Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[Solved] 2fa TOTP problems
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] 2fa TOTP problems (Read 3092 times)
crt333
Jr. Member
Posts: 56
Karma: 0
[Solved] 2fa TOTP problems
«
on:
August 04, 2021, 04:00:00 pm »
I would appreciate any suggestions for the following problem:
I have been using login with TOTP for years, but a strange new problem in the last 3 days:
- can't login to web interface, get a password failure (with TOTP)
- open a shell using ssh and existing certificate, reset admin password and turn off TOTP
- login without TOTP, restore working configuration (reboots)
- can once again log in using old TOTP setup
The next morning it is dead again, and I have to repeat all the above (3 mornings in a row)
Everything seems to run fine, just can't login to web interface.
running on Qotom box:
OPNsense 21.7-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021
«
Last Edit: August 10, 2021, 11:38:24 pm by crt333
»
Logged
errored out
Full Member
Posts: 171
Karma: 3
Re: 2fa TOTP problems
«
Reply #1 on:
August 10, 2021, 06:08:33 am »
If your restoring your configurations, aren't you restoring the MFA?
Have you tried to remove the MFA authentication method from the server? System:Settings:Administration:Authentication > local
then go to
System:Access:Servers > delete TOTP server
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: 2fa TOTP problems
«
Reply #2 on:
August 10, 2021, 02:45:24 pm »
Thanks for responding.
Yes, the restore does include MFA, and it works after the restore. I want to continue using MFA, but the problem is the next day something is wrong again and I can't log in to the GUI with MFA or without MFA, I am locked out.
So, then I have to SSH in again and reset the root password and turn off MFA. If I leave MFA off everything works fine day after day, but if I turn it on again it works for a while but by the next day its bad again.
Is deleting and reconfiguring it likely to be a permanent fix? I really don't understand what the problem might be here.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: 2fa TOTP problems
«
Reply #3 on:
August 10, 2021, 02:49:45 pm »
Sounds like a clock problem. Make sure NTP keeps the time in sync...
Cheers,
Franco
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: 2fa TOTP problems
«
Reply #4 on:
August 10, 2021, 03:30:37 pm »
Thanks, I guess I should have though of that, but since I've never done anything with NTP and it showed up as running I thought it would be OK, but it hadn't connected to any peers. All good now, not sure why that came up, but seems to be OK now.
Logged
errored out
Full Member
Posts: 171
Karma: 3
Re: 2fa TOTP problems
«
Reply #5 on:
August 10, 2021, 11:31:32 pm »
Don't forget to mark as solved
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: [Solved] 2fa TOTP problems
«
Reply #6 on:
August 10, 2021, 11:39:54 pm »
Thanks for the reminder. I changed the subject to say solved, don't see any other way to mark it.
Thanks to "errored out" and franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
[Solved] 2fa TOTP problems