Cannot send mail to two-factor authentication for SSL VPN

MassimilianoDelta

Hi, I would like to use two-factor authentication for SSL VPN access but from the logs I see this error and I can't understand what I should do.

Thanks Max

PeterUK

Have you set Mail server in config > system > notification ?

Zyxel_James

It seems the firewall cannot send out the auth email
Please check CONFIGURATION > System > Notification > Mail Server. Did you input IP address or FQDN for the mail server? I suspect it's FQDN, and the firewall cannot resolve it. You can test it by Maintenance > Network Tool > Nslookup, and check if the firewall can resolve the FQDN.
Moreover, is the account local or external?

Zyxel_USG_User

Just to clarify for what it seems you want to do, to me.

Configuring the outgoing 2FA mail is one thing, the second- I very much assume you cannot use this on the same device because the 2FA is needed to create the tunnel but in that moment your device will not be able to receive any mail.

My experiences are below.

Scenario A works: 2FA mail is sent to device1, the VPN is initiated on device2.

Scenario B does not work: 2FA mail is sent to device1, the VPN is initiated on device1.

I am happy if somebody can chime in and tell how to make also scenario B work…

Zyxel_USG_User

The VPN tunnel is waiting for 2FA. Even if the firewall is properly configured and sends the message out, you will not be able to receive your mail on same device because the VPN is 'still building' ie waits for your 2FA code in order to complete the process.

This works instead:

Device1 builds a VPN tunnel, needs 2FA to complete the process.

Device2 delivers the 2FA, whichever it is - code via app, via mail.

If you want the VPN tunnel and the mail delivery with the 2FA on the same device, it will not work.

MassimilianoDelta

https://community.zyxel.com/en/discussion/comment/77303#Comment_77303

yes I do it but dont work

MassimilianoDelta

thanks but I try in Network tool (see pic) but message dont start