networkmanager-openvpn-0.7.1 uses the following sscanf to see if openvpn asks for some password: if (sscanf (str, ">PASSWORD:Need '%a[^']'", &auth) > 0) { However, with sys-libs/glibc-2.10.1, this sscanf doesn't work, as can be tested by a simple standalone C program: #include <stdio.h> #include <stdlib.h> #include <errno.h> int main(int argc, char *argv[]) { char *auth; int result = sscanf(argv[1], ">PASSWORD:Need '%a[^']'", &auth); if (result > 0) { printf("auth: %s\n", auth); free(auth); } else { printf("No auth, result=%d, errno=%d\n", result, errno); } return 0; } One can change "%a" to "%m" (a more modern form of the same GNU extension), or apply the patch at the URL above. Reproducible: Always Steps to Reproduce: Create an openvpn connection with a private key using NetworkManager. Start wireshark, tell it to capture on all interfaces. Attempt to start the connection. Actual Results: On the openvpn control socket (127.0.0.1:1194), openvpn asks for a private key password. It never gets a reply and thus doesn't even attempt to contach the openvpn server. Expected Results: Some packets should flow both on the control connection (openvpn should receive a password there) and to/from the openvpn server. The connection should be established.
Added to the tree. Thanks for providing link to the patch.