Join Log in
Score:0
Patrick avatar Ubuntu

Network manager failing to connect VPN

cn flag
Patrick

I´m using Ubuntu 20.4.3 and OpenVPN 2.4.7.

I can connect to my VPN (which requires 2FA) via commandline by doing: openvpn myconffile.conf

It is prompting me to enter the user, then pass and finally the OTP. After this, everything goes ok.

I tried to set up the VPN via Network manager and I failed.

I went to Network / Add VPN / Import from file / select my conf file. I double checked info in a text editor vs the parameters in Network Manager. Everything is properly populated in the GUI.

When I click to connect, it prompts me every time "Authentication required" - A password is required. I put it and click "connect". It keeps prompting it. Finally it says: "connection failed".

I enabled network manager in DEBUG: sudo NetworkManager --log-level=DEBUG

Then check logs to catch an error: tail -f /var/log/syslog. I can see an authentication failure there saying: AUTH: Received control message: AUTH_FAILED

Raw logs here:

NetworkManager[1148]: <info>  [1631159937.7269] audit: op="connection-activate" uuid="xyz" name="xyz" pid=2120 uid=1000 result="success"
NetworkManager[1148]: <info>  [1631159937.7303] vpn-connection[xyz,xyz,"xyzxyz",0]: Started the VPN service, PID 7496
NetworkManager[1148]: <info>  [1631159937.7350] vpn-connection[xyz,xyz,"xyzxyz",0]: Saw the service appear; activating connection
NetworkManager[1148]: <info>  [1631159937.7426] vpn-connection[xyz,xyz,"xyzxyz",0]: VPN plugin: state changed: starting (3)
NetworkManager[1148]: <info>  [1631159937.7426] vpn-connection[xyz,xyz,"xyzxyz",0]: VPN connection: (ConnectInteractive) reply received
nm-openvpn[7500]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
nm-openvpn[7500]: library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
nm-openvpn[7500]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[7500]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: UDP link local: (not bound)
nm-openvpn[7500]: UDP link remote: [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7500]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7500]: [HOST_HERE] Peer Connection Initiated with [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: AUTH: Received control message: AUTH_FAILED
nm-openvpn[7500]: SIGUSR1[soft,auth-failure] received, process restarting

And yes, the password I´m typing is well written. I promess :)

Any ideas why this is working via console and not in Network Manager? What am I missing? How can I check this further?

Thanks in advanced!

613
0 + 2
codlord avatar
ru flag
codlord
Have you tried entering your password the first time network manager prompts and then the 2FA code the second time network manager prompts?
0
Reply
Patrick avatar
cn flag
Patrick
Thanks for the answer. Yes, I tried that. No luck.
0
Reply
Patrick avatar
cn flag
Patrick
Any other thoughts on this? Thanks in advanced!
0
Reply
CrazyTux avatar
us flag
CrazyTux
try to run the connection as a `root` user and add `--config` to your command `sudo openvpn --config myconffile.conf`.
0
Reply
Patrick avatar
cn flag
Patrick
@CrazyTux thanks for your response. I have already tried that and works ok (with --config or even without it but with myconffile.conf). The issue here is with Network Manager. It is not accepting me the password. Any other thoughts?
0
Reply
Score:1
Wazime avatar Ubuntu
in flag
Wazime

I'm having the same problem and it seems like a known bug.

link 1 link 2 link 3

The problem is that the network manager stores the 2FA code into the password field.

there are workaround out there, but they are not nice ones:
Openvpn via network-manager using 2fA overwrites saved password
I prefer not to block the login.keyring just for that

How to smoothly login through openvpn with 2 factor auth?
this workaround suggests storing the password in a plain text file.

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/12#note_863618

It seems that we'll have to wait until someone will fix this bug/bad behaviour.

0 + 0
Patrick avatar
cn flag
Patrick
Thanks very much for the response Wazime!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.