TOTP broken

Started by yohighnest, March 23, 2023, 08:17:23 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
March 23, 2023, 08:17:23 AM Last Edit: March 23, 2023, 08:25:48 AM by yohighnest
Hi,

can anybody confirm totp working on a fresh default install of 23.x? I installed opnsense in a kvm base vm.

I did all the steps to setup totp but its not working. the test is failing. i tried:

-multipe auth apps (google, ms)
-diffrent user
-reset to factory defaults
-token as suffix&prefix
-time settings on smartphone and opnsense

Error is always:     Authentication failed.

any ideas?

Yo
March 23, 2023, 11:54:35 AM #1
Hi

Have you checked the dates on both ends?
BTW, I use FreeOTP (Ver 2.0.1 (42)) on Android - works well & appears stable.

PeterF
March 23, 2023, 01:15:55 PM #2
Bumping this as I had the same issue today.
March 24, 2023, 08:06:27 AM #3
i tried FreeOTP (Ver 2.0.1 (42)) on Android and was not able to add the token via QR Code. If i add the token manual (TOTP/6 Digits/SHA-1) it shows the same code as the Google Authenticator.
March 24, 2023, 08:08:50 AM #4
yes i checked the dates on both ends.
March 24, 2023, 09:18:09 AM #5
The answer is wrong password 99,99% of the time.

Either due to differing keyboard mappings (for special characters in particular), wrong time on one end (for TOTP), token order reversal (for TOTP) or selecting the wrong authentication server (expecting a different one).

Just use the built-in tester on the OPNsense itself. If it works the problem lies elsewhere and if not let us know. ;)


Cheers,
Franco
March 24, 2023, 09:26:37 AM #6
@franco, i can give you access, feel free to test yourself, the firewall is absoulte default config, even the root pwd is unchanged.
March 24, 2023, 12:43:18 PM #7
Is the server clock running with exact time?
March 24, 2023, 01:17:17 PM #8
Time on the Dashboard and the devices where the Auth App is running is the same.
March 24, 2023, 01:47:01 PM #9
> the firewall is absoulte default config

It's still one of those things I mentioned ;) First make sure the tester works, then inspect password for special characters, check settings for auth (where, what, who). If you don't have an OTP token for the user this will fail, but that would be easily confirmable by the tester...


Cheers,
Franco
March 24, 2023, 03:55:06 PM #10
wth the only thing im using is the tester.
March 27, 2023, 09:14:52 PM #11
if time window is not the default value (30sec), totp is broken for me.
March 27, 2023, 09:17:11 PM #12
Then perhaps your client doesn't support it. Remember when you said "the firewall is absoulte default config". I do. :)


Cheers,
Franco
March 27, 2023, 09:53:06 PM #13
which client franco? im using the internal tester..
March 27, 2023, 09:54:31 PM #14
please read yourself franco im saying the test is failing in my first post.
Print
Go Up Pages1 2
User actions