debcrafters-packages team mailing list archive

Thread
Date

[Bug 2112561] Re: NetworkManager on Ubuntu 24.04 fails OpenVPN authentication, ignoring 'auth-user-pass'

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Simon Poirier <2112561@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 Jun 2025 01:05:25 -0000
Reply-to: Bug 2112561 <2112561@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Thank you for reporting this bug and trying to make Ubuntu better.
It appears that this issue affects at least the configuration import, where networkmanager seems to ignore the file of the auth-user-pass directive.

But from your description, it sounds like when networkmanager prompts
for a password, the connection fails. Am I understanding this correctly?

Also, when editing the VPN connection through the networkmanager interface
* if you select authentication type to be "password with certificate (TLS)"
* select to store the password (the person icon in the password field)
* and fill the username and password
Does the connection work?

--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager-openvpn in
Ubuntu.
https://bugs.launchpad.net/bugs/2112561

Title:
NetworkManager on Ubuntu 24.04 fails OpenVPN authentication, ignoring
'auth-user-pass'

Status in network-manager-openvpn package in Ubuntu:
New

Bug description:
On a fresh installation of Ubuntu 24.04 LTS, NetworkManager fails to
connect to an OpenVPN server that requires both TLS certificates and
username/password authentication. The same connection profile and user
credentials work perfectly from the command line (openvpn --config
...) on the same system.

Furthermore, this functionality worked correctly in the NetworkManager
GUI on Ubuntu 22.04 LTS, indicating a software regression in the
Ubuntu 24.04 release.

The core issue appears to be that NetworkManager's nm-openvpn plugin
incorrectly handles the auth-user-pass directive. It forces an
interactive password prompt even when the configuration is explicitly
set to read credentials from a file, and it fails to authenticate
correctly when using the interactive prompt.

Affected Versions:

OS: Ubuntu 24.04 LTS (Noble Numbat)
Packages: network-manager, network-manager-openvpn, openvpn (You can find the exact versions by running this command in your terminal and adding the output to the report: apt-cache policy network-manager-openvpn openvpn)
Steps to Reproduce:

Create a standard OpenVPN client configuration file (client.ovpn) that
requires TLS certificates and username/password authentication. The
configuration includes <ca>, <cert>, <key> blocks and the directive
auth-user-pass.

On a clean Ubuntu 24.04 system, import this .ovpn file into
NetworkManager.

Attempt to connect to the VPN using the NetworkManager GUI.

Diagnostic Step:

Modify the .ovpn file. Change the auth-user-pass line to auth-user-
pass /path/to/auth.txt, where auth.txt is a file containing the
username on the first line and the password on the second.

Delete the previous connection profile from NetworkManager and re-
import this modified .ovpn file.

Attempt to connect again using the NetworkManager GUI.

Expected Results:

In step 3, NetworkManager should prompt for a username and password, and upon entering the correct credentials, the VPN should connect successfully.
In step 6, NetworkManager should read the credentials directly from auth.txt and connect to the VPN without showing a password prompt.
Actual Results:

In step 3, NetworkManager prompts for credentials, but the connection consistently fails. Logs show an AUTH_FAILED message from the server, followed by an ERROR: could not read Auth username/password/ok/string from management interface from the nm-openvpn process.
In step 6, NetworkManager completely ignores the auth-user-pass /path/to/auth.txt directive. It incorrectly shows a password prompt instead of reading the file. The connection fails.
Additional Information and Workaround:

This is a regression: This exact process and configuration works flawlessly in the NetworkManager GUI on Ubuntu 22.04 LTS.
Command-line works: The connection is 100% successful on Ubuntu 24.04 when initiated directly from the terminal using sudo openvpn --config client.ovpn (for both the interactive and the auth.txt methods). This proves the user credentials, certificates, server configuration, and the base openvpn client are all correct.
The only functional workaround on Ubuntu 24.04 is to bypass the NetworkManager GUI entirely and use the command-line client. This strongly isolates the bug to the network-manager-openvpn plugin or its integration with NetworkManager.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/2112561/+subscriptions

References

[Bug 2112561] [NEW] NetworkManager on Ubuntu 24.04 fails OpenVPN authentication, ignoring 'auth-user-pass'
From: Chandan Maharana, 2025-06-05