After upgrading NetworkManager-openvpn to 1.12.2-1.fc43, I can’t enter my 2FA code. I receive a new code every second, but the prompt to enter it never appears. The last known working version was 1.12.0-5.fc43. Reproducible: Always
Created attachment 2103580 [details] NetworkManager-openvpn 1.12.0-5 log
Created attachment 2103581 [details] NetworkManager-openvpn 1.12.2-1 log
Proposed as a Blocker and Freeze Exception for 43-beta by Fedora user mikhail using the blocker tracking app because: Severe regression in NetworkManager-openvpn 1.12.2-1.fc43: the 2FA prompt dialog for OpenVPN never appears, making it impossible to connect to any 2FA-protected VPN. This blocks access to work networks and renders the system unusable for work. Last known good: 1.12.0-5.fc43. Only workaround is to downgrade.
Thanks for the report. I think I've figured it out: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/99 Note that the issue is only encountered when the password prompt contains wide characters, in your case it's the Cyrillic characters in "Введите код:". I'm not sure this would warrant a blocker, but we do have a fix and probably will be building an updated package soon anyway. Regards Lubo
(In reply to Lubomir Rintel from comment #4) > Thanks for the report. I think I've figured it out: > https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/merge_requests/99 > > Note that the issue is only encountered when the password prompt contains > wide characters, in your case it's the Cyrillic characters in "Введите > код:". I'm not sure this would warrant a blocker, but we do have a fix and > probably will be building an updated package soon anyway. > > Regards > Lubo Thanks for looking into this. I built NetworkManager-openvpn from source with the patch from MR !99 and can confirm the issue is resolved.
Standard Cyrillic characters aren't usually considered "wide", though, are they? Is "wide" really what you meant, or did you maybe just mean anything outside the ASCII character set, or something?
+3 for Beta FE in https://pagure.io/fedora-qa/blocker-review/issue/1870 , so marking accepted Beta FE. Blocker vote is ongoing.
Discussed at the 2025-08-25 Blocker review meeting: This is accepted as a violation of Basic criterion 'Using the default network configuration tools for the console and for release-blocking desktops, it must be possible to establish a working connection to common OpenVPN, openconnect-supported and vpnc-supported VPN servers with typical configurations.' Our judgment is that 2FA + non-ASCII(?) 2FA prompt is a 'typical' enough configuration to block Beta on. [1] https://meetbot.fedoraproject.org/blocker-review_matrix_fedoraproject-org/2025-08-25/f43-blocker-review.2025-08-25-16.00.log.html
I've updated to NM-openvpn 1.12.3 both in Rawhide and F43. Mikhail, please test it when it's available in the repo.
(In reply to Íñigo Huguet from comment #9) > I've updated to NM-openvpn 1.12.3 both in Rawhide and F43. Mikhail, please > test it when it's available in the repo. # rpm -q NetworkManager-openvpn NetworkManager-openvpn-1.12.3-1.fc44.x86_64 I can confirm the issue is resolved.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-afabd5d2ff is stable, so I believe we can close this. Thanks.