[Solved] Timebased One Time Password is not working

[zyos]

Hi,

I'm running into an issue where I'm attempting to se up a "Local + Timebased One Time Password" for the first time.

My setting for the access server is attached and in this case I've created a new user called tester with a password that is the same as the username. I left all the other settings default and unedited.

I checked the box to "Generate new secret (160 bit)" and added the QR code it generated to my Google authenticater app on my phone.

When I test with the "local" authentication server with the password I gave it, the tester works as expected. When I select the "Google Auth" Authentication Server I created and try to test the same login with the token it always fails. All the settings and grace period adjustments I've tried don't seem to make a difference. I've tried reversing the order and not, still no luck. The time between my phone and the firewall are at least within a couple of seconds so I know ntp is working. Even so I temporarily adjusted the grace period to 120 seconds and that still didn't help.

Is there a log file for me to check to find further information about why this is failing? Does anyone have any ideas on what to do next or know if there is a known problem with the latest updates.

Currently this firewall was updated only a couple of days ago and is on version "OPNsense 22.7.7_1-amd64". It looks like there are some new patches out since. My first though is that I'm going to update now to see if this helps.

Thank you in advance for your suggestions.

Edit: Updating to OPNsense 22.7.8-amd64 with the latest patches did not help.

Edit #2: I've scoured everything in /var/log to see if there was anything recorded about the user in question (tester) and after scrubbing the data of any person info I'll attach it here. I'm not seeing anything that could help me in it. I may try turning up logging to see if that helps at all...

Edit #3: I've tried a different authenticator app but this didn't help. I want and search Google in a deep way and it seems I'm not the only person having this same issue. If someone else who is also on latest could be so kind of as to test this it would be much appreciated. I might also I try to virtualize one using KVM on my laptop so i can test on a completely default install (which mine already pretty much is). If it happens there I'll have to submit a bug report

https://old.reddit.com/r/OPNsenseFirewall/comments/uyy2ob/otp_for_user_logins_not_working_at_all/

https://old.reddit.com/r/opnsense/comments/xyqn7z/totp_for_opnvpn_authentication/

[zyos]

I was able to solve my own issue. I tried this once again on an OpnSense VM on my laptop and it actually worked without issue. At that point I removed the authentication server I had first made then remade it. It started working just fine.

[yohighnest]

i have a similar issue, im on OPNsense 23.1-amd64 running Opnsense on proxmox. I resetet to default config added the totp server, created an qr code, but its always failing. any ideas howto debug this?