FortiVPN - one-time password

Hi,
I have VPN to curstomer , which is using OTP in addition to user / password combo. On Ubuntu no problem with OTP, on Leap no chance. In NetWorkManager, there is One-time password switch, but it stay not enabled and VPN connection doesn´t prompt for it. I have latest patches installed.

Thanks

I assume that you’re referring to the KDE NM applet? Perhaps try using nm-applet for this (NetworkManager-applet package).

FWIW, a KDE developer thread about this…
https://phabricator.kde.org/D17834

Also, to get a better handle on what might be failing, open a terminal and watch NM logging with…

sudo journalctl -fu NetworkManager

Then try connecting and observer/capture the output. That might help show where the issue lies.

I enter password and OTP and get error “The service providing the VPN connection was stopped.” FortiVPN to another customer without OTP is working.


Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1001] agent-manager: agent[7f5069aedfbef257,:1.48/org.kde.plasma.networkmanagement/1000]: agent returned secrets for request [d9af48cad69d8c92/"MKP"/"vpn"]
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1003] settings-connection[e3243c1c4f347b6e,97c54fab-bcc4-4abe-b705-fe07ac618be3]: (vpn:0x5581ba6d6d40) secrets returned from agent :1.48
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1003] settings-connection[e3243c1c4f347b6e,97c54fab-bcc4-4abe-b705-fe07ac618be3]: (vpn:0x5581ba6d6d40) secrets request completed
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1005] settings-connection[e3243c1c4f347b6e,97c54fab-bcc4-4abe-b705-fe07ac618be3]: (vpn:0x5581ba6d6d40) saving new secrets to backing storage
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1040] vpn-connection[0x5581ba6f6110,97c54fab-bcc4-4abe-b705-fe07ac618be3,"MKP",0]: asking service if additional secrets are required
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1065] vpn-connection[0x5581ba6f6110,97c54fab-bcc4-4abe-b705-fe07ac618be3,"MKP",0]: service indicated no additional secrets required
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <debug> [1630887467.1067] vpn-connection[0x5581ba6f6110,97c54fab-bcc4-4abe-b705-fe07ac618be3,"MKP",0]: Calling old Connect function as not all agents support interactive secrets
Sep 06 02:17:47 localhost.localdomain NetworkManager[2435]: <info>  [1630887467.1149] vpn-connection[0x5581ba6f6110,97c54fab-bcc4-4abe-b705-fe07ac618be3,"MKP",0]: VPN plugin: state changed: starting (3)
Sep 06 02:17:57 localhost.localdomain NetworkManager[2435]: <info>  [1630887477.1230] vpn-connection[0x5581ba6f6110,97c54fab-bcc4-4abe-b705-fe07ac618be3,"MKP",0]: VPN service disappeared

FWIW, a quick search turned up this long-running Gnome thread discussing similar behaviour…
https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/issues/13
Unfortunately, I have no experience with using Fortinet VPNs. Hopefully this thread will catch the attention of those that are more familiar with using it. A bug report may well be needed to progress handling of 2FA OTP in NetworkManager in any case.

Can you connect using the openfortivpn command (as others report that they can in the thread I linked to)?

I note the following packages available from the OSS repo…

# zypper se -s forti
Loading repository data...
Reading installed packages...

S | Name                             | Type       | Version            | Arch   | Repository
--+----------------------------------+------------+--------------------+--------+----------------------------------------
  | NetworkManager-fortisslvpn       | package    | 1.2.10-bp153.1.17  | x86_64 | openSUSE-Leap-15.3-Oss
  | NetworkManager-fortisslvpn       | srcpackage | 1.2.10-bp153.1.17  | noarch | openSUSE-Leap-15.3-Source
  | NetworkManager-fortisslvpn-gnome | package    | 1.2.10-bp153.1.17  | x86_64 | openSUSE-Leap-15.3-Oss
  | NetworkManager-fortisslvpn-lang  | package    | 1.2.10-bp153.1.17  | noarch | openSUSE-Leap-15.3-Oss
  | openfortivpn                     | package    | 1.14.0-bp153.1.19  | x86_64 | openSUSE-Leap-15.3-Oss
  | openfortivpn                     | srcpackage | 1.14.0-bp153.1.19  | noarch | openSUSE-Leap-15.3-Source
  | plasma-nm5-fortisslvpn           | package    | 5.22.5-lp153.345.2 | x86_64 | KDE-Frameworks
  | plasma-nm5-fortisslvpn           | package    | 5.18.5-bp153.2.2.1 | x86_64 | repo-backports
  | plasma-nm5-fortisslvpn           | package    | 5.18.5-bp153.2.2.1 | x86_64 | Update repository of openSUSE Backports
  | plasma-nm5-fortisslvpn           | package    | 5.18.5-bp153.1.28  | x86_64 | openSUSE-Leap-15.3-Oss
  | plasma-nm5-fortisslvpn           | package    | 5.18.5-bp153.2.2.1 | i586   | repo-backports
  | plasma-nm5-fortisslvpn           | package    | 5.18.5-bp153.2.2.1 | i586   | Update repository of openSUSE Backports
  | plasma-nm5-fortisslvpn-debuginfo | package    | 5.22.5-lp153.345.2 | x86_64 | KDE-Frameworks