This article will show you how to create a L2TP tunnel to your Nebula firewall / gateway (USG FLEX, ATP), via your mobile phone, or PC/computer. How to configure the VPN users, NCC and your clients (Windows, MacOS, Linux Ubuntu, iPhone iOS and how to test the results.
Table of Content
1) Configure L2TP on Nebula Cloud Center
1.1 Enable and Configure Remote VPN
1.2 Configure Cloud Authentication Users
2) Configure L2TP on Windows 10
3) Configure L2TP on MacOS
4) Configure L2TP on Linux Ubuntu
5) Configure L2TP on iPhone iOS
6) Test the Result
6.1 On Windows 10
6.2 On MAC OS
6.3 On Linux Ubuntu
6.4 On iPhone
6.5 On Android
In Figure1, there are multiple clients that want to access the server that is behind Firewall. To do that, the clients establish the L2TP over IPSec VPN tunnel to Firewall.
Figure 1 L2TP over IPSec VPN
1) Configure L2TP on Nebula Cloud Center
1.1 Enable and Configure Remote VPN
Go to
"Firewall > Configure > Remote access VPN"
and configure the parameters.
Client VPN server: L2TP over IPSec client
Client VPN subnet: 192.168.100.0/24
DNS name servers: Use "Specify nameserver..." and select Google DNS and/or the LAN gateway address of the primary LAN subnet of the firewall
WINS: No WINS servers
Secret: <Pre-shared key>
Authentication: Nebula Cloud Authentication
Then click save.
1.2 Configure Cloud Authentication Users
Go to
Organization-wide > Configure > Cloud authentication
select Account type “VPN User” and create(add) user.
Add the email address, username, select a password and allow the user to login to the VPN via "VPN Access". Don't forget to authorize the user to the organization or the site and I prefer to be able to login via the username or the email.
Note: If you only want this account to access a specific site via L2TP, you may select Specified sites in the Authorized section.
- Click Save and make sure firewall's configuration status is up to date.
2) Configure L2TP on Windows 10
- Create a VPN profile.
"Settings > Network & Internet > VPN > Add a VPN connection"
- Configure the required information and click Save.
3) Configure L2TP on MacOS
- Create a VPN profile.
"System Preferences > Network"
- Configure required information including firewall’s public IP and account name. Click Authentication Settings to set up passwords and a shared secret(Pre-shared key)
- Click Advanced and check “Send all traffic over VPN connection”
If you're having problems with the routing of the VPN traffic, you can also set the IP, subnet mask and gateway to static under "TCP/IP:
4) Configure L2TP on Linux Ubuntu
- Create a VPN connection.
"Settings > Network > VPN" and choose L2TP
- Configure required information including firewall’s public IP, account name and password.
-
Configure the Pre-shared key.
Also, “3des-sha1-modp1024” for Phase 1 and “3des-sha1” for Phase 2
5) Configure L2TP on iPhone iOS
- Create VPN connection.
- Create a VPN connection.
- Click connect.
6) Test the Result
6.1 On Windows 10
Ping the server
On firewall,
"Firewall > Monitor > VPN connection".
6.2 On MAC OS
Ping the server
On Firewall, "Firewall > Monitor > VPN connection".
6.3 On Linux Ubuntu
Open terminal and use “ifconfig” commands
Ping the server
On Firewall, "Firewall > Monitor > VPN connection".
6.4 On iPhone
Ping the server
On Firewall, "Security gateway > Monitor > VPN connection".
6.5 On Android
Ping the server
On Firewall,
"Firewall > Monitor > VPN connection".
Comments
0 comments
Please sign in to leave a comment.