Could not login from androind using ovpn file but same works on iOS

Could not login using ovpn file in androind but same works in ios

I am able to import ovpn file without any issue, able to enter username, password & totp, but login is failed.

Android client open vpn connect version: 3.4.0 (9755)

I have tried it from different andoid devices as well with same open vpn connect version

Server used is Pritunl Free

OpenVPN Connect version 3.4.0++ on Android has problems with two-factor authentication. Version 3.3.4 works without problems.

Me too have the same problem with version 3.4++ on android.

Thanks a lot…
Got the old apk version from here & works

yeah, but it’s just a temporary solution. hope they will fix it asap

Yes, sharing refernce to other post here where the same issue is raised and responded by Pritunl team member

I can’t replicate any issues on Android v3.4.0 with Google Authenticator enabled. Server is Oracle Linux 8 with pritunl-openvpn v2.6.6.

steps to reproduce
download new ovpn file for the user & upload it then login from open vpn connect 3.4.0

if you have tried to login with already uploaded ovpn file, then it might work

I used a new install and profile. What Linux distribution and server version are you using?

Amazon EC2 - Ubuntu 20.04.2 LTS (GNU/Linux 5.15.0-1017-aws x86_64)
pritunl v1.29.2664.67
free version of pritunl

Same thing - OpenVPN 3.4.0 will infinitely ask for Google 2FA code, Pritunl logs show
User connection to "XXX" denied. User failed two-step authentication.
Downgrading OpenVPN client to 3.3.4 fixes the issue.

I could not reproduce the issue on Ubuntu 20.04 Pritunl v1.32.

Try disabling OpenVPN authentication cache in the top right settings if it is set.

Run the commands below to edit the authorizer find the _check_password function and add the log message to the first line of the function with the correct indention. Then restart the service and this will allow seeing what is getting sent to the server in the password field. The path below is for a v1.32 release, on older releases you will need to find the file similar to /usr/lib/pritunl/lib/python3.8/site-packages/pritunl/authorizer/authorizer.py with the correct Python version.

sudo nano /usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/authorizer/authorizer.py
ctrl+w def _check_pass
logger.info('Checking password', 'auth', user_name=self.user.name, password=self.password)
ctrl+x s
sudo systemctl restart pritunl

here are the logs when using OpenVPN client version 3.4.0++ :

[summer-waves-3000][2024-01-31 07:59:41,934][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:41,935][INFO] Checking password
user_name = “danang”
password = “122345”
[summer-waves-3000][2024-01-31 07:59:50,035][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:50,036][INFO] Checking password
user_name = “danang”
password = “SCRV1:MTIyMzQ1:MjMwNDY4”

and here are when using the old version :

[summer-waves-3000][2024-01-31 07:56:19,900][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:19,903][INFO] Checking password
user_name = “ari”
password = “123456”
[summer-waves-3000][2024-01-31 07:56:26,546][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:26,547][INFO] Checking password
user_name = “ari”
password = “635274”

The v3.4.0 logs otp code like encrypted or something.

This will be fixed in the next release. Commit 4ac85ff can be applied to the authorizer.py file to fix the issue.

2 Likes

thank youu zach

Hi @afahre, i still cannot login or use vpn client in android. Can you share information which version openvpn client in android that you use please?
I tried with 3.4.2, 3.3.4, 3.3.3, 3.2.6 version but still error after import the profile. The popup error is User Authentication Failed.
Here’s the capture from me and there is a log that shows us if the user/pass empty, I believe that it should be filled.
Many thanks for any guidance here :pray: