Roter settings VPN Keenetic Giga. VPN setting up on the Zyxel Keenetic router

Take the following condition of the router for the initial data:

Using these initial data, we can provide direct access from the Internet to the router and its services. For example, a demonstration ftp server has always been launched on our router. ftp: // guest: guest@Russianproxy-zyxel.DDNS.Net. Come in and check. You can also provide access to any device in the local network of the router through setting ports of ports on a router, for example, to an IP camera, network storage, database server, etc.D.

Many enterprises and private individuals prefer to provide their devices, services and data of the local network with the maximum level of security, and for this is what the technology of the virtual private network of the VPN is intended for this. Creation of a secure local network on top of a public Internet. All devices, services and data data will not be inaccessible directly from the Internet and only by installing the VPN connection with the VPN server on the router can you get full access from the Internet to the local network of the router.

Compared to direct access from the Internet to the resources of the local network on the allocated IP. one additional necessary condition appears. Establishing a VPN connection with a router on a remote client, but at the same time the safety of access to the resources of the local network. Maximum.

On this page below there is a detailed description of the VPN server settings on a router and a client on Windows for installing a PPTP VPN connection with a router from the manufacturer’s website.

After all the settings, we received a PPTP VPN server with the following access parameters:

PPTP VPN server address: RussianProxy-zyxel.DDNS.User Netam: VPN PAROL:

Now let’s check the resulting VPN network from a laptop connected to the Internet through an access point on a smartphone:

By installing the VPN connection with the VPN server on the router, we get the following picture:

Now working through a VPN connection with a router, we can go to the Internet through the highlighted IP address of the router, as can be seen on the Internet in the picture below. Also available to us, for example, a satellite receiver at its IP address in the local network 192.168.0.ten.

All of the above confirms that having just a laptop with a VPN installed on it with a router, you can work exactly as if you were at your workplace or at home. You will not forget anything at home or at work, since you can always be virtually at home and at the workplace. And in general where you need.

Below you can familiarize yourself with the article from the site of the manufacturer of the router http: //

VPN on a home router: quickly and reliably

Typically, wireless routers are used to provide Internet access to various home devices. But sometimes it is necessary to solve the opposite problem in a certain sense. to realize remote access to services and systems posted on the home network. The traditional version of this problem usually consists of three steps-use the dynamic DNS service to automatically determine the external IP address of the router, assign a fixed address for the desired client in the DHCP Router service and create a port of broadcasting for the required service on this client. Note that remote access in most cases is possible only if there is a “white”/“external” address on a WAN-integrate router (for more details see. in the article), but DDNS may not be required if your provider provides a fixed IP address.

The rules of transmission of ports are often quite enough to implement the task, but they have certain features. For example, if necessary, protect the transmitted information, you will need to solve this issue for each connection individually. The second potential problem is restrictions in the case when the software requires the use of a certain port number, and there are several servers in the local network. In addition, if you have a lot of services and internal systems, then there are obvious inconvenience of prescribing to the router of each broadcast rule.

VPN technology. virtual private networks will help to help cope with these issues. They allow you to create a safe connection between a remote client or local network and immediately the entire network behind the router. That is, it will be enough for you to set this service once and when connecting to it, the client will behave as if he is in a local network. Note that this scheme also requires an external address on the router and, in addition, has some restrictions related to the use of systems and other services.

In the firmware of many modern routers of the middle and upper segment, a VPN server is provided. Most often it works with PPTP and OpenVPN protocols. The first is a popular option that was developed more than 15 years ago with the participation of large IT companies, including Microsoft. His client is built into many modern OS and mobile devices, which simplifies the implementation. However, it is believed that security issues are not very well resolved in this decision. The speed of the secure connection for this protocol depending on the performance of the router platform is usually 30-50 Mbit/s, on the fastest devices we met 80 Mbps (see (see. for example an article).

OpenVPN is a free implementation of a VPN of similar age and is released under the GNU GPL license. There are customers for him for most platforms, including mobile. Servers can be found in many alternative firmware for routers, as well as in original versions from equipment manufacturers. The disadvantage of this protocol is the requirement of significant computing resources to ensure high speed, so 40-50 Mbps can only be obtained on the solutions of the upper segment (see. for example).

