2TP VPN in Windows 10 operating system, go to Start > Settings > Network & Internet > VPN > Add a VPN Connection and configure as follows.
- VPN Provider set to Windows (built-in).
- Configure Connection name for you to identify the VPN configuration.
- Set Server name or address to be the Firewall’s WAN IP address
- Select VPN type to Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec).
- Enter User name and Password which the same as Allowed User created in the Firewall
Go to Control Panel > Network and Internet > Network Connections and right click Properties. Continue to Security > Advanced settings and select Use Certificate for authentication.
Click OK and the settings should be now saved.
4. Test the Result
On the Windows 10 device, go to Network & Internet Settings window, click Connect.
On the Firewall device, go to the page:
CONFIGURATION > VPN > IPSec VPN > VPN Connection
The Status connect icon is lit when the interface is connected.
Go to page the following page and verify the tunnel Up Time and the Inbound(Bytes) / Outbound(Bytes) traffic. Click Connectivity Check to verify the result of ICMP Connectivity.
MONITOR > VPN Monitor > IPSec
Go to page the following page and verify the Current L2TP Session.
MONITOR > VPN Monitor > L2TP over IPSec
Go to Window 10 operating system Start > Settings > Network & Internet > VPN and show Connected status.