Nm-openvpn GUI respawns multiple password prompts and fails

Since the update to F32 I am having a weird issue:

When I log off and on the VPN (using the tray icon for networkmanager on Cinnamon) the prompt pops up, I type a correct pass code and it pops up again asking for another code until it blocks me after one or two trials (with the correct code, even cutting and pasting). I have then to contact the internal automation dudes to get my login unlocked.

Checking the logs it seems that for an unknown reason during the authentication it generates an auth error even before I have had any opportunity to do it myself (logs attached). The logs that follow belong to a single attempt after our internal automation guys unlocked my account. There is first the weird failure and then the correct login (to be clear: I only typed in one login code, once):

okt 05 14:59:56 192.168.2.12 NetworkManager[3714]: <info>  [1601902796.6034] vpn-connection[0x557f39c627a0,9217ece1-3f0b-4291-b201-76ceb6b3b9dc,"server-locked",0]: VPN connection: (ConnectInteractive) reply received
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 19 2020
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: library versions: OpenSSL 1.1.1g FIPS  21 Apr 2020, LZO 2.10
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: TCP/UDP: Preserving recently used remote address: [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: UDP link local: (not bound)
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: UDP link remote: [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
okt 05 14:59:56 192.168.2.12 nm-openvpn[43553]: [vpn2.ia.surfsara.nl] Peer Connection Initiated with [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 14:59:58 192.168.2.12 nm-openvpn[43553]: AUTH: Received control message: AUTH_FAILED,Failed authentication for user surfsara/enricm. Invalid response to a challenge.
okt 05 14:59:58 192.168.2.12 nm-openvpn[43553]: SIGUSR1[soft,auth-failure] received, process restarting
--
okt 05 15:00:22 192.168.2.12 nm-openvpn[43553]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
okt 05 15:00:22 192.168.2.12 nm-openvpn[43553]: TCP/UDP: Preserving recently used remote address: [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 15:00:22 192.168.2.12 nm-openvpn[43553]: UDP link local: (not bound)
okt 05 15:00:22 192.168.2.12 nm-openvpn[43553]: UDP link remote: [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 15:00:22 192.168.2.12 nm-openvpn[43553]: [vpn2.ia.surfsara.nl] Peer Connection Initiated with [AF_INET]1xx.xxx.xxx.xxx:1194
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-pre-release (2.4.9)
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-renew (2.4.9)
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: dhcp-release (2.4.9)
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:17: register-dns (2.4.9)
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: TUN/TAP device tun0 opened
okt 05 15:00:23 192.168.2.12 nm-openvpn[43553]: /usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 43544 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_10 --tun -- tun0 1500 1602 1xx.xxx.xx.xxx 255.255.255.240 init
okt 05 15:00:23 192.168.2.12 systemd-udevd[43566]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
--
okt 05 15:00:28 192.168.2.12 nm-openvpn[43553]: GID set to nm-openvpn
okt 05 15:00:28 192.168.2.12 nm-openvpn[43553]: UID set to nm-openvpn
okt 05 15:00:28 192.168.2.12 nm-openvpn[43553]: Initialization Sequence Completed

Any help will be welcome.

Thanks in advance.

Regards,

Enric

1 Like

It works fine for me, but I’ve configured it as a system-wide connection.

Post the output redacting the private parts:

PAGER= nmcli connection show CONNECTION_NAME
1 Like

Hi thanks, I have been talking to our internal automation guys,
it is something related to our own VPN, I still need to gather info but it’s not happening again in a while.

Regards,

Enric

1 Like