Messages

So the solution is to not burn the image using Windows...

I've compared the burn logs between 2 images, one from OPNsense and one from the competition, which works.

OPNsense

Code Select Expand

Disk type: Removable, Sector Size: 512 bytes
Cylinders: 971, TracksPerCylinder: 255, SectorsPerTrack: 63
Partition type: MBR, NB Partitions: 1
Disk ID: 0x00000000
Drive has an unknown Master Boot Record
Partition 1:
  Type: GPT Protective MBR (0xee)
  Size: 895.5 MB (939001344 bytes)
  Start Sector: 1, Boot: No


Competition

Code Select Expand

Disk type: Removable, Sector Size: 512 bytes
Cylinders: 971, TracksPerCylinder: 255, SectorsPerTrack: 63
Partition type: MBR, NB Partitions: 1
Disk ID: 0x90909090
Drive has an unknown Master Boot Record
Partition 4:
  Type: FreeBSD (0xa5)
  Size: 24.4 MB (25600000 bytes)
  Start Sector: 0, Boot: Yes

The OPNsense image is not bootable. Same with 16.7

I've tried to burn the vga image of 17.1 on Windows using the utility described in the doc.

Code Select Expand

1048576/939001344 bytes writtenWrite error after 1048576 bytes.

I've also tried with rufus, which doesn't complain, but the stick doesn't boot. The error messages says something about a corrupt GPT or invalid checksum.

I've also tried to burn the cdrom image, but rufus can't burn it because of an unknown compression scheme being used.

Has anybody managed to burn an image on Windows?

I upgraded via

Code Select Expand

# opnsense-update -ur 17.1 -l.

The box rebooted a couple of times.

Side effects:

• The boot picture is gone
• There is no console menu any more
• root password is refused
• network is not configure properly

This means that I'm locked out and the router seems to be bricked. The line above the login prompt is on point... : <something>/Amnesia

From the UTM doc

With OTP it will be: <password><onetime pass-code>  (e.g. password128363)

But if they can be combined in the login they would be in the cookie/database for this session and the user is logged in- or am im false?

Yes, but remote workers needing to login will use OTP+password to create the VPN connection.

i tested it with 3 different user no one could really good handle it with writing first the otp and the password fast enough to get logged in

Same problem here, but as a workaround you can begin by typing your password and then type the OTP code at the beginning.

in the login, so i think its not really so bad...
just two input fields.. one for password, one for otp... its just simplier to explain to the user
the script on the site could combine it...

That would be an improvement, but if the OTP password has to be used somewhere else, then you would have to teach people 2 ways of inserting the information.

is it right that the otp is even usefull for the OPENVPN auth?

I'm not sure where exactly this will be used, but VPN seems to be like an obvious one

Indeed :)

It was explained on Github that the reason for doing it like this is because there is one auth system which should work with everything, not just the GUI, so it's understandable, even if usability suffers a bit.

Just re-read the how-to and now I see that the auth process works as described, but not as expected:

add the created token/key before your regular password

This should really change and users should be presented with a new page on which they enter their OTP password.

https://github.com/opnsense/core/issues/966

When using the tester and selecting TOTP Server, my login/password for root is rejected: Authentication failed.

Update: It's working, but it's just non-standard from my pov, so I've opened a Github issue: https://github.com/opnsense/core/issues/966

-----------
I've followed the documentation and generated a code for the root account, but I'm never presented a form to enter my OTP code after my password has been validated.

Is this feature not yet available?

I just wanted to add that in my case, restarting the box solved the problem, unless this happens at random of course...

This was still happening on 16.1.14, especially after a kernel panic+reboot

Oh yeah and I can't wait for PIE :)

Building went fine. Same warnings were shown. I didn't see any new messages.
Same when running it, same old problems, nothing new so far :)