I'm stumped how to setup up my ZyXel home router for VPN endpoint

Discussion in 'Routers' started by Miner, Jun 16, 2009.

  1. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    I have an ZyXel P-334 wired router. It's a SOHO device, and the product marketing description says it is VPN endpoint capable.

    However, as I look in the users' guide, I cannot figure out what to do to enable those features. I've got a name setup at DynDNS.org, and have the P-334 configured to pass the router's WAN ip address to DynDNS. But after that I'm stuck.

    What I hope to do is use Windows XP's VPN client when I travel away from home, say in a hotel, start up the XP VPN client, connect to the home router, and have all my internet activity routed from my laptop > P-334 router > pubic internet. I'm not interested in accessing any home computer or servers or printers, (maybe later, but not right now). I read on frequent traveler websites people do this a lot, and I'm trying it.

    ZyXel's P-334 Product page, and User's Guide, in case anyone can get me pointed in the right direction.
     
  2. Log in / Register to remove this ad

  3. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    9,697
  4. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    Thanks. I realize this is vague, so some specific questions on the configuration in the router.

    There are only 2 or 3 mentions of “endpoint “ in the documentation, and all are in the context of “NAT routers between the IPSec endpoints”, ie., not what I want to try. It appears they assume you know the right combination of rules and configuration settings to make this work.

    1. I want to use ESP protocol as opposed to AH Protocol, correct?

    2. I want Encapsulation mode set to Tunnel or Transport?

    3. There is a statement “if the VPN tunnel terminates at the P-334’s LAN IP Address, then configure this…” and “If the if the VPN tunnel terminates at the P-334’s WAN IP Address, then…”.

    Which one applies here? For the simple case away from home > VPN to router > internet browsing it terminates on the WAN ip address? If I also want to print to a home printer, (or later access resources on the home network), I presume it terminates on the LAN ip address.

    4. Do I need to do set anything for any of the following fields (I was going to attach an image from my computer, but can't):

    Local Address/Local Port Start
    Local Port End
    Remote Address Start
    Remote Address End/Mask
    Remote Port Start
    Remote Port End

    I think no, but it's not clear.

    5. And finally, I don't see where to set anything to have the router give the XP VPN client an IP address after they make a successful connection. I do have to set something for this, right? Or does the router provide the XP client an IP address from it's DHCP function used for the WAN IP address range?
     
  5. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    9,697
    Setting up an IPsec VPN tunnel can be very frustrating. Even moreso if you don't have a matching IPsec client. I really suggest you get an IPsec client, preferably the Zyxel one since you are more likely to get support that way.

    This Zyxel KB article might provide some clues on setup.

    Have you tried contacting Zyxel support to ask if they have any IPsec tunnel setup examples?
     
  6. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    That ZyXel client is $65 for one copy. Yikes. It's geared towards corporate & small business sales. I'm gonna invest some brain power and elbow grease first. I read about other people doing what I want without having to resort to buying an individual client.

    That is a good idea to ask ZyXel support for setup examples.

    The terminology and wording is part of my problem here. Is 'IPsec tunnel setup' the equivalent words for 'endpoint'? ZyXel 's manual has a section on 'TeleCommuters sharing one VPN rule', and I'll start looking over this again. And so I think these three descriptions might all be more or less the same.
     
  7. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    9,697
    Suit yourself on buying the IPsec client.

    A VPN endpoint is where the tunnel originates or terminates. In your case, one endpoint would be the P-334 and the other the PC running the IPsec client.
     
  8. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    Thanks for the assist above. I e-mailed ZyXel support to ask for an example.

    BTW, on the 1st page in the link in your post above, it says "... but many other inexpensive VPN endpoint routers have tunnel throughput in the 400 - 800kbps range vs. the BEFSX41's 2.5Mbps - a limitation you'd definitely notice."

    How would I find out if this is a limitation in the P-334?
     
  9. claykin

    claykin Very Senior Member

    Joined:
    Sep 25, 2008
    Messages:
    998
    No better way than to test for yourself. The Zyxel VPN client is an OEM version of The Greenbow VPN client.

    Visit www.thegreenbow.com and download the 30 day trial version. Greenbow also has setup guides to help you get it going. They've got a few Zyxel boxes listed and if you poke around you'll likely find one that has a similar interface to the P-334.

    If you want to purchase The greenbow VPN you can save a few $ by purchasing from one of their resellers. Click here: http://www.shopunitednetworks.com/

    P.S. I've been using Greenbow VPN for years and it works well. No complaints here!
     
  10. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    Gents, thanks for the suggestions. I think I'm giving up on this exercise of using the built in Windows client with the Zyxel router I have.

    If I understand it correctly, the router requires both itself and the client to have static IP addresses.

    I can handle the router not having one (ie., looking it up manually via DYNdns when I'm away from home), but I no-can-do with the PC client needing a static address. How would I ever know I address I'm going to get when I use a coffeeshop or hotel's wireless.
     
  11. ted

    ted New Around Here

    Joined:
    Jul 16, 2009
    Messages:
    2
  12. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
  13. Dennis Wood

    Dennis Wood Senior Member

    Joined:
    Aug 15, 2008
    Messages:
    392
    The Shrew client does not require a static IP address. We have two different endpoint routers/locations, and only one with a static IP. I use the dyndns address for both so I don't have to remember the IP address for client configurations. If your router supports dyndns (as it does) you should be ok.

    Shrew is allowing free use of the client, and has a lot of support documentation posted, something I've yet to see for this type of software. Big props to Shrew Soft Inc.
     
    Last edited: Oct 18, 2009
  14. Miner

    Miner Occasional Visitor

    Joined:
    Jul 5, 2008
    Messages:
    21
    ^ Thanks for those links. I'll give it a try.
     
  15. Dennis Wood

    Dennis Wood Senior Member

    Joined:
    Aug 15, 2008
    Messages:
    392
    Shrew is a bit complicated when you first look at it but we've had great success with using it on two different routers now. It is the most featured VPN client I've every worked with.

    Cheers,
    Dennis.
     

Share This Page