Another option that is more often associated with “serious” solutions of safe network communications is IPSEC (see. article). Its story began a little earlier and today it can be found in many products of remote corporate level access.

Nevertheless, relatively recently, its implementation appeared in such clearly mass equipment as Roters of the Zyxel Keenetic series. The software module used in them allows you to implement safe remote access scenarios, as well as unification of networks without complex settings. In addition, it is compatible with the solutions of the Zywall series. The advantages of this manufacturer include a convenient knowledge base with detailed articles on the implementation of typical scenarios. On this topic, you can pay attention to articles on combining two networks and connecting a client with Windows. It makes no sense to bring detailed screenshots of settings, since they are according to these links. We just note everything simple and clear.

Given the resource intensity of algorithms used in this scenario, the issue of the performance of such a solution is important. For its study, three models of the latest generation have been selected. the top.end Keenetic Ultra II and Keenetic Giga III, as well as the budget Keenetic Start II. The first two have MediaTek processors of the MT7621 series, 256 MB of RAM and 128 MB of Flashpamyati, gigabit network ports, two Wi-Fi ranges, support 802.11ac, USB 3 port.0. At the same time, the elder uses a chip with two cores operating at a frequency of 880 MHz, and in the second. the same chip, but only with one core. And the third router is equipped with 100 Mbps (and in the amount of two pieces. one WAN and one LAN) and a wireless module. The processor in it uses MT7628N with one core and frequency of 575 MHz, and the amount of RAM is 64 MB. From the point of view of software capabilities associated with IPSEC, the devices do not differ.

On all three routers, firmware from the beta branch versions V2 were installed.07 (XXXX.2) B2. The Internet connection mode on all devices was chosen the easiest. iPoe. Working with other options will most likely lead to a decrease in the results. The following two graphs provide the results of testing pairs with different settings of the connection parameters. Ultra II and GIGA III, Ultra II and Start II. In the first device as a whole, the speeds are compared (though the elder has two nuclei), and in the second restrictions will be from the younger model. The direction is indicated regarding the second device. Scenarios of transmission, receiving and simultaneous transmission and data receiving between the clients connected to routers were used.

As we see, the speeds here are quite low and do not even reach 100 Mbps/s. At the same time, the load on the processor during active data exchange is very high, which can have negative consequences for other tasks solved by the device.

Чому НЕ МОЖНА використовувати роутери Keenetic

How to set up a bypass of locks on Keenetic routers

First of all, you need to get a VPN server who has access to a caring resource. It can be its own server (virtual, allocated), paid VPN or completely free Warp.

Next, you need to configure the VPN tunnel between your router and VPN server. The type of tunnel does not play a special role. Here it is worth starting from the capabilities of the VPN server and your knowledge.

If you set up your own Debian server, then it can be a PPTP or WREGUARD tunnel. The main thing is not to forget to let us use users connected via VPN. https: //

Or use the VPN Warp from Cloudflare, which I talked about recently. https: // In most cases, he copes with providing access to blocked sites, although not intended for this.

The next step is to set static routing in your router. That is, you need to configure the routing table so that the requests for the required resource do not go through your provider, but through the VPN server.

At this stage, we need to find out all the IP addresses of the site of interest. In Windows, this can be done using the NSLOOKUP command. Below is an example for the Yandex

Read more how to find out all the IP addresses of the site in this article. https: //

After you learned the IP address (a) of the necessary site you need to go to the web-panel of the router control to the section “Network Rules Route” and add a static route:

Then the route should appear on the list:

In my example, all addresses and names from the previous article about WARP on the Keenetic router.

  • WARP. connection name (tunnel);
  • The gateway address is the address of your tunnel from its settings;
  • Address address. in my case, this is the IP address M.Video;
  • Description. any description understandable to you;
  • Type of route. if you need a route to one IP address, then select “Route to the Node”.

If the site has several IP addresses, then you need to configure static routes for each address.

