Zyxel Nebula Control Center
This guide will show you how to connect your branch in Zyxel Nebula Control Center to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.
Step 1 - Creating a new branch connection
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
Click + Add new, enter the Branch name and subnet, and select Gateway.
Choose IPSec Protocol, fill out the Settings configuration form, and click Save.
You may return to the configuration via the Edit button of your Branch at any time.
Example of configuration (Default preset):
Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your site
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 16 - modp4096
Diffie-Hellman Groups (Phase 2) - 16 - modp4096
Step 2 - Creating a new site-to-site connection
Log in to Zyxel Nebula Control Center, and switch to the site you want to connect to GoodAccess.
Go to Configure > Firewall > Site-to-Site VPN.
Enable the local network you want to access via GoodAccess.
Under the Non-Nebula VPN peers section click on the + Add button, give it a name, and set the configuration as follows:
Public IP - IP of your GoodAccess Gateway
Private subnet - Subnet of your GoodAccess Gateway
Pre-shared secret - Shared Secret (Step 1)
Click on the Default button, and set the configuration as follows:
IKE version - IKEv2
Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)
Click OK, and then Save.
You have now successfully connected your branch to GoodAccess.
You may check the status of the connection in:
GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Nebula Control Center - Monitor > Firewall > VPN connections
Last updated
