OTP

[jmcgon]

Opnsense 22.7.4  openvpn is working if I use the local database.  Once I create the OTP server and set the parameters:  name, local + timebased otp, token length 6, time period 60, grace period 60, and reverse (password then token) it doesnt' work.  I use the tester function in the Access submenu, but it fails on local + otp.

I am using the google authenticator, I tried deleting authenticator account and create a new QR code, but can't authenticate.  The issue seems to be the otp but I can't figure out why.

Any suggestions?

[zetaerre]

Hi,

have you inverted local + OTP on SYSTEM:ACCESS:SERVER so Reverse token order is checked ?

R

[jmcgon]

yes, I have tried it both ways.  I have removed the service and added it back with manly default settings.  I tested with the only the local password w/o otp and it works, then switched option to otp server and added token at the end, still fails.  Strange. 

Could it be the 22.7.4 update?   

[jmcgon]

I don't know what changed but I thought that I had tired each setting (w/o reversing and w/ reversing) and couldn't get it to work using the tester function.  Now it just works.  Must have been user (me  :-\) error.

I think the greatest challenge is the configuring anything for the first time.  Skills do transfer but knowledge of the particulars for any os are the gotchya part.