github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-06 12:55:03 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

Unable to setup 2FA #38

New Issue
Closed
opened 2025-11-13 11:48:14 -06:00 by GiteaMirror · 9 comments
GiteaMirror commented 2025-11-13 11:48:14 -06:00
Owner
Copy Link

Originally created by @nixielectra on GitHub (Jan 28, 2025).

Hi,

I have an issue as per title. Before this I'm able to use the 2FA in previous VPS, but today I changed the provider and start from scratch to setup Pangolin. I'm using Vaultwarden for the TOTP and latest version of the Pangolin. I've tried use the full link (otpauth://totp/Pangolin:admin%40domain.com?secret=HT3FZGOTD5Z2GAGSKI2P7CTU24YHDLX&issuer=Pangolin) and just the secret (HT3FZGOTD5Z2GAGSKI2P7CTU24YHDLX) but both throw an error as below:

Image

Originally created by @nixielectra on GitHub (Jan 28, 2025). Hi, I have an issue as per title. Before this I'm able to use the 2FA in previous VPS, but today I changed the provider and start from scratch to setup Pangolin. I'm using Vaultwarden for the TOTP and latest version of the Pangolin. I've tried use the full link (otpauth://totp/Pangolin:admin%40domain.com?secret=HT3FZGOTD5Z2GAGSKI2P7CTU24YHDLX&issuer=Pangolin) and just the secret (HT3FZGOTD5Z2GAGSKI2P7CTU24YHDLX) but both throw an error as below: ![Image](https://github.com/user-attachments/assets/53cd2879-e3f7-48c0-b316-e875b6c6f709)
GiteaMirror commented 2025-11-13 11:48:15 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jan 28, 2025):

I just tested and I was able to do it using Bitwarden myself using the otpauth://totp/Pangolin:owen%40txv.io?secret=63RXYDJTOJSLCJB4B3COSL7NM4TJUYX3&issuer=Pangolin

What version of Pangolin are you using? beta.8?

If you can still not get it to work, can you see if you are getting any logs from pangolin? sudo docker compose logs

@oschwartz10612 commented on GitHub (Jan 28, 2025): I just tested and I was able to do it using Bitwarden myself using the `otpauth://totp/Pangolin:owen%40txv.io?secret=63RXYDJTOJSLCJB4B3COSL7NM4TJUYX3&issuer=Pangolin` What version of Pangolin are you using? `beta.8`? If you can still not get it to work, can you see if you are getting any logs from pangolin? `sudo docker compose logs`
GiteaMirror commented 2025-11-13 11:48:15 -06:00
Author
Owner
Copy Link

@nixielectra commented on GitHub (Jan 28, 2025):

Yes I'm using beta.8. Nothing in Pangolin log but Traefik throw this traefik | xx.xxx.xxx.xx - - [28/Jan/2025:15:16:44 +0000] "POST /api/v1/auth/2fa/enable HTTP/2.0" 400 119 "-" "-" 17 "api-router@file" "http://pangolin:3000" 11ms.

@nixielectra commented on GitHub (Jan 28, 2025): Yes I'm using `beta.8`. Nothing in Pangolin log but Traefik throw this `traefik | xx.xxx.xxx.xx - - [28/Jan/2025:15:16:44 +0000] "POST /api/v1/auth/2fa/enable HTTP/2.0" 400 119 "-" "-" 17 "api-router@file" "http://pangolin:3000" 11ms`.
GiteaMirror commented 2025-11-13 11:48:16 -06:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jan 28, 2025):

Does this happen consistently if you try to request a new TOTP secret more than once?

@miloschwartz commented on GitHub (Jan 28, 2025): Does this happen consistently if you try to request a new TOTP secret more than once?
GiteaMirror commented 2025-11-13 11:48:16 -06:00
Author
Owner
Copy Link

@nixielectra commented on GitHub (Jan 29, 2025):

Yesterday I've tried more than 10x. Today I deleted everything included volumes and images then start again but same error 😔

@nixielectra commented on GitHub (Jan 29, 2025): Yesterday I've tried more than 10x. Today I deleted everything included volumes and images then start again but same error 😔
GiteaMirror commented 2025-11-13 11:48:16 -06:00
Author
Owner
Copy Link

@nixielectra commented on GitHub (Jan 29, 2025):

I just realized that my VPS timedate didn't sync with NTP thus there is a different ~1minute10seconds with my local server. I think this is the issue right?

VPS
Image

Local
Image

@nixielectra commented on GitHub (Jan 29, 2025): I just realized that my VPS timedate didn't sync with NTP thus there is a different ~1minute10seconds with my local server. I think this is the issue right? VPS ![Image](https://github.com/user-attachments/assets/77f230c9-6c13-4e41-b6e8-a83a18bf7bf1) Local ![Image](https://github.com/user-attachments/assets/723c515b-b9ab-469c-89c4-69d259f6d7cd)
GiteaMirror commented 2025-11-13 11:48:17 -06:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jan 29, 2025):

Oh yes really good catch! The TOTP algorithm is based on the time so if they are out of sync you will get different expected codes. I bet if you sync up your times it will work correctly.

@oschwartz10612 commented on GitHub (Jan 29, 2025): Oh yes really good catch! The TOTP algorithm is based on the time so if they are out of sync you will get different expected codes. I bet if you sync up your times it will work correctly.
GiteaMirror commented 2025-11-13 11:48:17 -06:00
Author
Owner
Copy Link

@nixielectra commented on GitHub (Jan 29, 2025):

Okay, already submitted a ticket to open port 123 because they blocked it, will update here the result later.

@nixielectra commented on GitHub (Jan 29, 2025): Okay, already submitted a ticket to open port 123 because they blocked it, will update here the result later.
GiteaMirror commented 2025-11-13 11:48:17 -06:00
Author
Owner
Copy Link

@nixielectra commented on GitHub (Jan 30, 2025):

Image

After enabled the port and NTP, the 2FA able to work correctly. I will close this as non issue. Thanks @oschwartz10612 @miloschwartz

@nixielectra commented on GitHub (Jan 30, 2025): ![Image](https://github.com/user-attachments/assets/d85e3f3f-8de9-48b5-8a98-9808f4536034) After enabled the port and NTP, the 2FA able to work correctly. I will close this as non issue. Thanks @oschwartz10612 @miloschwartz
GiteaMirror commented 2025-11-13 11:48:17 -06:00
Author
Owner
Copy Link

@yann117 commented on GitHub (Apr 26, 2025):

Thank you for this topic, it helped me find out what was my issue.
My self-hosted server was using a different NTP pool and was therefore off for a few seconds, which made the OTP setup failing for the same reason.
Without this "issue" I would not be able to understand what was the problem.
Maybe put a note in Pangolin documentation, to give this information as a basic troubleshooting help -> "validate your server time is sync if TOTP fails".

@yann117 commented on GitHub (Apr 26, 2025): Thank you for this topic, it helped me find out what was my issue. My self-hosted server was using a different NTP pool and was therefore off for a few seconds, which made the OTP setup failing for the same reason. Without this "issue" I would not be able to understand what was the problem. Maybe put a note in Pangolin documentation, to give this information as a basic troubleshooting help -> "validate your server time is sync if TOTP fails".
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#38
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?