Messages

1

23.1 Legacy Series / Re: Openvpn with 2FA extra challenge in Client

« on: March 28, 2023, 10:37:44 am »

thx this was helpfull.

the ui designer asks me why this is not setting in the config export?

2

23.1 Legacy Series / Re: Openvpn with 2FA extra challenge in Client

« on: March 28, 2023, 10:19:56 am »

lol franco i think we are becoming friends. please checkout

https://openvpn.net/cloud-docs/two-factor-authentication-on-profile-download-2/

in the openvpn cloud this is already working. securepoint utm and the client seem to be capable of it.

if a ui designer is seeing the solution of prefixing the totp token to the password, he probably wants to die.

so this is no trolling but a valid question.

3

23.1 Legacy Series / Re: TOTP broken

« on: March 28, 2023, 10:07:18 am »

Because you changed the setting and didn't tell us? ¯\_(ツ)_/¯


Cheers,
Franco

haha true, i didnt know RFC 6238 in detail a this time, but stating 3 times the same wasnt really helpfull.

4

23.1 Legacy Series / Re: TOTP broken

« on: March 28, 2023, 10:04:38 am »

the problem was that in the rfc states a time window of 30sec, if you set another time window you cannot use authenticator apps like the google authenticator because there 30sec is fixed. If you use FreeOTP you can change the time window to another value. For me FreeTOP is not working with the QR Code from Opnsense, but adding the code manually with another time window should work. since this setting is causing problems, i would suggest to a bigger hint, which gives attention to the fact that other values than 30 are not RFC conform and not working with the most authenticator apps.

5

23.1 Legacy Series / Openvpn with 2FA extra challenge in Client

« on: March 28, 2023, 09:31:07 am »

Hi,

anybody knows howto get the extra challenge working in the OpenVPN Client? I tried with Openvpn Connect V3 and Securepoint 2.0.38. As far is i know both Clients should be capable of asking for the otp token in a extra field.

I added:

static-challenge "TOTP Token" 1

in the server but this wasnt working. Any ideas?

6

23.1 Legacy Series / OpenVPN 3

« on: March 28, 2023, 09:06:43 am »

Hi,

when is OpenVPN 3 Support planed in Opnsense?

Regards,
yo

7

23.1 Legacy Series / Re: TOTP broken

« on: March 27, 2023, 09:54:31 pm »

please read yourself franco im saying the test is failing in my first post.

8

23.1 Legacy Series / Re: TOTP broken

« on: March 27, 2023, 09:53:06 pm »

which client franco? im using the internal tester..

9

23.1 Legacy Series / Re: TOTP broken

« on: March 27, 2023, 09:14:52 pm »

if time window is not the default value (30sec), totp is broken for me.

10

23.1 Legacy Series / Re: TOTP broken

« on: March 24, 2023, 03:55:06 pm »

wth the only thing im using is the tester.

11

23.1 Legacy Series / Re: TOTP broken

« on: March 24, 2023, 01:17:17 pm »

Time on the Dashboard and the devices where the Auth App is running is the same.

12

23.1 Legacy Series / Re: TOTP broken

« on: March 24, 2023, 09:26:37 am »

@franco, i can give you access, feel free to test yourself, the firewall is absoulte default config, even the root pwd is unchanged.

13

23.1 Legacy Series / Re: TOTP broken

« on: March 24, 2023, 08:08:50 am »

yes i checked the dates on both ends.

14

23.1 Legacy Series / Re: TOTP broken

« on: March 24, 2023, 08:06:27 am »

i tried FreeOTP (Ver 2.0.1 (42)) on Android and was not able to add the token via QR Code. If i add the token manual (TOTP/6 Digits/SHA-1) it shows the same code as the Google Authenticator.

15

23.1 Legacy Series / TOTP broken

« on: March 23, 2023, 08:17:23 am »

Hi,

can anybody confirm totp working on a fresh default install of 23.x? I installed opnsense in a kvm base vm.

I did all the steps to setup totp but its not working. the test is failing. i tried:

-multipe auth apps (google, ms)
-diffrent user
-reset to factory defaults
-token as suffix&prefix
-time settings on smartphone and opnsense

Error is always:     Authentication failed.

any ideas?

Yo