This patch improves the support of OpenVPNs dynamic challenge/response protocol. The response is no longer stored in the NMOpenvpnPluginIOData 'password' field, which stops the annoying issue of the 2FA response overwriting the password in the users keyring.
If the 'E' flag is present in the OpenVPN challenge (indicates if the response should be echoed), it will now be respected.
After a user enters the challenge response, it is stored in the keyfile. Future VPN connection attempts won't use the value, but changing NM to avoid storing the value does not seem worthwhile.
See also: #12 See also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97