Unable to connect with 2FA due to oath.log permissions #154
Description
After enabling 2FA, I'm unable to connect due to a /var/log/openvpn/oath.log permission issue.
2025-07-30 07:41:44 Initialization Sequence Completed
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:12 Connection Attempt read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:13 109.142.123.123:19523 VERIFY OK: depth=1, CN=MyOrg
2025-07-30 07:50:13 109.142.123.123:19523 VERIFY KU OK
2025-07-30 07:50:13 109.142.123.123:19523 Validating certificate extended key usage
2025-07-30 07:50:13 109.142.123.123:19523 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2025-07-30 07:50:13 109.142.123.123:19523 VERIFY EKU OK
2025-07-30 07:50:13 109.142.123.123:19523 VERIFY OK: depth=0, CN=MyUser
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_VER=3.11.1
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_PLAT=android
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_NCP=2
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_TCPNL=1
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_PROTO=8094
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_MTU=1600
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
2025-07-30 07:50:13 109.142.123.123:19523 peer info: IV_SSO=webauth,crtext
tee: /var/log/openvpn/oath.log: Permission denied
Wed Jul 30 07:50:13 UTC 2025 - 2FA authentication attempt for user myuser@gmail.com
FAIL
tee: /var/log/openvpn/oath.log: Permission denied
Wed Jul 30 07:50:13 UTC 2025 - 2FA authentication failed for user myuser@gmail.com
2025-07-30 07:50:13 109.142.123.123:19523 TLS Auth Error: Auth Username/Password verification failed for peer
2025-07-30 07:50:13 109.142.123.123:19523 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-07-30 07:50:13 109.142.123.123:19523 TLS: tls_multi_process: initial untrusted session promoted to semi-trusted
2025-07-30 07:50:13 109.142.123.123:19523 Delayed exit in 5 seconds
2025-07-30 07:50:13 109.142.123.123:19523 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
2025-07-30 07:50:13 109.142.123.123:19523 SENT CONTROL [MyUser]: 'AUTH_FAILED' (status=1)
2025-07-30 07:50:13 109.142.123.123:19523 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-07-30 07:50:13 109.142.123.123:19523 [MyUser] Peer Connection Initiated with [AF_INET]109.142.123.123:19523
2025-07-30 07:50:13 109.142.123.123:19523 PUSH: Received control message: 'PUSH_REQUEST'
2025-07-30 07:50:13 read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:15 read UDPv4 [ECONNREFUSED]: Connection refused (fd=7,code=111)
2025-07-30 07:50:18 109.142.123.123:19523 SIGTERM[soft,delayed-exit] received, client-instance exiting
It was fixed by adding this file in the log directory: ~/openvpn-ui/log$ sudo touch oath.log.
Expected behavior is that this file would be generated automatically.