Living abroad? Setup a Meraki Z3 VPN in 5 minutes to access your local streaming services!
Meraki’s teleworker device, the Meraki Z3 provides a great, set it and forget it system for VPN services. In this article, I will go through various use case setups on how your remote network (I live in Europe) can seem like you are in your home country (I’m from the USA) without constantly having to enable a VPN client or to sign up for proxy services requiring monthly fees.
•Wired Port — Hardwire streaming devices like an AppleTV or Roku
•VPN Client — A VPN client on your iPhone for travel streaming purposes
•Wireless SSID — An always-on SSID for devices like an iPad or an Amazon Echo
NOTE: This article assumes that you have a Meraki MX router at your headquarter location (my parent's home) already setup. We will call the headquarter location the “MX60.”
Site to Site VPN Configuration
Here you will create a VPN connection from the MX60 to the Z3. Go to:
•Z3->Teleworker Gateway->Site-to-site VPN->Type-> “Spoke”
•Z3->Teleworker Gateway->Site-to-site VPN->Type->Hubs-> Select the name of your MX “MX60” and check “Default Route”
•Z3->Teleworker Gateway->Site-to-site VPN->VPN Settings->Local Networks-> VPN Participation -> Set your networks “AppleTV” and “Client VPN” to “VPN On”
Wired Port Setup
First, you will need to create your VPN network on the Z3. Here you will set up Port 2 for your AppleTV. Log into your Meraki dashboard and go to:
•Z3->Teleworker Gateway->Addressing& VLANs-> Deployment Settings Mode-> select “Routed”
•Z3->Teleworker Gateway->Routing-> “Create a VLAN 100 for AppleTV” -> “Subnet of 192.168.100.0/24”
•Z3->Teleworker Gateway->Routing->Per-port VLAN Settings->
“Port 2”
Now, any traffic going through wired Port 2 will go to the MX60 back in the USA, but a few more steps are still needed.
VPN Client Configuration on Z3
This step will allow you to have your smart device, such as an iPhone to have a VPN client.
•Z3-> Teleworker Gateway-> Client VPN -> “Enabled”
•Z3-> Teleworker Gateway-> Client VPN -> Authentication -> “Meraki Cloud Authentication”
•Z3-> Teleworker Gateway-> Client VPN -> User Management-> Add new user-> and “Create a username and password”
VPN Client Configuration on iPhone
•General -> Settings -> VPN -> Add VPN Configuration ->
Type: L2TP
Server: Hostname (go to your MX ->Security & SD-WAN ->Client VPN and copy the full hostname)
Account: Enter the Meraki Cloud Authenticated username/password
Wireless SSID Configuration
Here I have a Meraki MR33 with my Z3, so I configured my access point to also broadcast the VPN SSID.
•MR33->Wireless->Configure->SSID-> ”Create an SSID”
•MR33->Wireless->Configure->SSID-> Access Control-> Addressing and traffic-> select:
VPN: “Tunnel data to a concentrator”
Concentrator: “MX”
VPN Tunnel Type: “Full Tunnel”
VPN Verification
You can verify if your VPN is up by going to:
•Z3-> Teleworker Gateway-> Monitor -> VPN Status -> “VPN Registry: Connected”
Congratulations!
That’s it! Your AppleTV, VPN Client, and SSID should see that you are now in your home country. If you have any other advice or suggestions to optimize this setup, please let me know. Finally, please clap and share if you found this useful!
