I am curious how this works. Is the two factor communicating directly with Google or does this service work through a server hosted by opnsense. If I change the firewall name or domain in the firewall will it break the 2fa as in google auth app it says fadmin@OPNsense
Also if the backup is disabled to force login with 2fa if for some reason I am unable to login again is there a way to disable from SSH or console so that I can get back in?
Hi kapara,
Today, we do not need Google anymore for this. The QR code is displayed using Javascript and you can find other TOTP-based apps in your phone's respective app store. I just tried it for the first time (not the author of that integration) and it works fine. I used the "Authenticator" app from iOS.
TOTP is a standard RFC, you can read about it here: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
Tokens are time-based, they don't work for longer than 30 seconds. So when you have to log in again you need to use a new token.
Cheers,
Franco