How to check that routing through VPN works

You can use the Tracert command in Windows. An example of passing packages without using VPN:

After you connect static routing through the VPN list of intermediate nodes will be different, and the equipment of your provider will no longer be in second place, but the address of the device from the VPN tunnel:

Pay attention to the Ping value of the second device after your router. The total response time of the final server through the VPN will also be larger.

After proper tuning, the locked site should calmly open in the window of your browser.

How to configure the VPN server on the Router Zyxel Keenetic?

I welcome the readers of the blog, and more specifically those who are the owner of the Router Zyxel Keenetic. after all, today I will create a VPN connection to the device of this particular manufacturer. After setting up this function, the user has the opportunity to connect with a local network, a tuned house or in the office, remotely through the Internet, without a direct connection on Wi-Fi with this router. For example, they forgot at home some important file that was on a network drive connected to the router-we immediately entered it via VPN and received the necessary data-conveniently!

In order to create a VPN server on the Zyxel Keenetic router, you must first install this component in the firmware. By default, it is not among the base set.

After rebooting in the Zyxel Keenetic settings, a new section will appear. VPN server, which is located in the “Appendix” menu.

Here we put the daw on “turn on” and on “one connection for one user”.

ZYXEL KEENETIC. Полный обзор (Подключение, WAN, LAN, Обновление, Wi-Fi, DDNS, Приложения, USB, RDP)

For access to the local network, select at the next paragraph “Home Network”

  • The initial address of the pool is IP, from which the issuance of addresses to connecting clients will begin in order. There should be no coincidences with a manually prescribed by statical IP inside the local network.
  • The size of the pool is how many addresses will be issued for the VPN server, and if in Russian, how many customers can connect to it at the same time.
  • Click on the “Apply” button

Wireguard encryption keys for Warp

“Correct” keys create official customers from Cloudflare (Appendix “ Warp VPN “). But I do not know how these keys to “pick out” from these applications.

Therefore, we will use the unofficial CLI for Cloudflare Warp. https: // github.COM/VIRB3/WGCF. Which can register accounts in WARP and create profiles indicating the encryption keys for wireguard. The latter we actually need.

Download the WGCF utility for your operating system from this page. https: // github.COM/VIRB3/WGCF/Releases

The utility is console and looks the same in both Windows and in softening systems based on Linux nucleus. Its use comes down to two teams:

Instead of WGCF, you must use the name of the download utility file, in particular in Windows it is called WGCF.EXE.

After completing these commands, you will have a WGCF-Profile file.Conf which will contain all the data for configuration WARP VPN on the Keenetic router.

Setting Warp Keenetic

In the Keenetic router, you need to create a wireguard tunnel, setting the server:

Red color marks the values ​​that must be taken from your WARP VPN WGCF-Profile configuration file.Conf

If everything was done correctly, then the Warp VPN state should look something like this:

Setting up a VPN connection

If all the above conditions are met, we proceed to the VPN setting up on the Zyxel Keenetic router.

  • We go through the main menu to the “System” section, then. “Components”. We note that the activation of the VPN server option is required:
  • Depending on the ZYXEL model, a reboot is required to use the changes made. After that, a new panel “VPN” will appear on the “Appendix” tab:
  • Next, go into it, set the following parameters:
  • We activate the VPN server on Zyxel Keenetic, note that each user has created a new communication channel to increase the reliability of data transmission.
  • Connection occurs with encryption, this raises the level of security of the communication channel. Therefore, the MPPE protocol is used. Accordingly, we miss the third point.
  • Field “Translate customer addresses (NAT)” we activate so that users connect through the external network.
  • The next subsection. “access to the network”. indicates the name of the communication channel, according to which the Internet will be released. As an example, the client’s home network is indicated. PPTP connection will be carried out through it.
  • The following two points are responsible for the list of IP addresses provided by the VPN server for newly connected. The number of participants depends on the router’s model: for example, Zyxel Keenetic Giga allows a maximum of 10 connections.
  • In the first paragraph, select the initial value of the IP address pool, and in the second we indicate the maximum possible amount. Thus, ten addresses that will be issued by PPTP clients will be reserved on the router.
  • The IP address list for VPN should not coincide with the address of the address of the DHCP server of the network device. For example, ZYXEL distributes an IP address in the 192 range.168.0.10. Accordingly, it is recommended to set the pool for VPN, starting from
  • After making all the changes, click the “Apply” button, move on to the next section. “Configuration of user accounts” located below the VPN parameters:
  • Press the left mouse button on the name Admin.
  • Choose the item “Allow access to VPN”. We use changes:
  • Add customers to the list of allowed through the “System” menu, section “Users”:
  • Indicate the name, come up with a password and set access rights:
  • In our case, it is necessary to note the item “VPN server”. Next, click “Save”.

