Usg 100 flex - VPN L2TP for iPhone

Dear Sirs,

I've set up an L2TP IPsec VPN connection to access a server from my iPhone. I've implemented two-step authentication for VPN connectivity, meaning that upon activating the VPN on my iPhone, I receive an email containing the link to authorize access.

However, I've encountered an issue where activating the VPN on my iPhone results in the blocking of internet traffic. Consequently, I'm unable to receive the authorization email and grant access to the VPN.

Could you please advise on the necessary configurations to ensure that activating the VPN on my iPhone doesn't impede internet access, allowing me to authorize VPN access seamlessly?

Your assistance is greatly appreciated.

Best regards.


Best Answers

  • PeterUK
    PeterUK Posts: 3,645  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2024 Answer ✓

    Yes...first time with two-step authentication here and I see the problem but its also not a its meant to be used is you have two devices a PC for the VPN and and phone for authentication by Email.

    The only way to get one device with the VPN and authentication would be a firewall bypass rule of DNS and Email ports you can add that to ideas.

    or another way Zyxel can do it is you connect to the VPN then disconnect get the Email authenticate then connect to the VPN

  • Zyxel_James
    Zyxel_James Posts: 664  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    As @PeterUK said, 2FA requests two devices to authenticate, it's how it works.
    To finish 2FA in a single device, it's convenient for the user of course, but it also has certain safety risks.

All Replies

  • PeterUK
    PeterUK Posts: 3,645  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited January 2024 Answer ✓

    Yes...first time with two-step authentication here and I see the problem but its also not a its meant to be used is you have two devices a PC for the VPN and and phone for authentication by Email.

    The only way to get one device with the VPN and authentication would be a firewall bypass rule of DNS and Email ports you can add that to ideas.

    or another way Zyxel can do it is you connect to the VPN then disconnect get the Email authenticate then connect to the VPN

  • Zyxel_James
    Zyxel_James Posts: 664  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    As @PeterUK said, 2FA requests two devices to authenticate, it's how it works.
    To finish 2FA in a single device, it's convenient for the user of course, but it also has certain safety risks.

  • Okay. Thanks for the replies.