This is likely related to this semi-recent change:

https://cs.chromium.org/chromium/src/ui/webui/resources/cr_elements/chromeos/network/cr_onc_types.js?dr&q=cr_onc&sq=package:chromium&g=0&l=304

Hi, 
Could you please provide configuration in ONC format for this policy pushed vpn network?

The issue is happening for EAP-TLS policy configured networks also.  I cannot connect to the network either.
{
      "GUID": "{cb17b646-e77c-4449-b345-466148ed51c5}",
      "Name": "OpenVPN",
      "ProxySettings": {
         "Type": "Direct"
      },
      "Type": "VPN",
      "VPN": {
         "AutoConnect": false,
         "Host": "openvpn",
         "OpenVPN": {
            "AuthRetry": "interact",
            "ClientCertType": "None",
            "Password": "********",
            "Port": 1192,
            "Proto": "udp",
            "Recommended": [ "Username", "Password" ],
            "SaveCredentials": true,
            "ServerCARef": "{fc2e9410-4d17-46e5-aa7c-97387767af94}",
            "Username": "openvpn"
         },
         "Type": "OpenVPN"
      }
   }, 




"Type": "Ethernet"
   }, {
      "GUID": "{b83beb2b-495a-4b44-86ff-97b6018a99a7}",
      "Name": "EAP-TLS- Enterprise-Temporary (Other being used for dynamic WEP)",
      "ProxySettings": {
         "Type": "Direct"
      },
      "Type": "WiFi",
      "WiFi": {
         "AutoConnect": false,
         "EAP": {
            "ClientCertPattern": {
               "EnrollmentURI": [ "http://www.radius.com/certs/download.php" ],
               "Issuer": {
                  "CommonName": "radius-ca",
                  "Organization": "Google",
                  "OrganizationalUnit": "ChromeOS"
               },
               "Subject": {
                  "CommonName": "radius-client",
                  "Organization": "Google",
                  "OrganizationalUnit": "ChromeOS"
               }
            },
            "ClientCertType": "Pattern",
            "Identity": "CrOS",
            "Outer": "EAP-TLS",
            "Recommended": [ "AnonymousIdentity", "Password" ],
            "SaveCredentials": true,
            "ServerCARef": "{ec4cb0aa-25a4-4e7b-9e6f-b71def059de0}",
            "UseSystemCAs": true
         },
         "HiddenSSID": false,
         "SSID": "CrOS_WPA2_LinksysE3000N_5GHz",
         "Security": "WPA-EAP"
      }
   }, 

plus Marking as a Beta blocker. 

Deleted: openvpn.onc 2.7 KB

openvpn.onc 2.7 KB Download

aashutoshk@- 

This issue was marked as blocking M72 Beta. M72 Beta is targeted for tomorrow.

Was this issue introduced in M72?

Do we know how many Enterprise users are on Beta? If Enterprise users are not usually on Beta, can we move to ReleaseBlock-Stable?

Are there any workarounds for this issue?

Was this issue introduced in M72?
>>Yes, This is M72 specific. I don't see this issue on M71.

Do we know how many Enterprise users are on Beta? If Enterprise users are not usually on Beta, can we move to ReleaseBlock-Stable?
>> No idea. Ccing few more people who may have some idea.

Are there any workarounds for this issue?
>> Nope. 

Discussed with aashutoshk@ regarding the configuration, 
checked and observed the device cannot connect to the configured network. 

Google Chrome(72.0.3626.22,11316.29.0) robo

Attached logs.

Additional Information:
Able to install the certificate and successfully connect to Google-A network.

Attached logs.

Deleted: debug-logs_20181218-120131.tgz 1.1 MB

debug-logs_20181218-120131.tgz 1.1 MB Download

The bug is associated with only "UserEditable/DeviceEditable" fields in ManagedProperties (https://cs.chromium.org/chromium/src/third_party/closure_compiler/externs/networking_private.js?q=networking_private.js&sq=package:chromium&dr&l=128).
In this case it's OpenVPNProperties.OTP.

