I'm stumped how to setup up my ZyXel home router for VPN endpoint
I have an ZyXel P-334 wired router. It's a SOHO device, and the product marketing description says it is VPN endpoint capable.
However, as I look in the users' guide, I cannot figure out what to do to enable those features. I've got a name setup at DynDNS.org, and have the P-334 configured to pass the router's WAN ip address to DynDNS. But after that I'm stuck.
What I hope to do is use Windows XP's VPN client when I travel away from home, say in a hotel, start up the XP VPN client, connect to the home router, and have all my internet activity routed from my laptop > P-334 router > pubic internet. I'm not interested in accessing any home computer or servers or printers, (maybe later, but not right now). I read on frequent traveler websites people do this a lot, and I'm trying it.
Thanks. I realize this is vague, so some specific questions on the configuration in the router.
There are only 2 or 3 mentions of “endpoint “ in the documentation, and all are in the context of “NAT routers between the IPSec endpoints”, ie., not what I want to try. It appears they assume you know the right combination of rules and configuration settings to make this work.
1. I want to use ESP protocol as opposed to AH Protocol, correct?
2. I want Encapsulation mode set to Tunnel or Transport?
3. There is a statement “if the VPN tunnel terminates at the P-334’s LAN IP Address, then configure this…” and “If the if the VPN tunnel terminates at the P-334’s WAN IP Address, then…”.
Which one applies here? For the simple case away from home > VPN to router > internet browsing it terminates on the WAN ip address? If I also want to print to a home printer, (or later access resources on the home network), I presume it terminates on the LAN ip address.
4. Do I need to do set anything for any of the following fields (I was going to attach an image from my computer, but can't):
Local Address/Local Port Start
Local Port End
Remote Address Start
Remote Address End/Mask
Remote Port Start
Remote Port End
I think no, but it's not clear.
5. And finally, I don't see where to set anything to have the router give the XP VPN client an IP address after they make a successful connection. I do have to set something for this, right? Or does the router provide the XP client an IP address from it's DHCP function used for the WAN IP address range?
Setting up an IPsec VPN tunnel can be very frustrating. Even moreso if you don't have a matching IPsec client. I really suggest you get an IPsec client, preferably the Zyxel one since you are more likely to get support that way.
That ZyXel client is $65 for one copy. Yikes. It's geared towards corporate & small business sales. I'm gonna invest some brain power and elbow grease first. I read about other people doing what I want without having to resort to buying an individual client.
That is a good idea to ask ZyXel support for setup examples.
The terminology and wording is part of my problem here. Is 'IPsec tunnel setup' the equivalent words for 'endpoint'? ZyXel 's manual has a section on 'TeleCommuters sharing one VPN rule', and I'll start looking over this again. And so I think these three descriptions might all be more or less the same.
Thanks for the assist above. I e-mailed ZyXel support to ask for an example.
BTW, on the 1st page in the link in your post above, it says "... but many other inexpensive VPN endpoint routers have tunnel throughput in the 400 - 800kbps range vs. the BEFSX41's 2.5Mbps - a limitation you'd definitely notice."
How would I find out if this is a limitation in the P-334?
No better way than to test for yourself. The Zyxel VPN client is an OEM version of The Greenbow VPN client.
Visit www.thegreenbow.com and download the 30 day trial version. Greenbow also has setup guides to help you get it going. They've got a few Zyxel boxes listed and if you poke around you'll likely find one that has a similar interface to the P-334.
Gents, thanks for the suggestions. I think I'm giving up on this exercise of using the built in Windows client with the Zyxel router I have.
If I understand it correctly, the router requires both itself and the client to have static IP addresses.
I can handle the router not having one (ie., looking it up manually via DYNdns when I'm away from home), but I no-can-do with the PC client needing a static address. How would I ever know I address I'm going to get when I use a coffeeshop or hotel's wireless.