This is the setting of the Roter Zyxel Keenetic completed, it is allowed to install a VPN connection.

Connection priorities

Starting from version 2.0, the Roters of ZYXEL supports the function of priority distribution. Compared to the first version, there is the possibility of combining compounds in different ways.

The created channels use either physical ports of the network device or virtual intenses. Each communication channel created on the equipment is assigned priority. Its value is edited manually or remains unchanged:

In the screenshot the highest priority is given to the ISP intese. This is a standard setting for Internet access through the network cable.

The next is Yota: connection via a wireless communication channel. If the first option stops working, the router will automatically switch to the specified mode. Thus, reserve communication channels and VPN connections are configured.

L2TP/IPSEC connection setting on Windows and poppy

Setting up VPN L2TP compounds for MacOS or Windows is done by regular tools. If detailed instructions for setting them are required, write in the Комментарии и мнения владельцев. And not today it’s all. Do not forget to like and subscribe.

If you think the article is useful, do not be lazy to like and share with friends.

Clotting of settings on Android (Hard Reset) Connecting the USB drive to Mikrotik and setting up file server (SMB) What kind of Chinese “refers” iPhone and how not to fall into a trap what is NAT, Masquarade and port pursing? Vertical black strip when printing on a laser printer. We eliminate per minute! The problem with Samba. Error Broken Pipe

Комментарии и мнения владельцев: 4

Kinetik Giga 2, this is shit. I suffered with him for two years. Do not configure anything! Then Wi-Fi disappeared, it is not clear why. Maybe something in the settings, or maybe just die. I took TP-LINK double-band. Satisfied like an elephant, with a shitty kinetic giga 2, you should not even compare.

Wahaha, apparently just hands are growing out of that place!

Konstantin, comparing a kinetic with TP-Link is like Mercedes with Lada.

4 kinetics have, if we understand their philosophy. it is better to imagine better

With the output of the NDMS V2 operating system.08.B0 for ZYXEL Keenetic organize the Internet access using PPTP VPN / L2TP Over IPSEC connection has become more than ever. We recommend this router as one of the most adequate solutions to use. This router supports several integrates at the same time and, with the inaccessibility of one, can automatically work through any other available integration, while the setting is intuitive and simple. The ability to connect to the VPN server via the L2TP Over IPSEC protocol, perhaps for the first time on home use routers, is available in Keenetic Internet centers starting from the NDMS V2 operating system.08.B0.

The most interesting abilities of new firmware with NDMS 2 OS.08.C1 and above. L2TP Over IPSEC and KEENDNS are supported by the following models: Keenetic Giga III, Ultra II, Omni II, Extra II, Viva, Extra, Air, Lite III, Start III, 4G IIII.

We will consider most scenarios that can be implemented on the Roters of the Zyxel Keenetic series when using PPTP/L2TP Over IPSEC VPN with a constant/dynamic highlighted IP. If you have not found on this page how to solve your problems. Write in the Комментарии и мнения владельцев below.

    : The ability to connect to the VPN server via the L2TP Over IPSEC protocol is available in Keenetic Internet centers starting from the NDMS V2 operating system.08.B0. At the beginning of 2017, this is a unique ability among routers for home and small office. To access the resources of the home network in the Keenetic Internet center, the ability to connect to the VPN server via the L2TP Over IPSEC (L2TP/IPSEC) protocol.

In such a tunnel, you can absolutely not worry about the confidentiality of the file server, IP telephony or video surveillance flows. L2TP/IPSEC provides absolutely protected access to a home network from a smartphone, tablet or computer with minimal setting: in Android, iOS and Windows for this type VPN there is a convenient client. In addition, in many Keenetic models, data transfer by L2TP Over IPSEC is accelerated by hardware.

