22.1.7_1 OpenVPN with local user and TOTP cannot authenticate - FIXED

nzkiwi68 · May 16, 2022, 07:45:10 AM

Since upgrade from 22.1.6, all users cannot authenticate on OpenVPN using "remote Access (SSL/TLS + User Auth) and the backend for auth is local user and TOTP.

Nothing has changed but 22.1.6 upgrade to 22.1.7_1.

Tried:

Rebooting
Checking settings (but nothing has changed)
Reset local user passwords

Code Select

2022-05-16T17:00:05	Error	openvpn	101.100.xxx.xxx:55438 TLS Auth Error: Auth Username/Password verification failed for peer	
2022-05-16T17:00:05	Warning	openvpn	101.100.xxx.xxx:55438 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255	
2022-05-16T17:00:05	Warning	openvpn	user 'username' could not authenticate.

franco · May 16, 2022, 08:07:02 AM

Check time on OPNsense.May be off.

Cheers,
Franco

nzkiwi68 · May 16, 2022, 09:13:40 PM

Thanks, I did think of that though.

The time is correct.

nzkiwi68 · May 16, 2022, 09:44:53 PM

What logs can I gather to check whats wrong?

I am thinking it is related to 22.1.7_1 upgrade.

nzkiwi68 · May 17, 2022, 01:18:52 AM

Fixed.

I'd checked the time, but, I re checked again and I noticed this time it was out 40+ seconds. I looked at NTP and for some reason it wasn't updating.

So I chose new NTP pool servers for NZ, and now NTP is sync'd and the time is accurate.

The lesson to remember is clock drift of more than 30 seconds is fatal for TOTP. be very careful with time.

22.1.7_1 OpenVPN with local user and TOTP cannot authenticate - FIXED

nzkiwi68

May 16, 2022, 07:45:10 AM Last Edit: May 17, 2022, 01:19:14 AM by nzkiwi68

franco

May 16, 2022, 08:07:02 AM #1

nzkiwi68

May 16, 2022, 09:13:40 PM #2

nzkiwi68

May 16, 2022, 09:44:53 PM #3

nzkiwi68

May 17, 2022, 01:18:52 AM #4 Last Edit: May 17, 2022, 01:24:14 AM by nzkiwi68