Network manager failing to connect VPN

I´m using Ubuntu 20.4.3 and OpenVPN 2.4.7.

I can connect to my VPN (which requires 2FA) via commandline by doing: openvpn myconffile.conf

It is prompting me to enter the user, then pass and finally the OTP. After this, everything goes ok.

I tried to set up the VPN via Network manager and I failed.

I went to Network / Add VPN / Import from file / select my conf file. I double checked info in a text editor vs the parameters in Network Manager. Everything is properly populated in the GUI.

When I click to connect, it prompts me every time "Authentication required" - A password is required. I put it and click "connect". It keeps prompting it. Finally it says: "connection failed".

I enabled network manager in DEBUG: sudo NetworkManager --log-level=DEBUG

Then check logs to catch an error: tail -f /var/log/syslog. I can see an authentication failure there saying: AUTH: Received control message: AUTH_FAILED

Raw logs here:

NetworkManager[1148]: <info>  [1631159937.7269] audit: op="connection-activate" uuid="xyz" name="xyz" pid=2120 uid=1000 result="success"
NetworkManager[1148]: <info>  [1631159937.7303] vpn-connection[xyz,xyz,"xyzxyz",0]: Started the VPN service, PID 7496
NetworkManager[1148]: <info>  [1631159937.7350] vpn-connection[xyz,xyz,"xyzxyz",0]: Saw the service appear; activating connection
NetworkManager[1148]: <info>  [1631159937.7426] vpn-connection[xyz,xyz,"xyzxyz",0]: VPN plugin: state changed: starting (3)
NetworkManager[1148]: <info>  [1631159937.7426] vpn-connection[xyz,xyz,"xyzxyz",0]: VPN connection: (ConnectInteractive) reply received
nm-openvpn[7500]: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
nm-openvpn[7500]: library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
nm-openvpn[7500]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[7500]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: UDP link local: (not bound)
nm-openvpn[7500]: UDP link remote: [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7500]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7500]: [HOST_HERE] Peer Connection Initiated with [AF_INET]IP_HERE:PORT_HERE
nm-openvpn[7500]: AUTH: Received control message: AUTH_FAILED
nm-openvpn[7500]: SIGUSR1[soft,auth-failure] received, process restarting

And yes, the password I´m typing is well written. I promess :)

Any ideas why this is working via console and not in Network Manager? What am I missing? How can I check this further?

Thanks in advanced!


I'm having the same problem and it seems like a known bug.

link 1 link 2 link 3

The problem is that the network manager stores the 2FA code into the password field.

there are workaround out there, but they are not nice ones:
Openvpn via network-manager using 2fA overwrites saved password
I prefer not to block the login.keyring just for that

How to smoothly login through openvpn with 2 factor auth?
this workaround suggests storing the password in a plain text file.

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/12#note_863618

It seems that we'll have to wait until someone will fix this bug/bad behaviour.