Getting "vpn connection authorization fail or authorize link expired" using Google Auth with IPSec
We have been using an IKEv2 VPN connection with just 2 users for a few weeks now. We have Google Auth for 2FA. It was working fine. Now, every time we enter a Google Auth code we get "vpn connection authorization fail or authorize link expired." Nothing has changed.
I'm still able to use a Google Auth code to log into the device as Admin.
Anyone seen this? Have any suggestions?
Accepted Solution
-
HI @ITemi , and @ChipConnJohn ,
V5.36 patch 1 is released. please update to V5.36p1 and test it again.
1
All Replies
-
Hi @ChipConnJohn,Could you give me the remote access of the web GUI of your device to check this issue remotely? Please send the wan IP address and login information to me in private message. Thanks!0
-
Hi,
same problems with Google Auth on IKEv2 connection. This issues appear on different devices models, ATP 200 or USG100. First times after vpn connection setup , connection with Google Auth works ok, but after some days error "vpn connection authorization fail or authorize link expired" appear after input code received from Google Auth app. Because of this issue, we use as backup authentication mail authentication, which is not very secure if email is installed on same laptop where connection vpn is used.0 -
Hi @LukSaf22,Please check your private message if you'd like to find out the cause of this issue.0
-
Hi,
Hi have the same problem. Did you find any solution? Would appreciate any suggestion how to solve this issue.
thx0 -
in this case it was an error in the firmware. MFA was getting turned off on reboot of the device. Something I discovered when looking at a backup config. There was a “no MFA” line at the bottom of the IKE config that would persist even when MFA was turned on. This was fixed in a firmware update about a year ago.
So, the Google Auth failure was due to the MFA setting being turned off after a reboot.
0 -
Well, I just had a use have this problem and the MFA was still turned on. I have to investigate this later today. Ugh. They did seem to be at least partially connected even though MFA failed. (pings worked to servers)
0 -
Hi ChipConnJohn,
What firmware do you have? Because the newest weekly (datecode) firmware has a fix for MFA on 5.36.You can find it here:
https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version
Thanks!
0 -
Hi Andreas,
I updated to the weekly firmware and it's still not working. Getting Auth Failed message.
0 -
Hi @ITemi ,
What is your device model? i will send you firmware in PM.
0 -
Hi @Zyxel_Cooldia
I have Zyxel ATP200 with the latest FW V5.36(ABFW.0).
Do you have a newer version of the firmware?
Thx0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight