valerio_vanni  Ally Member

Thank you. I'll do some more test and then I'll send you config file.

Connected, but does traffic flow?

It's clear that you don't get 2FA page. But "it goes straight in without requesting authentication via Google Authenticator". Means "the tunnel goes up and then it's working" or "the tunnel goes up and then it's not working"? By "working" I mean "really working", traffic can flow.

In logs, when user connects to L2TP VPN (Android 11 native vpn connection) I find these entries: notice User User vpn1(MAC=) from l2tp has logged in Device source: private ip of client notice User User vpn1(MAC=) from l2tp has logged in Device source: public ip of client info L2TP Over IPSec User vpn1 has been granted an…

Firmware is latest, 5.39v1. All tests have been done with the same user. Initial state: I already use 2FA with ipsec vpn and it works. I already use L2TP vpn and it works too, but without 2FA. The configuration change was simply to enable, in VPN gateway used for L2TP, " Enable Two-factor Authentication" option. I expected…

About your "sessions by services" screenshot. This is not "vpn traffic": "services", there, means "ports". "Wiz_SSLVPN" is only a name for TCP port 443. The line you show tells that 192.168.*.* device has an https connection with destination. The only thing I don't understand is why the "user" column shows "admin". In my…

I changed the subject, since it comes from another thread, and perhaps it was not clear that I was talking about 2FA with Google Authenticator.

>When using manual configuration, the script will be generated automatically but won't be visible in >the local GUI. And it is reachable in other ways? ssh, ftp… Or is it hidden forever?

I always use manual config, I don't remember any script appearing after config… perhaps I didn't noticed it. Now I have another, more important, question: is 2FA supposed to work on L2TP vpn? I did some test and it didn't work. The tunnel goes up, and traffic starts to flow. Even if the user doesn't go through 2FA process.

Non va neanche nella maniera più classica? Impostazione manuale (la più "manuale" che trovi)→ creazione della porta tcp/ip → scelta del driver

Aggiorna il firmware, è uscito il 5.39(ABUI.1). Dalla sede remota riesci a raggiungere l'interfaccia web della stampante? Mi pare di aver capito di sì. In che maniera stai provando a installarla?

I try to explain better. You said: >Once the VPN is configured on the firewall, you should be able to directly click "Get from Server" to >retrieve the script. Ok, I understand that with "get from server" I can retrieve the script. But what script do I retrieve? Is it a script previously uploaded on firewall?

Have you tried to set the url in "when tunnel is opened" script?

From your link: *************************************************************** Initial Access The Truesec CSIRT have primarily observed the Helldown ransomware group obtaining initial access through Zyxel firewalls. More specifically, one investigation showed that the TA would access the victim’s environment directly from…

Or, at least, LAN IP of Fritz. Even if it's likely the same, since I don't think there are other devices between Fritz and VPN100. For sure it cannot work the way is set now.