Usg 100 flex - VPN L2TP for iPhone

Dear Sirs,

I've set up an L2TP IPsec VPN connection to access a server from my iPhone. I've implemented two-step authentication for VPN connectivity, meaning that upon activating the VPN on my iPhone, I receive an email containing the link to authorize access.

However, I've encountered an issue where activating the VPN on my iPhone results in the blocking of internet traffic. Consequently, I'm unable to receive the authorization email and grant access to the VPN.

Could you please advise on the necessary configurations to ensure that activating the VPN on my iPhone doesn't impede internet access, allowing me to authorize VPN access seamlessly?

Your assistance is greatly appreciated.

Best regards.

Max.


Best Answers

  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 10 Answer ✓

    Yes...first time with two-step authentication here and I see the problem but its also not a problem...how its meant to be used is you have two devices a PC for the VPN and and phone for authentication by Email.

    The only way to get one device with the VPN and authentication would be a firewall bypass rule of DNS and Email ports you can add that to ideas.

    https://community.zyxel.com/en/categories/security-ideas

    or another way Zyxel can do it is you connect to the VPN then disconnect get the Email authenticate then connect to the VPN

  • Zyxel_James
    Zyxel_James Posts: 614  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    As @PeterUK said, 2FA requests two devices to authenticate, it's how it works.
    To finish 2FA in a single device, it's convenient for the user of course, but it also has certain safety risks.

All Replies

  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 10 Answer ✓

    Yes...first time with two-step authentication here and I see the problem but its also not a problem...how its meant to be used is you have two devices a PC for the VPN and and phone for authentication by Email.

    The only way to get one device with the VPN and authentication would be a firewall bypass rule of DNS and Email ports you can add that to ideas.

    https://community.zyxel.com/en/categories/security-ideas

    or another way Zyxel can do it is you connect to the VPN then disconnect get the Email authenticate then connect to the VPN

  • Zyxel_James
    Zyxel_James Posts: 614  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    As @PeterUK said, 2FA requests two devices to authenticate, it's how it works.
    To finish 2FA in a single device, it's convenient for the user of course, but it also has certain safety risks.

  • max_2214
    max_2214 Posts: 2
    First Comment

    Okay. Thanks for the replies.

Security Highlight