To configure the connection of L2TP/IPSEC, it is necessary to install the component of the IPSEC VPN system. You can do this on the “General Settings” page in the “Updates and components” section by clicking “Change the set of components”

Having an Internet center of the Keenetic series, without even being an IT specialist. With our help, you can implement on your device almost any system for your requests. All you need to configure the ability to access your device through a “cloud client”. If you experience difficulties with setting up your router, we will be able to help you in this through the my.Google Play Keenetis or App Store. All that is required. This is to send us a QR code on the back of the Internet center (in the event that the Internet center is at the factory installations, t.e. with default settings). This can be useful if you do not have a dedicated IP and you use our VPN service on the server without IP highlighted. For example, you need an American IP to play Xbox, or you forgot to extend the VPN package and access through the allocated IP gone. In this case, the possibility of remote control through a “cloud client” is useful to change the router settings without IP highlighted.

Starting from the Beta version of the NDMS V2 beta version.07.B2 has the opportunity to organize access to the Internet center if there is a “gray” (private, internal) IP address on the external router of the router.

Keendns is a convenient domain access service for remote access. It will allow you to connect from the Internet to the applications of the Internet center and open home network services using its own constant domain name, for example, Home.Mykeenetic.Net. This can be useful if you need help in setting up and using VPN connection on the router. Just tell us the options for accessing the router through Keendns and we will help you in the settings.

Constant IP allocated to everyone is good, but it costs a little more due to the fact that the IP addresses are consumed less rationally than in the case of a dynamic IP.

Dynamic selected IP to receive incoming connections from the Internet requires additional settings on the device setting VPN connection. But it costs a little cheaper due to more rationally using the address space on our VPN servers. It can be chosen if you are not embarrassed by inaccessibility for several minutes when reinstalling the VPN connection, until the dynamic DNS updates the records on the DNS server about the new IP for your DNS recording.

We will consider the use of dynamic DNS using the Zyxel Keenetic Giga II router. This is a preferred option compared to any other, as it allows you to ensure a high level of reliability and the resulting solution has wide versatility, both for home and office use (for corporate use, routers are needed more powerful), while the cost of the router is quite adequate (4.5.5 t.R. for December 2015). On the router, it is possible to launch the NAS, FTP server, PPTP VPN server, client torrent, etc.D. For several years of use, we noticed only one drawback of this router. unstable operation at temperatures below 6 degrees Celsius, at high temperatures. up to 45. The router works fine.

Many enterprises and private individuals prefer to provide their devices, services and data of the local network with the maximum level of security, and for this is what the technology of the virtual private network of the VPN is intended for this. Creation of a secure local network on top of a public Internet. All devices, services and data data will not be inaccessible directly from the Internet and only by installing the VPN connection with the VPN server on the router can you get full access from the Internet to the local network of the router.

Compared to direct access from the Internet to the resources of the local network on the allocated IP. one additional necessary condition appears. Establishing a VPN connection with a router on a remote client, but at the same time the safety of access to the resources of the local network. Maximum.

Feature 1

To use the encryption connection, you need in the connection settings:. Use the authorization of MS-chapv2 and indicate what encryption will be used (mppe)

You need to connect without encryption:. use Chap authorization and indicate that encryption will not be used.

Be careful, all other combinations of authorization and encryption methods will lead to non.operations.

Feature 2

The work of the PPTP protocol is carried out using the GRE protocol, with which some Internet providers have technical difficulties. These difficulties will not allow you to use PPTP to build a VPN tunnli. Such providers include MGTS (city telephone network), Yota, Megafon. However, such a situation is not in all parts of their networks.

For the user, the situation will look so that the user name and password check will not pass. precisely to this point will not even reach. At the “Security Events” menu item you will see the beginning of a successful connection and the latter will be a phrase that says that we are ready to check the name and password, but.

Access Granted. No Whitelist is set for user. Ready to Check Username / Password.

No connection and further records in the log (despite the fact that you are firmly sure that the login and password are true), most likely, suggests that GRE has not been missed by your provider. You can google on this subject.