Hi, I imported my client configuration using the option "import from a file" (translation from "importer depuis un fichier"). My client configuration contain that line:
static-challenge "Code unique d'authentification" 1 When I look at my connection configuration in /etc/NetworkManager /system-connections, I don't see any reference to the static-challence configuration. I suspect the problem come from there. So when I try to connect, NM ask me the password, but never the challenge PIN. I tried to enter my PIN when NM request again my password, but it doesn't work either. In my client logs (first try I enter my password, the second try I enter my 2FA PIN) oct 31 09:09:52 u1910 NetworkManager[491]: <info> [1572527392.4132] audit: op="connection-activate" uuid="0df2fac7-29f5-4808-b15a-f49f748a8963" name="vpn" pid=1317 uid=1000 result="success" oct 31 09:09:52 u1910 NetworkManager[491]: <info> [1572527392.4475] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: Started the VPN service, PID 2254 oct 31 09:09:52 u1910 NetworkManager[491]: <info> [1572527392.4768] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: Saw the service appear; activating connection oct 31 09:10:02 u1910 NetworkManager[491]: <info> [1572527402.8568] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: VPN plugin: state changed: starting (3) oct 31 09:10:02 u1910 NetworkManager[491]: <info> [1572527402.8574] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: VPN connection: (ConnectInteractive) reply received oct 31 09:10:02 u1910 nm-openvpn[2271]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019 oct 31 09:10:02 u1910 nm-openvpn[2271]: library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10 oct 31 09:10:03 u1910 nm-openvpn[2271]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts oct 31 09:10:03 u1910 nm-openvpn[2271]: TCP/UDP: Preserving recently used remote address: [AF_INET]4.3.2.1:1192 oct 31 09:10:03 u1910 nm-openvpn[2271]: UDP link local: (not bound) oct 31 09:10:03 u1910 nm-openvpn[2271]: UDP link remote: [AF_INET]4.3.2.1:1192 oct 31 09:10:03 u1910 nm-openvpn[2271]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay oct 31 09:10:03 u1910 nm-openvpn[2271]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay oct 31 09:10:03 u1910 nm-openvpn[2271]: [server] Peer Connection Initiated with [AF_INET]4.3.2.1:1192 oct 31 09:10:04 u1910 nm-openvpn[2271]: AUTH: Received control message: AUTH_FAILED oct 31 09:10:04 u1910 nm-openvpn[2271]: SIGUSR1[soft,auth-failure] received, process restarting oct 31 09:10:09 u1910 NetworkManager[491]: <info> [1572527409.5104] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: VPN plugin: requested secrets; state connect (4) oct 31 09:10:21 u1910 nm-openvpn[2271]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts oct 31 09:10:21 u1910 nm-openvpn[2271]: TCP/UDP: Preserving recently used remote address: [AF_INET]4.3.2.1:1192 oct 31 09:10:21 u1910 nm-openvpn[2271]: UDP link local: (not bound) oct 31 09:10:21 u1910 nm-openvpn[2271]: UDP link remote: [AF_INET]4.3.2.1:1192 oct 31 09:10:21 u1910 PackageKit[910]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0) oct 31 09:10:21 u1910 PackageKit[910]: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh oct 31 09:10:21 u1910 nm-openvpn[2271]: [server] Peer Connection Initiated with [AF_INET]4.3.2.1:1192 oct 31 09:10:22 u1910 nm-openvpn[2271]: AUTH: Received control message: AUTH_FAILED oct 31 09:10:22 u1910 nm-openvpn[2271]: SIGUSR1[soft,auth-failure] received, process restarting oct 31 09:10:22 u1910 PackageKit[910]: refresh-cache transaction /20_aabcedec from uid 1000 finished with success after 1406ms oct 31 09:10:27 u1910 NetworkManager[491]: <info> [1572527427.6045] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: VPN plugin: requested secrets; state connect (4) oct 31 09:10:29 u1910 NetworkManager[491]: <error> [1572527429.8132] vpn-connection[0x55d5bb61c310,0df2fac7-29f5-4808-b15a-f49f748a8963,"vpn",0]: Failed to request VPN secrets #4: User canceled the secrets request. oct 31 09:10:29 u1910 nm-openvpn[2271]: ERROR: could not read Auth username/password/ok/string from management interface oct 31 09:10:29 u1910 nm-openvpn[2271]: Exiting due to fatal error (last error is when I clicked the cancel button) In my server logs: Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: Error extracting challenge/response from password. Parse error = 'Incorrectly formatted cr string.' Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: 1.2.3.4:51828 PLUGIN_CALL: POST /usr/local/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: 1.2.3.4:51828 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-ldap.so Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: 1.2.3.4:51828 PLUGIN_CALL: POST /usr/local/lib/openvpn/openvpn-otp.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: 1.2.3.4:51828 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn/openvpn-otp.so Oct 31 09:10:03 srv ovpn-bureau-2fa[1409]: 1.2.3.4:51828 TLS Auth Error: Auth Username/Password verification failed for peer Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: Error extracting challenge/response from password. Parse error = 'Incorrectly formatted cr string.' Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: 1.2.3.4:58490 PLUGIN_CALL: POST /usr/local/lib/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: 1.2.3.4:58490 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn-auth-ldap.so Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: 1.2.3.4:58490 PLUGIN_CALL: POST /usr/local/lib/openvpn/openvpn-otp.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: 1.2.3.4:58490 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/local/lib/openvpn/openvpn-otp.so Oct 31 09:10:21 srv ovpn-bureau-2fa[1409]: 1.2.3.4:58490 TLS Auth Error: Auth Username/Password verification failed for peer No problems with Tunnelblick on Mac or OpenVPN GUI on Windows. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager-openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1322728 Title: VPN Connection Failed With 2 Factor Authentication Status in network-manager-fortisslvpn package in Ubuntu: Incomplete Status in network-manager-openvpn package in Ubuntu: Incomplete Bug description: Hi all, my setup is an openvpn access server with google 2 factor auth i was trying to connect to my VPN using the gnome openvpn module and get the following errors on syslog: May 23 22:23:00 laptop nm-openvpn[18049]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194 May 23 22:23:02 laptop nm-openvpn[18049]: AUTH: Received control message: AUTH_FAILED,CRV1:R,E:d1r12r21df232+owqrf23t23t23tCn:aXRf3r2s=:Enter Google Authenticator Code May 23 22:23:02 laptop nm-openvpn[18049]: SIGTERM[soft,auth-failure] received, process exiting May 23 22:23:02 laptop NetworkManager[1043]: <warn> VPN plugin failed: 0 i looked in the documentation but didn't found anything useful. any help will be appreciated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-fortisslvpn/+bug/1322728/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
