With mobile phone on Zywall 110 – VPN

With mobile phone on Zywall 110 - VPN

Hi

I have a fiber router at home with 10/10 fixed IPv4 and IPv6 addresses. To be honest, I don’t use IPv6 at all. I configured a DMZ port, a Zywall 110 is connected to it; double NAT because the router cannot switch to bridge mode. A brutal network with a few VLANs, DMZ with a few servers or switches, ESXi and a few clients is attached to the Zywall. Everything is wired in RJ45 so far. I disabled IPv6 on the Zywall.

Now I would like to connect to my cell phone via VPN behind the Zywall. I have no VPN experience with the Zywall. On delivery, you can access the Zywall from the outside via a browser, I think on port 443. You can then click on VPN. But I used the port for the Plesk Hosting Panel, or any blocked from outside by policy in this regard. So WAN > Zywall deny, no idea.

I had multiple VPNs in use, both inbound and outbound. For a while for a flight simulator with a good 200 users. But I left it working on the ESXi via openVPN, and controlled it except for NAT/UDP. It was quite easy. With VPN clients on an Endian. I also had an outgoing VPN running on the ESXi, with pfsense and OpenWRT. I had nothing to settle.

I have now connected my laptop to my cellphone via WLAN for testing, and would like to moderately access various interfaces from Zywall VPN. But I’m standing there on the mountain. I even get an IPv4 address assigned to my cell phone. Is it always like this? Or can there be only one IPv6 in a foreign mobile phone network? I would have actually assumed that I always get an IPv6 on my cell phone…

Is IPsec the medium of choice? If yes, how can I solve this problem? You cannot define a port where this should be accessible. And do I need client software on the client (Laptop Win 10 via mobile phone)? The Zyxel thing I guess?

I also saw that I could create a separate policy for each service with IPsec. Sounds exciting.

First, the ESXi host, storage, switch, vmrc, the Zywall itself and something like that should be accessible via VPN. This is a management network, everything is blocked from the outside world. This should only be accessible internally or via VPN. And have no internet connection. And keep regular server services without VPN i.e. laptop can access DMZ from outside as usual. Everything sucks.

So much for the theory. For now, please just answer the following questions:

  • Do I still get IPv4 with my Europe/International mobile phone subscription? Can I ignore IPv6 in my project?
  • Is there a way to choose with the Zywall IPsec?

#mobile #phone #Zywall #VPN

Leave a Reply

Your email address will not be published. Required fields are marked *