Flex 200H - SSLVPN attempts to reconnect every few seconds
All Replies
-
Hallo PeterUK
Sorry for the delay, my personal anti-malware did not work as it should so I had to stay in horizontal recovery-mode for a few days.
I did the manual editing of the ovpn-file, re-imported it and tried the connection. Unfortunately no success, the problem remains like I described before.Greetings
Eric0 -
Hello Zyxel_Melen
Also sorry for the late response.
First off all, "Remote Access with Strongswan does not work", refers to another firewall. There I had problems with firmware v1.36 and had to revert to 1.35. PeterUK wrote something to that problem as well, but that has to wait (lost to much time being sick). Until this is resolved, any firmware update on the 200H has to wait. I do not require multiples connection-problems.To the OpenVPN SSL VPN Connection:
Question: If I setup one user-account with 2FA enabled, as described by you, does this mean ALL user-accounts have to use this 2FA setup as well? In other words, either all use it oder none at all?
Eric0 -
Not sure how you not got Strongswan to work all you got to do is import a file.
Try Remote Access again with the following settings
Type: IP address
IP address 0.0.0.0
NAT traversal custom IP or domain name
Add you WAN IP or domain name that points to your WANThen disable and enable Remote Access and download the Script and import that should work if firewall from WAN to Zywall for VPN traffic is allowed.
Yes currently when 2FA is enabled for the given VPN type all users have to do 2FA.
0 -
Hi @Eric_26
No worry, please take your time and hope you'll get better soon.
About the 2FA part: Yes, once the Two-factor Authentication > VPN access enables, all of users requires to enable Two-factor Authentication for this user.
Zyxel Melen0 -
Thanks, I am fine again (ok, more or less…).
And again, thanks, I was not aware of this requirement. We want to implement 2FA more and more but in this testcase with the new Flex 200H Firewall, I fell on my face with it.0 -
Hello PeterUK
Strongswan setup looks like this:
Remote Access VPN
Interface: ge1 (WAN)
NAT Traversal : empty
Zone: IPSec_VPN
Certificate: manuel, selfsigned
Full Tunnel
Client Network: 192.168.50.0/24, Zywall as DNS
User: group vpnusers
Rest: defaultNo additional routing configured.
The sswan file was manually modified:
"name" - here I defined a decent name for the user to recognise his company
"addr" - replaced with dyndns hostname
"id" - replaced with dyndns hostnameImported, username/password added and it worked on a v1.35 (ABXF.2) and as well on my private Flex 50H. This setup works on the customers network with his public ip terminated on the firewall (modem in bridge modus). My private network reachable over portforwarding (VPN ports only) on the home-router to the Flex 50H.
Greetings
Eric0 -
Hi
I have the same issue. Melen is correct that enabling two factor authentication gets over the problem. However In my case I do not want some users to have 2FA. How do I get around this problem?
Regards Paul
0
Freshman Member
Guru Member
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 619 USG FLEX H Series
- 349 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 486 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight
