2FA authentification email not receiving

Dany
Dany Posts: 18
First Comment Friend Collector Second Anniversary
 Freshman Member
edited April 2021 in Security

Hi all

I have successfully activated 2FA with a ZyWall 110. Emails with authentication link will be sent to the VPN users. But the emails will not be received. Issue there I see is, that with the setup (tunneling all traffic), the client cannot resolve (DNS) the FQDN and cannot connect to the email server, as all traffic is declined, as long the authentication is not executed. If I execute for testing purpose the authentication with another client who can receive the email, it works like a charm.

If I send the authentication link by SMS, it will work with the WAN IP address to http (80). But when I send the authentication link with the FQDN of the entry point (http and https), it will not work. I see same issue: DNS cannot be resolved based on traffic declined.

Target would be: authenticate by email, send link with https (SSL) for safety reason.

Is there any possibility or any workarounds, to let the client receive an email trough the VPN, as long the authentication is not executed? For example with a special security rule who is just in use for authentication (like permit traffic from VPN authentication to WAN).

Accepted Solution

All Replies

  • Dany
    Dany Posts: 18
    First Comment Friend Collector Second Anniversary
     Freshman Member
    Hi @Zyxel_Stanley

    Thank You for Your answer. So, it is as I expected not designed/possible to establish and authenticate the VPN tunnel with the same (one) device over email in combination with the FQDN.
    It only works with one device over the WAN IP address and http (not https, as there would be a certification proving error as WAN IP address ≠ FQDN) and SMS, as the SMS can be received by the one device (using the cell network).


Security Highlight