Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: JasMan on July 18, 2024, 09:24:16 AM

Title: [SOLVED] After reboot can't login anymore
Post by: JasMan on July 18, 2024, 09:24:16 AM
Hey,

I rebooted my OPNsense 24.1.10_3 after I've moved it to another location.
Now I can't login anymore via SSH and WebGUI (Wrong username or password). I tried it with three different users with and without TOTP and also with different clients. The times on the clients and on OPNsense are correct.

Next strange thing: the internal network and services are working fine (NTP, DHCP, DNS). But I've no Internet access. Tracerout dies after the default gateway (OPNsense). All DNS queries for external names run into a SERVER_FAIL.
The WAN interface is up and reachable via ICMP.

Any ideas? I guess I need to reinstall OPNsense because I can't login. Or is there another way to import the latest backup?
Title: Re: After reboot can't login anymore
Post by: meyergru on July 18, 2024, 09:30:41 AM
If you enabled TOTP, you cannot login without it and you are obviously relying on the correct time setting, so that is a risk.

If the internet access is gone, NTP may be running, but how do you know if the time is right? See?

You should either have an SSH login ready with an SSH key (this does not need TOTP) or have the console accessible without a login in order to be able to fix things in case the time goes wrong.
Title: Re: After reboot can't login anymore
Post by: JasMan on July 18, 2024, 10:23:57 AM
Thank you for your reply. That was also my first thougt.

Therefore, I checked the NTP time by requesting an update via "w32tm /stripchart /computer:OPNSENSE".
The responsed time was fine.
And I also tried to login as root, which has no TOTP configured. Same error.
Title: Re: After reboot can't login anymore
Post by: newsense on July 18, 2024, 10:45:12 AM
Try this

https://docs.opnsense.org/troubleshooting/password_reset.html (https://docs.opnsense.org/troubleshooting/password_reset.html)
Title: Re: After reboot can't login anymore
Post by: JasMan on July 18, 2024, 10:56:41 AM
That sounds good!
I will try and report the result.
Title: [SOLVED] After reboot can't login anymore
Post by: JasMan on July 19, 2024, 08:01:59 AM
Quote from: newsense on July 18, 2024, 10:45:12 AM
Try this

https://docs.opnsense.org/troubleshooting/password_reset.html (https://docs.opnsense.org/troubleshooting/password_reset.html)

Worked! Thank you.

Quote from: meyergru on July 18, 2024, 09:30:41 AM
If you enabled TOTP, you cannot login without it and you are obviously relying on the correct time setting, so that is a risk.

If the internet access is gone, NTP may be running, but how do you know if the time is right? See?

You should either have an SSH login ready with an SSH key (this does not need TOTP) or have the console accessible without a login in order to be able to fix things in case the time goes wrong.

You were right. It seems that the BIOS battery has no power anymore, and the system lost the time after I disconnected the power supply.
And I was wrong with my root user. The user was configured for MFA, too. I've changed it immediatly.  :)

Internet didn't worked because I'm using DNS-over-TLS and due to the wrong time, the certificates didn't match = no DNS.
But I'm still wondering, why the NTP query was successfull.

Nice issue. I'm glad for your help and that I was able to understand the reasons for it.
Text only | Text with Images