What's new

I'm stumped how to setup up my ZyXel home router for VPN endpoint

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Miner

Regular Contributor
I have an ZyXel P-334 wired router. It's a SOHO device, and the product marketing description says it is VPN endpoint capable.

However, as I look in the users' guide, I cannot figure out what to do to enable those features. I've got a name setup at DynDNS.org, and have the P-334 configured to pass the router's WAN ip address to DynDNS. But after that I'm stuck.

What I hope to do is use Windows XP's VPN client when I travel away from home, say in a hotel, start up the XP VPN client, connect to the home router, and have all my internet activity routed from my laptop > P-334 router > pubic internet. I'm not interested in accessing any home computer or servers or printers, (maybe later, but not right now). I read on frequent traveler websites people do this a lot, and I'm trying it.

ZyXel's P-334 Product page, and User's Guide, in case anyone can get me pointed in the right direction.
 
Thanks. I realize this is vague, so some specific questions on the configuration in the router.

There are only 2 or 3 mentions of “endpoint “ in the documentation, and all are in the context of “NAT routers between the IPSec endpoints”, ie., not what I want to try. It appears they assume you know the right combination of rules and configuration settings to make this work.

1. I want to use ESP protocol as opposed to AH Protocol, correct?

2. I want Encapsulation mode set to Tunnel or Transport?

3. There is a statement “if the VPN tunnel terminates at the P-334’s LAN IP Address, then configure this…” and “If the if the VPN tunnel terminates at the P-334’s WAN IP Address, then…”.

Which one applies here? For the simple case away from home > VPN to router > internet browsing it terminates on the WAN ip address? If I also want to print to a home printer, (or later access resources on the home network), I presume it terminates on the LAN ip address.

4. Do I need to do set anything for any of the following fields (I was going to attach an image from my computer, but can't):

Local Address/Local Port Start
Local Port End
Remote Address Start
Remote Address End/Mask
Remote Port Start
Remote Port End

I think no, but it's not clear.

5. And finally, I don't see where to set anything to have the router give the XP VPN client an IP address after they make a successful connection. I do have to set something for this, right? Or does the router provide the XP client an IP address from it's DHCP function used for the WAN IP address range?
 
Setting up an IPsec VPN tunnel can be very frustrating. Even moreso if you don't have a matching IPsec client. I really suggest you get an IPsec client, preferably the Zyxel one since you are more likely to get support that way.

This Zyxel KB article might provide some clues on setup.

Have you tried contacting Zyxel support to ask if they have any IPsec tunnel setup examples?
 
That ZyXel client is $65 for one copy. Yikes. It's geared towards corporate & small business sales. I'm gonna invest some brain power and elbow grease first. I read about other people doing what I want without having to resort to buying an individual client.

That is a good idea to ask ZyXel support for setup examples.

The terminology and wording is part of my problem here. Is 'IPsec tunnel setup' the equivalent words for 'endpoint'? ZyXel 's manual has a section on 'TeleCommuters sharing one VPN rule', and I'll start looking over this again. And so I think these three descriptions might all be more or less the same.
 
Suit yourself on buying the IPsec client.

A VPN endpoint is where the tunnel originates or terminates. In your case, one endpoint would be the P-334 and the other the PC running the IPsec client.
 
Thanks for the assist above. I e-mailed ZyXel support to ask for an example.

BTW, on the 1st page in the link in your post above, it says "... but many other inexpensive VPN endpoint routers have tunnel throughput in the 400 - 800kbps range vs. the BEFSX41's 2.5Mbps - a limitation you'd definitely notice."

How would I find out if this is a limitation in the P-334?
 
No better way than to test for yourself. The Zyxel VPN client is an OEM version of The Greenbow VPN client.

Visit www.thegreenbow.com and download the 30 day trial version. Greenbow also has setup guides to help you get it going. They've got a few Zyxel boxes listed and if you poke around you'll likely find one that has a similar interface to the P-334.

If you want to purchase The greenbow VPN you can save a few $ by purchasing from one of their resellers. Click here: http://www.shopunitednetworks.com/

P.S. I've been using Greenbow VPN for years and it works well. No complaints here!
 
Gents, thanks for the suggestions. I think I'm giving up on this exercise of using the built in Windows client with the Zyxel router I have.

If I understand it correctly, the router requires both itself and the client to have static IP addresses.

I can handle the router not having one (ie., looking it up manually via DYNdns when I'm away from home), but I no-can-do with the PC client needing a static address. How would I ever know I address I'm going to get when I use a coffeeshop or hotel's wireless.
 
The Shrew client does not require a static IP address. We have two different endpoint routers/locations, and only one with a static IP. I use the dyndns address for both so I don't have to remember the IP address for client configurations. If your router supports dyndns (as it does) you should be ok.

Shrew is allowing free use of the client, and has a lot of support documentation posted, something I've yet to see for this type of software. Big props to Shrew Soft Inc.
 
Last edited:
Shrew is a bit complicated when you first look at it but we've had great success with using it on two different routers now. It is the most featured VPN client I've every worked with.

Cheers,
Dennis.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top