Nebula VPN - Configure 2FA-Authentication with Google Authenticator

This step-by-step guide shows how to enable two-factor authentication (2FA) with Google Authenticator for VPN in Nebula.

 

Table of Content

1. Configure 2FA on Nebula CC 

1.1 Enable 2FA on Remote Access VPN Settings

1.2 Configure Cloud Authentication

1.3 Click the link in the Email

1.4 Begin the 2FA Process

2) Configure the SecuExtender Client with 2FA

2.1 Configure Phase 1

2.2 Configure Phase 2

2.3 Login (Dial up the VPN tunnel)

 

1. Configure 2FA on Nebula CC 

1.1 Enable 2FA on Remote Access VPN Settings

Navigate to 

Site-wide > Configure > Firewall > Remote Access VPN

Then activate “Two-factor
authentication with Captive Portal”

 

1.2 Configure Cloud Authentication

Go to

Site-wide > Configure > Cloud authentication 

Then create the VPN client, check the allowed to use Remote VPN, and send the information to the user.

mceclip1.png


1.3 Click the link in the Email

Go to check the email and click the link.

mceclip3.png

 

1.4 Begin the 2FA Process

After the login then activate the Google authenticator, then use your mobile phone to scan the QR code to install. Don’t forget to download the backup code in case lost the phone.

mceclip4.png

 

2) Configure the SecuExtender Client with 2FA

 

2.1 Configure Phase 1

 

Configure the Zyxel VPN client then right-click IVE_V1 and click “New VPN Gateway”


Phase 1.

mceclip5.png


Remote Gateway is NSG WAN IP address.

mceclip6.png


The Cryptography is the same as the setting in Nebula policy.

mceclip7.png


In Protocol tab, activate the Mode Config

mceclip9.png

 

2.2 Configure Phase 2

Create the phase 2 setting “New VPN connection”

mceclip10.png


Configure the Remote LAN address/subnet as 0.0.0.0, and ESP as same as the policy
setting in Remote VPN policy.

mceclip11.png


In scripts, configure 2FA portal page on the Automation tab. “When tunnel is open” input
the URL with https://192.168.1.1/weblogin.cgi?auth_type=vpn
Note: The URL IP address is USG FLEX LAN 1 IP. (In this case is 192.168.8.1)

 

mceclip12.png


Find your LAN1 IP address in USG FLEX> Interface

mceclip13.png


2.3 Login (Dial up the VPN tunnel)

 

mceclip14.png


X-auth windows pop up

mceclip15.png


Then the authentication page will auto pop up.

Open the Google authenticator in your mobile phone and enter the passcode.

mceclip0.png


Login successful

mceclip17.png

 

Articles in this section

Was this article helpful?
0 out of 1 found this helpful
Share