There is CL fixing this bug: https://chromium-review.googlesource.com/c/chromium/src/+/1335487

voit@ is going to submit it during next week.

The patch in 1335487 does more than just fix this bug, can we put up a CL that just fixes cr_onc_types.js (which I assume is where the bug is)?

I'm against pushing this to Beta.  Many of our customers have been burned recently when it comes to our networking changes.  It's true that most of our users are on Stable channel, but most != all.  We cannot both actively encourage customers to put a % of their devices on Beta channel and also push a bug like this.

Can someone from Support and Enterprise PM team please weigh in too?

agreed, we should not push this if we believe it will break enterprises on beta.

+1 to not pushing known significant regressions to beta please

Makes sense .. 
Do we have autotest to catch this earlier next time? 

Thank you for the input everyone. Leaving this issue as a ReleaseBlock-Beta. We will target M72 Beta after the holidays.

UI issues are very difficult to test. We have hundreds of permutations making an exhaustive test prohibited.

That said, we could and should add a comprehensive browser test for the network configuration UI that would catch this and some other issues we have seen in the past. It's just a matter of prioritizing the work.

Marking as P0 as this is blocking M-72 Beta and M-73 Dev.

I've created a doc detailing limitations of Autotest in catching bugs like this. Please take a look.

https://docs.google.com/document/d/1LPpVx3RxKQ2zln-AgXfMxO78WxLZT65I16I309D3yGA/edit#

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/246bbef23e889d50609132a6b74e973a35ebc63d

commit 246bbef23e889d50609132a6b74e973a35ebc63d
Author: Nikita Podguzov <nikitapodguzov@chromium.org>
Date: Thu Dec 20 01:11:29 2018

Fix network configuration UI.

Change CrOnc.getActiveProperties by allowing properties to have only "UserEditable" or "DeviceEditable" fields.

Bug:  915957 
Change-Id: I4dfeb3f2847d3e5318fcbef4e3f8b5ca691859a8
Reviewed-on: https://chromium-review.googlesource.com/c/1384373
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Nikita Podguzov <nikitapodguzov@google.com>
Cr-Commit-Position: refs/heads/master@{#618056}
[modify] https://crrev.com/246bbef23e889d50609132a6b74e973a35ebc63d/ui/webui/resources/cr_elements/chromeos/network/cr_onc_types.js

The bug is fixed with https://chromium-review.googlesource.com/c/chromium/src/+/1384373

[Auto-generated comment by a script] We noticed that this issue is targeted for M-72; it appears the fix may have landed after branch point, meaning a merge might be required. The owner of this bug should confirm if a merge is required here. If so, add Merge-Request-72 label and indicate which commits/CLs are to be merged. Otherwise, remove Merge-TBD label. Thanks.

aashutoshk@
Please verify that the bug was fixed.

This bug requires manual review: M72 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: govind@(Android), kariahda@(iOS), djmm@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

aashutoshk@ - Re comment #25, can you verify that the bug is fixed? 

@ dgagnon/nikitapodguzov:  It looks like the fix is still not baked into the latest builds(11316.46.0).  If this is incorrect can you please provide the build number to be tested?

The CL landed in 73.0.3646.0 (20th December), but looking at https://cros-goldeneye.corp.google.com/chromeos/console/listChromePfqBuild#/ it looks like the latest chrome builds all fail and there hasn't been an uprev in chrome versions since 18th of December (73.0.3644.0). I guess we'll just have to wait a little longer or you download a custom pre-flight image for you board (https://pantheon.corp.google.com/storage/browser/chromeos-image-archive/eve-chrome-pfq/R73-11438.0.0-rc2 for eve, for example).

