Public bug reported: I was able to get multi-factor authentication to work with a second factor authentication token (Microsoft Authenticator) at my place of employment. It's a random multi-digit code that refreshes every 30 seconds. However, when connecting using OpenVpn, I get a prompt to enter in my password. After successfully entering in the password, some more negotiation happens with the server, I then get prompted with another dialog window re-asking for my "password". This second window accepts the multi-digit authentication code. Though this works, it is quite confusing to see the words "Enter password". There is probably some sort of messaging that takes place between the server and the client to be able to mark this second dialog window an "Authentication Token" and not a "password" dialog. It seems silly, but less technical people who don't work with openvpn on the daily or people who don't have the time aren't going to look into the issue further and in stead just say that it's not working.
lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04.3 LTS Release: 24.04 network-manager-openvpn-gnome/noble,now 1.10.2-4build2 amd64 [installed,automatic] network-manager-openvpn/noble,now 1.10.2-4build2 amd64 [installed,automatic] openvpn/noble-updates,now 2.6.14-0ubuntu0.24.04.1 amd64 [installed,automatic] Full log output: Aug 06 14:11:54 HOSTNAME NetworkManager[1921]: <info> [1754511114.3746] vpn[0x64caef73a5f0,UUID,"VPN_NAME"]: starting openvpn Aug 06 14:11:54 HOSTNAME NetworkManager[1921]: <info> [1754511114.3753] audit: op="connection-activate" uuid="UUID" name="VPN_NAME" pid=4381 uid=1000 result="success" Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: OpenVPN 2.6.14 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10 Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: DCO version: N/A Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_ADDRESS:PORT Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: Attempting to establish TCP connection with [AF_INET]IP_ADDRESS:PORT Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: TCP connection established with [AF_INET]IP_ADDRESS:PORT Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link local: (not bound) Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link remote: [AF_INET]IP_ADDRESS:PORT Aug 06 14:11:54 HOSTNAME nm-openvpn[255969]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Aug 06 14:11:55 HOSTNAME nm-openvpn[255969]: [VPN Server] Peer Connection Initiated with [AF_INET]IP_ADDRESS:PORT Aug 06 14:11:56 HOSTNAME nm-openvpn[255969]: AUTH: Received control message: AUTH_FAILED Aug 06 14:11:56 HOSTNAME nm-openvpn[255969]: SIGUSR1[soft,auth-failure] received, process restarting Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: Attempting to establish TCP connection with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: TCP connection established with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link local: (not bound) Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link remote: [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:10 HOSTNAME nm-openvpn[255969]: [VPN Server] Peer Connection Initiated with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:11 HOSTNAME nm-openvpn[255969]: AUTH: Received control message: AUTH_FAILED,CRV1:R,E:245:BASE64_STRING:Enter Your Microsoft verification code Aug 06 14:12:11 HOSTNAME nm-openvpn[255969]: SIGUSR1[soft,auth-failure] received, process restarting Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: Attempting to establish TCP connection with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: TCP connection established with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link local: (not bound) Aug 06 14:12:21 HOSTNAME nm-openvpn[255969]: TCPv4_CLIENT link remote: [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:22 HOSTNAME nm-openvpn[255969]: [VPN Server] Peer Connection Initiated with [AF_INET]IP_ADDRESS:PORT Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: TUN/TAP device tun0 opened Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: /usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 255961 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_XX --tun -- tun0 1500 0 192.168.113.5 255.255.255.0 init Aug 06 14:12:28 HOSTNAME NetworkManager[1921]: <info> [1754511148.3530] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/13) Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: UID set to nm-openvpn Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: GID set to nm-openvpn Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: Capabilities retained: CAP_NET_ADMIN Aug 06 14:12:28 HOSTNAME nm-openvpn[255969]: Initialization Sequence Completed ** Affects: network-manager-openvpn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119683 Title: Multi factor authentication challenges in openvpn network manager show up as a dialog for "Password" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/2119683/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
