Public bug reported:
On a fresh installation of Ubuntu 24.04 LTS, NetworkManager fails to
connect to an OpenVPN server that requires both TLS certificates and
username/password authentication. The same connection profile and user
credentials work perfectly from the command line (openvpn --config ...)
on the same system.
Furthermore, this functionality worked correctly in the NetworkManager
GUI on Ubuntu 22.04 LTS, indicating a software regression in the Ubuntu
24.04 release.
The core issue appears to be that NetworkManager's nm-openvpn plugin
incorrectly handles the auth-user-pass directive. It forces an
interactive password prompt even when the configuration is explicitly
set to read credentials from a file, and it fails to authenticate
correctly when using the interactive prompt.
Affected Versions:
OS: Ubuntu 24.04 LTS (Noble Numbat)
Packages: network-manager, network-manager-openvpn, openvpn (You can find the
exact versions by running this command in your terminal and adding the output
to the report: apt-cache policy network-manager-openvpn openvpn)
Steps to Reproduce:
Create a standard OpenVPN client configuration file (client.ovpn) that
requires TLS certificates and username/password authentication. The
configuration includes <ca>, <cert>, <key> blocks and the directive
auth-user-pass.
On a clean Ubuntu 24.04 system, import this .ovpn file into
NetworkManager.
Attempt to connect to the VPN using the NetworkManager GUI.
Diagnostic Step:
Modify the .ovpn file. Change the auth-user-pass line to auth-user-pass
/path/to/auth.txt, where auth.txt is a file containing the username on
the first line and the password on the second.
Delete the previous connection profile from NetworkManager and re-import
this modified .ovpn file.
Attempt to connect again using the NetworkManager GUI.
Expected Results:
In step 3, NetworkManager should prompt for a username and password, and upon
entering the correct credentials, the VPN should connect successfully.
In step 6, NetworkManager should read the credentials directly from auth.txt
and connect to the VPN without showing a password prompt.
Actual Results:
In step 3, NetworkManager prompts for credentials, but the connection
consistently fails. Logs show an AUTH_FAILED message from the server, followed
by an ERROR: could not read Auth username/password/ok/string from management
interface from the nm-openvpn process.
In step 6, NetworkManager completely ignores the auth-user-pass
/path/to/auth.txt directive. It incorrectly shows a password prompt instead of
reading the file. The connection fails.
Additional Information and Workaround:
This is a regression: This exact process and configuration works flawlessly in
the NetworkManager GUI on Ubuntu 22.04 LTS.
Command-line works: The connection is 100% successful on Ubuntu 24.04 when
initiated directly from the terminal using sudo openvpn --config client.ovpn
(for both the interactive and the auth.txt methods). This proves the user
credentials, certificates, server configuration, and the base openvpn client
are all correct.
The only functional workaround on Ubuntu 24.04 is to bypass the NetworkManager
GUI entirely and use the command-line client. This strongly isolates the bug to
the network-manager-openvpn plugin or its integration with NetworkManager.
** Affects: network-manager-openvpn (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to network-manager-openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/2112561
Title:
NetworkManager on Ubuntu 24.04 fails OpenVPN authentication, ignoring
'auth-user-pass'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/2112561/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
