Experimental, use with care

Go to the ZyXel USG interface and add a VPN Gateway. (Configuration > VPN > IPSec VPN > VPN Gateway > Add).

Enter the name of the VPN Gateway (Privatise for example).

Choose the outgoing interface in “My Address” (i.e. WAN1 or your WAN Interface).

Configure the Peer Gateway Address according to the ROC IP of the group you are connecting to.

Enter a preshared key. You can use an online generator to create one. Please save this preshared key.

Set Phase 1 proposals as you would like. Support will need this information. (for example, AES256 as encryption, SHA256 as authentication, and DH14 as a key group).

SA Tunnel lifetime = Choose

7. Add a VPN tunnel (Configuration > VPN > IPSec VPN > VPN Connection > Add).

8. Enable and name the rule.

9. Select Site-to-Site and select the created VPN gateway.

10. Set the local policy to your LAN subnet and remote policy to (

NOTE: Eventually, you need to create an address object for the remote network.

11. Select Create new Object and choose IPv4 Address.

NOTE: Please check first if the IP address of the remote subnet does not already exist on the local subnet to avoid double IP address configuration. When the remote subnet is similar to one local subnet you will only be able to reach the local network.

12. Select Show Advanced Settings and make sure that the Phase 2 settings are the same as the Phase 1 settings (i.e. AES256, SHA256).

  • configure-zyxel.txt
  • Last modified: 2021/05/01 17:26
  • by rafi