Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Zyxel VMG8924-B10A - inbound VPN setup  (Read 3922 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Zyxel VMG8924-B10A - inbound VPN setup
« on: February 14, 2019, 08:37:38 PM »

We have a Zyxel VMG8924-B10A modem/router at work and I'd like to setup an inbound VPN so a couple of users can connect from their home Windows 10 computers securly to their PC's at work.

Can I do this with the Zyxel, it does have VPN features but not sure if it will support what I want?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #1 on: February 14, 2019, 08:46:29 PM »

Hi ronski

I am sorry we do not use that router

What router vpn options are listed

On a draytek, it shows lan to lan and dial in, so that means we can vpn a remote office router to router or have users dial in

Many thanks

John
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #2 on: February 14, 2019, 09:08:30 PM »

Hi Ronski

Sorry just looked up manual and it appears that the router does not do dial in VPN, only router to router

Here is the manual I looked at

ftp://ftp2.zyxel.com/VMG8924-B10A/user_guide/VMG8924-B10A_V1.00.pdf
 
Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #3 on: February 14, 2019, 10:32:44 PM »

Thanks John, that confirms my suspicions, I had looked at that manual earlier.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #4 on: February 14, 2019, 10:35:10 PM »

Or can the remote box not be configured to act as a VPN server ? Then a script can be used to establish the VPN, start a RDP session and at the end destroy the VPN, very secure. ( I can help with examples)

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #5 on: February 15, 2019, 06:17:30 AM »

It probably could for me as I use PfSense, but the other user will have a very basic Utility Warehouse supplied router and zero technical knowledge.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #6 on: February 15, 2019, 08:55:36 AM »

Hi Ronski

I would change router to a Draytek :)

Seriously though, could you setup a pfsense at work, then (sorry of you already know how to create VPN in pfsense) have a look here and create VPN to network (that way you can access as many work pc as needed on internal network) Please note I am not stating OpenVPN is better then other VPN, it is just the first one in search

https://turbofuture.com/computers/How-to-Setup-a-Remote-Access-VPN-Using-pfSense-and-OpenVPN

It's just a thought sorry

Many thanks

John
Logged

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #7 on: February 15, 2019, 12:04:28 PM »

You could of course use a VPN for your access, and just leave the other user with RDP, you suggested he was using an uncommon port and hence not getting scanned.

On reflection I’m sure the first suggestion and setup I suggested might be a simple option and pretty safe. I hope you can read the setup document f posted a link as @bcat pointed out my file was corrupted.

I never had a port scanning issue when I implemented it.

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #8 on: February 15, 2019, 12:23:46 PM »

Thanks John. I wouldn't want to use PfSense at work, I'm basically lumbered with the IT and it's taken as granted rather than appreciated, I barely get enough time to do what I am paid for ;)

Which Draytek would you recommend? We use VDSL and a one box solution would be better, but I do have the Zyxel which could be used in bridge mode, as well as the original HG612. If a one box solution I would prefer it to be compatible with stats collection.

@g3uiss Yes I did manage to read your document, thanks. We were both on uncommon ports, I can implement what you suggested but it really depends how often the other users IP address changes or I specify the entire IP range that Utility Warehouse use whatever that is. I'm going to set it up for me first and see how it goes, I've asked the other user to check their IP address regularly.
« Last Edit: February 15, 2019, 12:26:30 PM by Ronski »
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #9 on: February 15, 2019, 01:20:04 PM »

@ronski sounds a good plan. Didn’t realise the other user had a dynamic IP. If it works for you, then you might need to use the range. Other options but more complex and I understand why you wouldn’t want to get to deep in that  ;)

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #10 on: February 15, 2019, 05:30:51 PM »

Hi ronski

Draytek would need 2 device for stats (dslstats etc) although there are draytek all in ones

I prefer 2 device setup and we use hg612

Many thanks

John
Logged

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #11 on: February 15, 2019, 06:05:04 PM »

I use exactly the same configuration Draytec and HG612.

I’m just thinking however ! For RDP you only need the port forward at the remote end, I understood from your first post that you were getting scanned at your local  end. It should work with the port on your router closed as outbound traffic doesn’t need port redirection.

Have I misunderstood here ?

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #12 on: February 15, 2019, 06:13:13 PM »

Hi g3uisse

I am sorry, I’m getting confused now sorry

The port forward/firewall rules need setting up at work router - not ronski router

The outbound rule I like to create to be sure, as you can control precisely where it terminates. It could just be left to any outbound but I think if outbound rule not created, it could block under certain circumstances

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #13 on: February 15, 2019, 06:25:46 PM »

Tony, it's my works PC that is being scanned. Two of us require remote access from our home PC's to our respective works PC's.

Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Zyxel VMG8924-B10A - inbound VPN setup
« Reply #14 on: February 15, 2019, 06:59:14 PM »

Ok sorry @ronski misread earlier post. And also confused John sorry.

Therefore original suggestion will work but the second users IP ( or range) will have to be in a rule as effectively the port is closed except to specified  IP’s. Sure that’s this is possible with your router, but if not I have a Draytec 2820 old but excellent I could offer on sale or return, via swap shop, but you would need a modem or bridge existing one.

However as said in earlier the rules worked really well for me, no intrusions at all. Unfortunately the common ports scanned are 25 and 3800 up to 5000. It’s a pain, but solvable.

Is VNC not an option at port 5900 software free from TightVnc and encrypted. Needs some configuration but very quick to do.

I’m working 2000 miles from home at the moment,and have been using my home servers via VNC.

Tony
« Last Edit: February 15, 2019, 07:10:44 PM by g3uiss »
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.
Pages: [1] 2