Bug 487417 - NetworkManager property “x-dynamic-challenge-echo:challenge-response” invalid or not supported
Summary: NetworkManager property “x-dynamic-challenge-echo:challenge-response” invalid...
Status: RESOLVED FIXED
Alias: None
Product: plasma-nm
Classification: Plasma
Component: general (show other bugs)
Version: 6.0.4
Platform: Arch Linux Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-23 08:55 UTC by avontuur
Modified: 2024-07-18 02:35 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/plasma/plasma-nm/-/commit/4d0b48618a8daf54d89ff4fcf7d017690a890e24
Version Fixed In: 6.2.0
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description avontuur 2024-05-23 08:55:24 UTC 
***
If you're not sure this is actually a bug, instead post about it at https://discuss.kde.org

If you're reporting a crash, attach a backtrace with debug symbols; see https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***

SUMMARY
Connection to an OpenVPN network using NetworkManager fails after a recent upgrade. The cause is due to a recent change in NetworkManager, and is detailed in this bug report: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1536


STEPS TO REPRODUCE
1. Add an OpenVPN network requiring a challenge-response
2. Attempt to connect to said network


OBSERVED RESULT

Notification "starting the service providing VPN connection "xxx" failed

`journalctl -fu NetworkManager`: 
```
connect: failed to connect interactively: 'GDBus.Error:org.freedesktop.NetworkManager.VPN.Error.BadArguments: property “x-dynamic-challenge-echo:challenge-response” invalid or not supported'
```


EXPECTED RESULT

Network connection prompting for a token and then working after entering one successfully

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.2.0
Qt Version: 6.7.0

plasma-nm version: 6.0.4-1
networkmanager version: 1.46.0-2

ADDITIONAL INFORMATION

See mentioned bug report on NetworkManager for more detailed information and config files for the connection.
Comment 1 avontuur 2024-05-23 09:02:28 UTC 
Missed this version: networkmanager-openvpn = 1.10.4-1
Comment 2 Benjamin Robin 2024-05-26 12:02:34 UTC 
I created a MR to fix it: https://invent.kde.org/plasma/plasma-nm/-/merge_requests/350

See also the (wrongly submitted by myself) bug report  on the NetworkManager-openvpn plugin: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/142
Comment 3 Benjamin Robin 2024-05-26 12:12:05 UTC 
There is still the issue, that if "challenge-response-flags=2" is missing in the configuration file, the challenge will be saved in "[vpn-secrets]" section of the configuration file, and will break any subsequent VPN connection.
Comment 4 Benjamin Robin 2024-06-21 22:31:21 UTC 
This is going to be fixed in NetworkManager by this MR : https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1958
Comment 5 Nicolas Fella 2024-07-14 14:53:13 UTC 
Git commit 4d0b48618a8daf54d89ff4fcf7d017690a890e24 by Nicolas Fella, on behalf of Benjamin ROBIN.
Committed on 14/07/2024 at 14:51.
Pushed by nicolasfella into branch 'master'.

openvpn: Implement challenge-response echo hint prefix

Properly handles hint, if prefixed with either:
 - `x-dynamic-challenge-echo:`
 - `x-dynamic-challenge:`

This was introduced in libnmc in NetworkManager@27c701ebfb
And used in NetworkManager-openvpn@322c27381f

The hint prefix no longer need to be removed since the commit in
NetworkManager@0583e1f8. This requires NetworkManager versions 1.46.2,
1.48.1 or later.

M  +20   -9    vpn/openvpn/openvpnauth.cpp

https://invent.kde.org/plasma/plasma-nm/-/commit/4d0b48618a8daf54d89ff4fcf7d017690a890e24