DrayTek VPN is a widely used solution for remote access to corporate networks. Many organizations seek to secure remote access with Multi‑Factor Authentication (MFA) to protect against unauthorized access, credential theft, and other cyber threats.
What is DrayTek VPN?
DrayTek VPN appliances provide secure remote connectivity using various VPN protocols (including IPsec and SSL). Remote access via VPN allows users to connect securely to internal resources from outside the corporate network.
What is the DrayTek Vigor Router?
DrayTek’s Vigor Router series is the hardware platform that powers DrayTek VPN and networking solutions. Vigor routers combine firewall, VPN gateways, routing, and connectivity features in a single appliance. Models range from small business routers to high‑performance multi‑WAN security gateways designed to handle VPN traffic, load balancing, and enterprise networking tasks.
Why Rublon MFA Integration with DrayTek VPN Via RADIUS Is Not Supported
Although DrayTek devices support RADIUS and authentication integration with external systems, the current implementation of DrayTek’s VPN RADIUS does not allow sufficient time for an external MFA challenge (such as Mobile Push or other Rublon MFA verification methods) to complete before the VPN session times out. This limitation is rooted in how DrayTek firmware handles RADIUS authentication sessions.
As a result:
- Standard DrayTek VPN modules (e.g., IPsec, L2TP/IPsec, PPTP) cannot complete an MFA cycle via RADIUS before the VPN connection attempt is dropped by the device.
- There is no configuration option in DrayTek products to increase the RADIUS timeout value, making this limitation inherent and unavoidable with current firmware.
- DrayTek’s own Support has confirmed that timeout values for RADIUS authentication are not configurable, and therefore, full external MFA integrations cannot complete on the remote access workflow.
Consequently, Rublon MFA cannot be used to secure typical DrayTek VPN connections using RADIUS because the second authentication factor cannot be confirmed in time.
How to Enable MFA for DrayTek VPN
At this time, full MFA integration with DrayTek VPN using RADIUS is not available due to the limitations described above.
The only scenario where MFA interaction could be completed in testing was via the DrayTek SSL User Portal (a web‑based login interface), but this applies only to web access and does not protect actual VPN tunnel sessions used for remote access.
If you are interested in exploring alternate ways to protect specific DrayTek interfaces with MFA, contact Rublon Support.
Related Posts
MFA for Office 365
MFA for OWA (Outlook Web App)
MFA for Active Directory
MFA for SAML
MFA for LDAP
MFA for RADIUS
