Skip to content
GitLab

multiple: improve 2FA challenge support

blimus requested to merge blimus/NetworkManager-openvpn:dc/2fa-challenge-response into main

This patch improves the support of OpenVPNs dynamic challenge/response protocol. The response is no longer stored in the NMOpenvpnPluginIOData 'password' field, which stops the annoying issue of the 2FA response overwriting the password in the users keyring.

If the 'E' flag is present in the OpenVPN challenge (indicates if the response should be echoed), it will now be respected.

After a user enters the challenge response, it is stored in the keyfile. Future VPN connection attempts won't use the value, but changing NM to avoid storing the value does not seem worthwhile.

See also: #12 See also: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/97

Edited by blimus

Merge request reports