Knowledge Base

How do I setup an L2TP VPN connection on the NSG100 with an authentication server?


The Nebula Cloud platform offers an option to allow L2TP VPN users to authenticate wired/wireless networks using RADIUS and(or) AD servers, when connecting to local domain controllers in the network.

Prerequisite: Client VPN IP addresses cannot overlap with the LAN subnet addresses.

Scenario: Setup an L2TP VPN connection with RADIUS/AD servers in Windows server 2008.

Preparation: NSG100 *1, NSW100 *1, RADIUS Server *1 and AD Server *1 in Windows server 2008, iPhone 6S+ *1 and laptop x1.



NCC Configuration for Authentication Server

1. Go to Gateway > Configure > My authentication server > My RADIUS Server > Add

2. Enter information on the My Radius Server screen and click Save

In order to use the My RADIUS server option, it is required to configure the RADIUS server and Active Directory roles in the domain controller.

Radius Server Configuration

3. Add a new RADIUS client

Go to Server Manager > Role > Network Policy and Access Services > NPS(local) > RADIUS Clients and Servers > RADIUS Client > New RADIUS Client. Enter information in the fields framed in red as shown next and then click OK.

4. Add a new connection request policy.

Go to Server Manager > Role > Network Policy and Access Services > NPS(local) > Policies > Connection request policies > New.

Enter the policy name (e.g.: USG) and then click Next.

Select Client IPv4 Address > Add.  Enter the NSG100's WAN IP Address (e.g.:  and then click OK.

Active Directory Server Configuration

5. Add new a AD user.

Go to Server Manager >Role > Active Directory Domain Services > Active Directory Users and Computers > > Users > New > User.

Enter the user logon name ( and click Next 

Enter a password, then click Next and then Finish. 

NCC for L2TP VPN Client Configuration 

6.Go to Gateway > Configure > L2TP over IPSec client > Toggle on. Configure information in the fields in red as shown next and click Save.

L2TP VPN Configuration on an End User device 

(The configuration uses an iPhone for the example.)

7. Go to iPhone > Setting > General > VPN > Add VPN Configuration > Type > L2TP

Connecting to an L2TP VPN from the End User Device 

8. Go to iPhone > Setting > Toggle on VPN.


L2TP Connection Result on the End User Device

9. Go to iPhone > Setting > General > VPN.

L2TP Connection Result on NCC

10. Go to GATEWAY > Monitor > Event log > Category > Enter Auth > Search Event log to display L2TP client login information. 

L2TP Connection Result on Event viewer in Windows Server 2008

11. Go to Server Manager > Diagnostics > Custom views >Event Viewer> ServerRoles > Network Policy and Access Services.

Scenario Result for Authorizing L2TP Client with the Authentication Server

The L2TP Client (IP should be able to access a LAN host (


Please leave your comment:


Question Profile

TYPE:Application / Configuration Example
FIRMWARE:nebula 20170419-102557

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support