Cannot send mail to two-factor authentication for SSL VPN

Options
MassimilianoDelta
MassimilianoDelta Posts: 20  Freshman Member
First Comment Friend Collector Third Anniversary

Hi, I would like to use two-factor authentication for SSL VPN access but from the logs I see this error and I can't understand what I should do.

image.png

Thanks Max

All Replies

  • PeterUK
    PeterUK Posts: 3,887  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Have you set Mail server in config > system > notification ?

  • Zyxel_James
    Zyxel_James Posts: 788  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    It seems the firewall cannot send out the auth email
    Please check CONFIGURATION > System > Notification > Mail Server. Did you input IP address or FQDN for the mail server? I suspect it's FQDN, and the firewall cannot resolve it. You can test it by Maintenance > Network Tool > Nslookup, and check if the firewall can resolve the FQDN.
    Moreover, is the account local or external?

  • Zyxel_USG_User
    Zyxel_USG_User Posts: 83  Ally Member
    First Answer First Comment Friend Collector First Anniversary

    Just to clarify for what it seems you want to do, to me.

    Configuring the outgoing 2FA mail is one thing, the second- I very much assume you cannot use this on the same device because the 2FA is needed to create the tunnel but in that moment your device will not be able to receive any mail.

    My experiences are below.

    Scenario A works: 2FA mail is sent to device1, the VPN is initiated on device2.

    Scenario B does not work: 2FA mail is sent to device1, the VPN is initiated on device1.

    I am happy if somebody can chime in and tell how to make also scenario B work…

  • Zyxel_USG_User
    Zyxel_USG_User Posts: 83  Ally Member
    First Answer First Comment Friend Collector First Anniversary
    edited June 10

    The VPN tunnel is waiting for 2FA. Even if the firewall is properly configured and sends the message out, you will not be able to receive your mail on same device because the VPN is 'still building' ie waits for your 2FA code in order to complete the process.

    This works instead:

    Device1 builds a VPN tunnel, needs 2FA to complete the process.

    Device2 delivers the 2FA, whichever it is - code via app, via mail.

    If you want the VPN tunnel and the mail delivery with the 2FA on the same device, it will not work.

  • MassimilianoDelta
    MassimilianoDelta Posts: 20  Freshman Member
    First Comment Friend Collector Third Anniversary

    thanks but I try in Network tool (see pic) but message dont start

    image.png