Comment 1 for bug 1322728

I'm experiencing the same issue with OpenVPN Access Server + Duo Security. Our server requires both client certificate, username/password and a 2FA token.

The problem seems to be that network-manager-openvpn lacks support for username/password auth combined with challenge response. Expected scenario would be a second dialog asking for 2FA token, similar to what openvpn(1) does when started manually from the command line.

May 6 11:12:38 hostname nm-openvpn[8558]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]x.x.x.x:443
May 6 11:12:40 hostname nm-openvpn[8558]: AUTH: Received control message: AUTH_FAILED,CRV1:R,E:<removed>:Duo passcode or second factor:
May 6 11:12:40 hostname NetworkManager[1032]: (nm-openvpn-service:8459): nm-openvpn-WARNING **: Password verification failed
May 6 11:12:40 hostname nm-openvpn[8558]: SIGTERM[soft,auth-failure] received, process exiting
May 6 11:12:40 hostname NetworkManager[1032]: <warn> VPN plugin failed: login-failed (0)

% cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.04
DISTRIB_CODENAME=vivid
DISTRIB_DESCRIPTION="Ubuntu 15.04"

% dpkg -l | grep '^ii network-manager'
ii network-manager 0.9.10.0-4ubuntu15.1 amd64 network management framework (daemon and userspace tools)
ii network-manager-gnome 0.9.10.1-0ubuntu4 amd64 network management framework (GNOME frontend)
ii network-manager-openvpn 0.9.10.0-1ubuntu1 amd64 network management framework (OpenVPN plugin core)
ii network-manager-openvpn-gnome 0.9.10.0-1ubuntu1 amd64 network management framework (OpenVPN plugin GNOME GUI)
ii network-manager-pptp 0.9.10.0-1ubuntu1 amd64 network management framework (PPTP plugin core)
ii network-manager-pptp-gnome 0.9.10.0-1ubuntu1 amd64 network management framework (PPTP plugin GNOME GUI)