[SOLVED] After reboot can't login anymore

Started by JasMan, July 18, 2024, 09:24:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 18, 2024, 09:24:16 AM Last Edit: July 19, 2024, 08:02:30 AM by JasMan
Hey,

I rebooted my OPNsense 24.1.10_3 after I've moved it to another location.
Now I can't login anymore via SSH and WebGUI (Wrong username or password). I tried it with three different users with and without TOTP and also with different clients. The times on the clients and on OPNsense are correct.

Next strange thing: the internal network and services are working fine (NTP, DHCP, DNS). But I've no Internet access. Tracerout dies after the default gateway (OPNsense). All DNS queries for external names run into a SERVER_FAIL.
The WAN interface is up and reachable via ICMP.

Any ideas? I guess I need to reinstall OPNsense because I can't login. Or is there another way to import the latest backup?
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
July 18, 2024, 09:30:41 AM #1
If you enabled TOTP, you cannot login without it and you are obviously relying on the correct time setting, so that is a risk.

If the internet access is gone, NTP may be running, but how do you know if the time is right? See?

You should either have an SSH login ready with an SSH key (this does not need TOTP) or have the console accessible without a login in order to be able to fix things in case the time goes wrong.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
July 18, 2024, 10:23:57 AM #2
Thank you for your reply. That was also my first thougt.

Therefore, I checked the NTP time by requesting an update via "w32tm /stripchart /computer:OPNSENSE".
The responsed time was fine.
And I also tried to login as root, which has no TOTP configured. Same error.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
July 18, 2024, 10:45:12 AM #3
July 18, 2024, 10:56:41 AM #4
That sounds good!
I will try and report the result.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
July 19, 2024, 08:01:59 AM #5
Quote from: newsense on July 18, 2024, 10:45:12 AM
Try this

https://docs.opnsense.org/troubleshooting/password_reset.html

Worked! Thank you.

Quote from: meyergru on July 18, 2024, 09:30:41 AM
If you enabled TOTP, you cannot login without it and you are obviously relying on the correct time setting, so that is a risk.

If the internet access is gone, NTP may be running, but how do you know if the time is right? See?

You should either have an SSH login ready with an SSH key (this does not need TOTP) or have the console accessible without a login in order to be able to fix things in case the time goes wrong.

You were right. It seems that the BIOS battery has no power anymore, and the system lost the time after I disconnected the power supply.
And I was wrong with my root user. The user was configured for MFA, too. I've changed it immediatly.  :)

Internet didn't worked because I'm using DNS-over-TLS and due to the wrong time, the certificates didn't match = no DNS.
But I'm still wondering, why the NTP query was successfull.

Nice issue. I'm glad for your help and that I was able to understand the reasons for it.
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
Print
Go Up Pages1
User actions