2SV enforced but some are still logging in without turning it on

Over a month ago I turned on 2SV for all our 450 users. We still have a little over 100 with 2SV not set up. Some of those haven't logged in since we turned it on, but many have. As an experiment, I took some of those users and I deleted their session cookies to force them to sign in thinking at that point they would be required to enable 2SV before continuing to their account, but this is not the case. These people are still logging in and 2SV is not enabled for them. The log says they logged in with a password.

Many users have been getting errors like "your account settings don't meet the organization's requirements" which then prompts them to contact us to issue them a backup code so they can log in. But others seem to be able to bypass this.

Settings: 2SV is ON. New user period is one day (these test subjects are not new users). I do allow users to trust the device. And Method is set to Any. I set these settings at the org level. We do have multiple OUs but I went through them all just to double check and the settings are all the same.

I'm just not understanding if I set it to on, how are there still people logging in without enabling 2SV?

reddit.com
u/turbo2ltr — 9 days ago
▲ 9 r/UNIFI+1 crossposts

Teleport only passes standard ports

I posted on the UI community and got nothing. Hoping someone has some ideas.

I have previously used UTR/Teleport as well as Teleport from Wifiman on iPad and Android to access my homelab services without issue just a few weeks ago.

Before I left for a 2 week trip, I updated the UDMP due to recent CVEs. Once on the trip I found out, after a lot of testing, Teleport refuses to pass any traffic that is not on standard ports. 80/443/22, all ok. Accessing my Synology on port 5000, no connection. Portainer on 9000, no connection.

I also have an old school VPN connection to the UDMP set up on my laptop.. When I connect with that VPN instead of Teleport, I can access the whole network on any port without issue.

There are no policies that I can find that would limit teleport and this use to work, so I'm really confused what is going on.

Thanks.

reddit.com
u/turbo2ltr — 23 days ago
▲ 1 r/UNIFI+1 crossposts

Port forwarding from wireguard VPN

I have a wireguard VPN client set up in the UDMP. The remote end is a static public IP I want to accept incoming connections from. The VPN is linked/isolated to a seaprate VLAN in the UDMP.

Is there a way to port forward from that public IP to an internal machine? When I try to set up port forwarding, it only allows me to select WANs.

Is this what the "From" setting is for? The tooltip help for that setting is rather vague. I assume the FROM setting would limit the remote machine originating the request, not the public IP at the end of the VPN tunnel so that doesn't help.

Any thoughts?

reddit.com
u/turbo2ltr — 23 days ago
▲ 2 r/UNIFI

Teleport on iPad issues

Anyone having issues with teleport on iPad? Teleport (WiFiman) connects and provides internet but will not allow me to access any internal services. I do the same on my android device and it works fine. Used to work fine. I recently did a UDMP update which may be when it broke. WiFiman is up to date as well.

update: this is not a iPad issue. When I connect to my UTR can ssh to local machines. I can get to locally served web services, but can’t get to the synology web up on port 5000, DSFile won’t connnect, RustDesk won’t connect. I just updated my UDMP a couple days ago. I’m guessing something is broke. This is why I don’t auto update. Every. Time. This used to work fine. As in 2 weeks ago When I was in Europe.

reddit.com
u/turbo2ltr — 1 month ago

Remote Desktop Server options on KDE Plasma

What are my options for accessing my CachyOS machine remotely?

From what I'm reading seems almost all of the options have some sort of quirks with Wayland. Overblown or true? Any recommendations?

reddit.com
u/turbo2ltr — 2 months ago

I know some reports can be delayed by "1-3 days", but I'm in the middle of enforcing 2FA and making people update their weak passwords and the reports just stopped updating. The last data in Reports -> Apps Reports -> Accounts chart is from April 24th. I'm sending out "final notices" to people based on information that is over a week old and people are like "I did it already". Reports -> User Reports ->Security is also woefully out of date. They picked a fine time to screw up their reports.

reddit.com
u/turbo2ltr — 2 months ago