Hello.
I have OpenVPN server setup and TOTP authentication is enabled. But when user setups his Google Authenticator I have to make QR-code for him by myself. Is there way to get QR-code by an user himself without my action?
Thank you.
The feature was added in 21.1:
https://github.com/opnsense/changelog/blob/6bdcd81f348e5171bbee6240666404525c990f14/community/21.1/21.1#L49
You can find the setting under System: Settings: Administration: User OTP seed. Select a group to permit OTP regeneration and then go to Lobby: Password page with the respective user to view the QR code once while creating a new token.
Cheers,
Franco
Thank you.
But I didn't understand how it can helps me. Can you describe step by step?
What I did.
1. I created a new AD user.
2. I imported this one to Opnsens here System > Access > Users
3. I created a new group OTP and selected it here System> Settings> Administration > User OTP seed
4. I added a new user into this group
5. I tried to login by this user into Lobby and got Wrong username or password
The log file shows "user testvpn could not authenticate for WebGui. [using OPNsense\Auth\Services\WebGui + OPNsense\Auth\Local]"
What do I have to do?
Obviously you need to let the user log in on the GUI with the password page privilege in order to serve a a new OTP token...
Cheers,
Franco
Thank you so much for your help. Well done.