OpenVPN 3.4.0 for Android problems with 2FA

Good afternoon. There are several questions:

  1. OpenVPN Connect version 3.4.0 on Android has problems with two-factor authentication, when entering a code from Google authenticator requires you to enter it again. Version 3.3.4 works without problems. In the client logs:
 [Jan. 26, 2024, 15:02:06] Session is ACTIVE

[Jan. 26, 2024, 15:02:06] Sending PUSH_REQUEST to server...

[Jan. 26, 2024, 15:02:06] EVENT: GET_CONFIG

[Jan. 26, 2024, 15:02:06] AUTH_FAILED

[Jan. 26, 2024, 15:02:06] EVENT: DYNAMIC_CHALLENGE info='CRV1:R,E:fb1864a1ed7040ddae606b92a0189f20:bmls:Enter OTP Code'

[Jan. 26, 2024, 15:02:06] EVENT: DISCONNECTED

In the server logs:

[autumn-thunder-4553] 2024-01-26 13:01:38 ERROR User auth failed "Challenge OTP code"

  1. How can I change the VPN configuration if I understand correctly that all settings are stored in the mongo database? For example, I want to disable compression, how can I do this?
  2. Is it possible to enable tls-crypt-v2? If yes, how to do it?
1 Like

Compression is disabled by default, tls-crypt-v2 can’t be used. The plugin system allows adding configuration lines.

Hi, any suggestion how to fix this issue? Same here.

1 Like

Hi Zach, how about point number 1 above?

same issue here as well…

1 Like

@afahre confirmed that it works with older version, installed version 3.3.4 from here and works

The fact that version 3.3.4 works without problems was written in the first message. How to solve the problem with version 3.4.0?
Using an old client is, of course, a temporary solution, but sending users to download an older version to a third-party resource is problematic and not entirely correct, it seems to me.

Agreed about 3rd party

@zach does it requires update on pritunl server version(I am using pritunl v1.29.2664.67) or fix from mobile app is required?

About compression, this was just an example, okay, how to enable compression for a specific server in pritunl? tls-crypt-v2 not planned for future versions?

Updating at this time will not solve the problem. I have version v1.32.3732.84.

1 Like

correct, updating Pritunl server did not solve the problem. So this issue still does not have any solutions right? @zach please help.

I can’t replicate any issues on Android v3.4.0 with Google Authenticator enabled. Server is Oracle Linux 8 with pritunl-openvpn v2.6.6.

I am using ubuntu server 22.04 with pritunl server version v1.32.3732.84 installed.

What is the DH Param, Encryption, Hash and MTU configured to in the server settings.

here are the logs when using OpenVPN client version 3.4.0++ :

[summer-waves-3000][2024-01-31 07:59:41,934][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:41,935][INFO] Checking password
user_name = “danang”
password = “122345”
[summer-waves-3000][2024-01-31 07:59:50,035][INFO] Authenticating user
user_name = “danang”
factors = [“otp”]
[summer-waves-3000][2024-01-31 07:59:50,036][INFO] Checking password
user_name = “danang”
password = “SCRV1:MTIyMzQ1:MjMwNDY4”

and here are when using the old version :

[summer-waves-3000][2024-01-31 07:56:19,900][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:19,903][INFO] Checking password
user_name = “ari”
password = “123456”
[summer-waves-3000][2024-01-31 07:56:26,546][INFO] Authenticating user
user_name = “ari”
factors = [“otp”, “pin”]
[summer-waves-3000][2024-01-31 07:56:26,547][INFO] Checking password
user_name = “ari”
password = “635274”

The v3.4.0 logs otp code like encrypted or something.

already try to upgrade the pritunl and openvpn version.
from pritunl v1.32.3732 and openvpn v2.5.8

upgraded to :
root@pritunl-vpn:~# pritunl version

pritunl v1.32.3746.95

root@pritunl-vpn:~# openvpn --version

OpenVPN 2.6.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]

library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10

Still error 2FA Google Auth on ovpn client version 3.4.0++, it’s keeps popped up 2FA.

This will be fixed in the next release. Commit 4ac85ff can be applied to the /usr/lib/pritunl/usr/lib/python3.9/site-packages/pritunl/authorizer/ file to fix the issue.

1 Like

Great! Thank you very much.

Very good thankyouuu zach

After replacing the file, is pritunl restarted?