Use 2-Step Authentication for Remote Access

This article demonstrates how to set up 2-Step Authentication for the router's remote access (login from the WAN interface), and add a layer of security to the router. When 2-Step Authentication is enabled, the Internet user will not only need the administrator password, but also the Auth Code sent to the specific phone number or email address, to log into the router's management page.

This article demonstrates how to set up 2-Step Authentication for the router's remote access, and add a layer of security to the router. When 2-Step Authentication is enabled, the Internet user will not only need the administrator password, but also the Auth Code sent to the specific phone number or email address, to log into the router's management page.
Note: 2-Step Authentication only supports login from WAN interfaces, does not support admin accounts login on LAN.

1. To send the Auth Code via SMS, create an SMS service profile at Objects Setting >> SMS / Mail Service Object >> SMS Provider page.

a screenshot of DrayOS SMS Service Object

To send the Auth Code via E-mail, create a Mail Service profile at Objects Setting >> SMS / Mail Service Object >> Mail Server page.

a screenshot of DrayOS Mail Service Object

2. At System Maintenance >> Administrator Password Setup page,

Enable "Use only advanced authentication method for Admin “WAN” login"
Choose 2-Step Authentication
Check SMS, Mail, or both, depends on which method you would like to use to receive the authentication code
Click OK to save

a screenshot of DrayOS Administrator Password Setup

3. Now, when you access the router's management page from the internet, you will need to click Get Code then enter the Authentication code which will be sent to the set email address or phone number.

Authentication Code by Email

1. Set up a email account on Vigor2136 by editing the Default_Email_Profile via Configuration/ Notification Services/ SMTP Server.

Switch On Enabled to activate the profile

Select the Email will be sent through which WAN interface

Enter the SMTP server’s IP or domain name and the SMTP port

Enter the Sender Address

Select the Connection Security that the SMTP server uses

Enter the email account’s username and password for SMTP server’s authentication

To verify the SMTP settings, please enter the recipient's email address in the Send Test Email to field and click the Send Test Message button. The Vigor2136 will display the Send Status. If the status shows SUCCESS, the SMTP settings are correct. If the status shows FAILED, please compare the SMTP settings on the Vigor2136 with those in a working mail client (e.g., Thunderbird).

Check if the recipient receives the Test Email.

2. Enable MFA method for the Admin account by editing the admin profile via System Maintenance / Account & Permission.

Switch On Enable Email and enter the Email address.

Switch On Enable MFA and select Email as the Allowed MFA Method.

3. Browse Vigor Router’s Web and enter the Admin password.

4. The enabled MFA method will be listed. Select Email and click Next.

5. Vigor Router will send a 6-digit code to the administrator’s email address.

6. Check the Email Box to get the code.

7. Paste the code to the login page, then the admin can login to the router’s web management interface successfully.

Authentication Code by SMS

1. Set up an SMS profile on the Vigor2136 by navigating to Configuration/ Notification Services/SMS Provider and adding a new profile.

In this example, we use the Customized Service Provider option to send an authentication code via Telegram. Refer to this article to register a Telegram Bot account and get the Telegram Bot token.

Give a name for this profile

Switch on Enabled to enable it

Select the WAN interface that SMS connection will be created from

Select Customized for the Service Provider

Enter the SMS Provider API URL

The API for different providers may not be the same. Please find the information from the provider’s website. For Telegram, it is https://api.telegram.org/bot[your telegram bot token]/sendMessage?chat_id=&text=

To verify if the SMS message can be sent successfully, please enter the Recipient Number into the SMS Provider API URL, then click the Send Test Message button. https://api.telegram.org/bot[your telegram bot token]/sendMessage?chat_id=0912345678&text=this is a test message

Click Send Test Message. The Vigor Router will display the Send Status. If the status shows SUCCESS, the SMS API settings are correct.

Check if the recipient receives the Telegram message.

After confirming that the SMS settings work, change the Telegram’s SMS Provider API URL back to the standard format: https://api.telegram.org/bot/sendMessage?chat_id=&text=

Modify the SMS API parameters according to the Service Provider’s API requirements. For Telegram, use text to specify the message content and chat_id to specify the recipient number. Note: chat_id will be able to save in firmware version 5.3.0.1.

2. Enable MFA method for the Admin account by editing the admin profile via System Maintenance / Account & Permission.

Switch On Enable SMS and enter the SMS number.

Switch On Enable MFA and select SMS as the Allowed MFA Method.

3. Browse Vigor Router’s Web and enter the Admin password.

4. The enabled MFA method will be listed. Select SMS and click Next.

5. Vigor Router will send a 6-digit code to the administrator’s telegram id.

6. Open the Telegram App and check if the MFA code message arrives.

7. Enter the code, then click Verify. Then the admin can login to the router’s web management interface successfully.

Note that once MFA is enabled for the admin account, the Vigor Router will require MFA for admin logins from both LAN and WAN. To avoid login issues if the router loses its Internet connection, it’s recommended to create an additional administrator account without MFA enabled as a backup.

Use 2-Step Authentication for Remote Access

Authentication Code by Email

Authentication Code by SMS

Related Articles

Related Article

Products

Resources

About