Zyxel Nebula Control Center

This guide will show you how to connect your branch in Zyxel Nebula Control Center to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your site
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 16 - modp4096
Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new site-to-site connection

Go to Configure > Firewall > Site-to-Site VPN.

Enable the local network you want to access via GoodAccess.

Under the Non-Nebula VPN peers section click on the + Add button, give it a name, and set the configuration as follows:

Public IP - IP of your GoodAccess Gateway
Private subnet - Subnet of your GoodAccess Gateway
Pre-shared secret - Shared Secret (Step 1)

Click on the Default button, and set the configuration as follows:

IKE version - IKEv2
Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)

Click OK, and then Save.

You have now successfully connected your branch to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Nebula Control Center - Monitor > Firewall > VPN connections

PreviousUniFi USG NextOther supported routers and firewalls

Last updated 1 month ago

Was this helpful?

Zyxel Nebula Control Center

This guide will show you how to connect your branch in Zyxel Nebula Control Center to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your site
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 16 - modp4096
Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new site-to-site connection

Go to Configure > Firewall > Site-to-Site VPN.

Enable the local network you want to access via GoodAccess.

Under the Non-Nebula VPN peers section click on the + Add button, give it a name, and set the configuration as follows:

Public IP - IP of your GoodAccess Gateway
Private subnet - Subnet of your GoodAccess Gateway
Pre-shared secret - Shared Secret (Step 1)

Click on the Default button, and set the configuration as follows:

IKE version - IKEv2
Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)

Click OK, and then Save.

You have now successfully connected your branch to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Nebula Control Center - Monitor > Firewall > VPN connections

PreviousUniFi USG NextOther supported routers and firewalls

Last updated 1 month ago

Was this helpful?