Good afternoon. There are several questions:
OpenVPN Connect version 3.4.0 on Android has problems with two-factor authentication, when entering a code from Google authenticator requires you to enter it again. Version 3.3.4 works without problems. In the client logs:
[Jan. 26, 2024, 15:02:06] Session is ACTIVE
[Jan. 26, 2024, 15:02:06] Sending PUSH_REQUEST to server...
[Jan. 26, 2024, 15:02:06] EVENT: GET_CONFIG
[Jan. 26, 2024, 15:02:06] AUTH_FAILED
[Jan. 26, 2024, 15:02:06] EVENT: DYNAMIC_CHALLENGE info='CRV1:R,E:fb1864a1ed7040ddae606b92a0189f20:bmls:Enter OTP Code'
[Jan. 26, 2024, 15:02:06] EVENT: DISCONNECTED
In the server logs:
[autumn-thunder-4553] 2024-01-26 13:01:38 ERROR User auth failed "Challenge OTP code"
How can I change the VPN configuration if I understand correctly that all settings are stored in the mongo database? For example, I want to disable compression, how can I do this?
Is it possible to enable tls-crypt-v2? If yes, how to do it?
1 Like
zach
January 29, 2024, 6:00pm
2
Compression is disabled by default, tls-crypt-v2 can’t be used. The plugin system allows adding configuration lines.
afahre
January 30, 2024, 6:57am
3
Hi, any suggestion how to fix this issue? Same here.
1 Like
afahre
January 30, 2024, 6:58am
4
Hi Zach, how about point number 1 above?
babu
January 30, 2024, 8:53am
5
same issue here as well…
Could not login using ovpn file in androind but same works in ios
I am able to import ovpn file without any issue, able to enter username, password & totp, but login is failed.
Android client open vpn connect version: 3.4.0 (9755)
I have tried it from different andoid devices as well with same open vpn connect version
Server used is Pritunl Free
1 Like
babu
January 30, 2024, 9:54am
6
@afahre confirmed that it works with older version, installed version 3.3.4 from here and works
The fact that version 3.3.4 works without problems was written in the first message. How to solve the problem with version 3.4.0?
Using an old client is, of course, a temporary solution, but sending users to download an older version to a third-party resource is problematic and not entirely correct, it seems to me.
babu
January 30, 2024, 10:27am
8
Agreed about 3rd party
@zach does it requires update on pritunl server version(I am using pritunl v1.29.2664.67) or fix from mobile app is required?
About compression, this was just an example, okay, how to enable compression for a specific server in pritunl? tls-crypt-v2 not planned for future versions?
Updating at this time will not solve the problem. I have version v1.32.3732.84.
1 Like
afahre
January 30, 2024, 2:26pm
11
correct, updating Pritunl server did not solve the problem. So this issue still does not have any solutions right? @zach please help.
zach
January 30, 2024, 4:31pm
12
I can’t replicate any issues on Android v3.4.0 with Google Authenticator enabled. Server is Oracle Linux 8 with pritunl-openvpn
v2.6.6.
afahre
January 31, 2024, 12:52am
13
I am using ubuntu server 22.04 with pritunl server version v1.32.3732.84 installed.
zach
January 31, 2024, 1:01am
14
What is the DH Param, Encryption, Hash and MTU configured to in the server settings.
afahre
January 31, 2024, 1:03am
15
here are the logs when using OpenVPN client version 3.4.0++ :
[summer-waves-3000][2024-01-31 07:59:41,934][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:41,935][INFO] Checking password
user_name = “danang”
password = “122345”
[summer-waves-3000][2024-01-31 07:59:50,035][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:50,036][INFO] Checking password
user_name = “danang”
password = “SCRV1:MTIyMzQ1:MjMwNDY4”
and here are when using the old version :
[summer-waves-3000][2024-01-31 07:56:19,900][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:19,903][INFO] Checking password
user_name = “ari”
password = “123456”
[summer-waves-3000][2024-01-31 07:56:26,546][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:26,547][INFO] Checking password
user_name = “ari”
password = “635274”
The v3.4.0 logs otp code like encrypted or something.
afahre
January 31, 2024, 3:54am
16
already try to upgrade the pritunl and openvpn version.
from pritunl v1.32.3732 and openvpn v2.5.8
upgraded to :
root@pritunl-vpn:~# pritunl version
pritunl v1.32.3746.95
root@pritunl-vpn:~# openvpn --version
OpenVPN 2.6.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Still error 2FA Google Auth on ovpn client version 3.4.0++, it’s keeps popped up 2FA.
zach
January 31, 2024, 5:25am
17
This will be fixed in the next release. Commit 4ac85ff can be applied to the /usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/authorizer/authorizer.py
file to fix the issue.
1 Like
Great! Thank you very much.
afahre
January 31, 2024, 7:50am
19
Very good thankyouuu zach
zach:
authorizer.py
After replacing the authorizer.py file, is pritunl restarted?