Since upgrade from 22.1.6, all users cannot authenticate on OpenVPN using "remote Access (SSL/TLS + User Auth) and the backend for auth is local user and TOTP.
Nothing has changed but 22.1.6 upgrade to 22.1.7_1.
Tried:
- Rebooting
- Checking settings (but nothing has changed)
- Reset local user passwords
2022-05-16T17:00:05 Error openvpn 101.100.xxx.xxx:55438 TLS Auth Error: Auth Username/Password verification failed for peer
2022-05-16T17:00:05 Warning openvpn 101.100.xxx.xxx:55438 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255
2022-05-16T17:00:05 Warning openvpn user 'username' could not authenticate.
Check time on OPNsense.May be off.
Cheers,
Franco
Thanks, I did think of that though.
The time is correct.
What logs can I gather to check whats wrong?
I am thinking it is related to 22.1.7_1 upgrade.
Fixed.
I'd checked the time, but, I re checked again and I noticed this time it was out 40+ seconds. I looked at NTP and for some reason it wasn't updating.
So I chose new NTP pool servers for NZ, and now NTP is sync'd and the time is accurate.
The lesson to remember is clock drift of more than 30 seconds is fatal for TOTP. be very careful with time.