I can open configuration panel  for VPN networks, but I see a couple of other issues
1) Configure button for policy pushed networks is grayed out and not clickable.
2) Cannot add VPN manually for enterprise user as "server hostname" field and "provider type" dropdown in the configuration panel are grayed out.
3) Only after making changes in the configuration panel, I can click connect; otherwise, the button is not highlighted. 

Tested on Robo360 (Coral) 11512.0.0 73.0.3654.0.
feedback report: https://listnr.corp.google.com/report/85883627234 

If this is a true beta-blocker, we have a problem.  Everyone up to director level is OOO this week and we're making a beta candidate from the dev channel tomorrow.

@comment #30:
(1) is actually a feature recently introduced ( bug 877424 ). You can only edit/configure policy pushed networks if they have 'recommended' (i.e. changeable by user) values. If all values are enforced, the 'Configure' button will be disabled.
(2) can't reproduce that on ToT or M72
(3) AFAIK the connect button should only be clickable once the network is connectable (i.e. fully configured).

@comment #31:
atwilson@ is OOO until monday as well.

@all:
As of yesterday go/goldeneye lists images with chrome versions including the fix CL (>73.0.3646.0) from comment #21, so you should be able to test this now.

Please merge this change to M72 as soon as you can today and test it on the branch.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c52524dd8e65459296a1b423ea205dc472d728ae

commit c52524dd8e65459296a1b423ea205dc472d728ae
Author: Alexander Hendrich <hendrich@chromium.org>
Date: Thu Jan 03 22:13:15 2019

[Merge M72] Fix network configuration UI.

Change CrOnc.getActiveProperties by allowing properties to have only "UserEditable" or "DeviceEditable" fields.

(cherry picked from commit 246bbef23e889d50609132a6b74e973a35ebc63d)

Bug:  915957 
Change-Id: I4dfeb3f2847d3e5318fcbef4e3f8b5ca691859a8
Reviewed-on: https://chromium-review.googlesource.com/c/1384373
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Nikita Podguzov <nikitapodguzov@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#618056}
Reviewed-on: https://chromium-review.googlesource.com/c/1395023
Reviewed-by: David McMahon <djmm@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#555}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}
[modify] https://crrev.com/c52524dd8e65459296a1b423ea205dc472d728ae/chromeos/services/assistant/BUILD.gn
[modify] https://crrev.com/c52524dd8e65459296a1b423ea205dc472d728ae/ui/webui/resources/cr_elements/chromeos/network/cr_onc_types.js

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/c52524dd8e65459296a1b423ea205dc472d728ae

Commit: c52524dd8e65459296a1b423ea205dc472d728ae
Author: hendrich@chromium.org
Commiter: hendrich@chromium.org
Date: 2019-01-03 22:13:15 +0000 UTC

[Merge M72] Fix network configuration UI.

Change CrOnc.getActiveProperties by allowing properties to have only "UserEditable" or "DeviceEditable" fields.

(cherry picked from commit 246bbef23e889d50609132a6b74e973a35ebc63d)

Bug:  915957 
Change-Id: I4dfeb3f2847d3e5318fcbef4e3f8b5ca691859a8
Reviewed-on: https://chromium-review.googlesource.com/c/1384373
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Nikita Podguzov <nikitapodguzov@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#618056}
Reviewed-on: https://chromium-review.googlesource.com/c/1395023
Reviewed-by: David McMahon <djmm@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#555}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}

Here's a summary of the rules that were executed: 
 - OnlyMergeApprovedChange: Rule Failed -- Revision c52524dd8e65459296a1b423ea205dc472d728ae was merged to refs/branch-heads/3626 branch with no merge approval from a TPM! 
Please explain why this change was merged to the branch!
 - AcknowledgeMerge: Notification Required -- 

Closing this as fixed. 

2) Cannot add VPN manually for enterprise user as "server hostname" field and "provider type" dropdown in the configuration panel are grayed out.

>>> I cannot reproduce the issue either, will open a separate issue to track it if I see it again. 

as per the comment#37