OpenVPN 3 Linux v25 (Stable release) The v25 release provides three new features and several enhancements since the previous release.
Please notice the deprecation of openvpn3-autoload. * Feature: Live route updates (PUSH_UPDATE) support When connecting to OpenVPN servers capable of pushing new network configurations, such as new network routes, the OpenVPN 3 Linux client will now update the current VPN network setup, including DNS, and replace it with the previous configuration without triggering a reconnect to the server. * Feature: Automatic restart of VPN client processes disappearing When configured, the OpenVPN 3 Linux Session Manager service will now detect if a VPN process unexpectedly disappears and will attempt to restart it automatically. See the --automatic-restart option in the openvpn3 config-manage man page for further details. This feature is disabled by default. * Feature: AWS VPC integration can now use named routing tables When the "route-table-name" setting is configured in the OpenVPN 3 AWS Integration add-on, this add-on will perform a lookup for this AWS VPC routing table and apply the routes here. If this table is not to be found, the add-on will create it on-the-fly as needed. * FEATURE DEPRECATION: openvpn3-autoload The openvpn3-autoload feature was deprecated already in the v20 release. This feature will be removed in a coming stable release. The replacement is the openvpn3-session@.service systemd unit. Please see the openvpn3-systemd man page [1] for more details. If you depend on openvpn3-autoload today, please migrate ASAP to the systemd approach.[1] <https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-systemd.8.rst>
* Improvement: Better error messages for SSL/TLS issues The openvpn3 command will now provide more details on SSL/TLS related issues, due to enhancements in the update OpenVPN 3 Core Library. * Improvement: openvpn3-admin journal shows correct time It has been an open issue for a long time where time zone and the local DST state resulted in the openvpn3-admin journal command presenting the wrong time in the log events. This has been resolved by the conversion taking the current time zone and DST state into consideration. * Improvement: A more resilient systemd-resolved integration The prior systemd-resolved integration could in many cases fail to properly configure the DNS resolver settings. This was often due to the systemd-resolved service responding slower than expected. This could in the most sever situations result in the VPN session failing to properly start. This has been improved by doing all the calls to systemd-resolved in the background, allowing the VPN session to be properly connected while the systemd-resolved integration will be more persistent in allowing the low-level D-Bus calls to complete independently of the main VPN session itself. * OpenVPN 3 Core Library update The OpenVPN 3 Core Library has been updated to version 3.11.3, which also provide new features such as Epoch Data Keys support, Live route updates (PUSH_UPDATE), improved events on TLS alerts, support for more pushed routes, improved --dns and --dhcp-option parsing. Known issues: - The openvpn3-service-netcfg service does not differentiate between --dns server X resolve-domains and --dns search-domains when using the --resolv-conf mode, which is not as this feature is intended to work. This was discovered in the v24 release and is on the schedule to be fixed in the next releases. When this gets fixed, only --dns search-domains will be considered as search domains and --dns server X resolve-domains will enable split-DNS when using --systemd-resolved and otherwise ignored when using --resolv-conf with openvpn3-service-netcfg. Credits ------- Thanks goes to those continuing testing and reporting issues. In particular Razvan Cojocaru, Marc Leeman, Fabio Pedretti, Lev Stipakov, Leonard Ossa, Yuriy Darnobyt, Oleh Salnikov and Nazar Vasiuchyn, Brandon Jimenez and Gabriel Palmar for contributing and improving this release through code changes, documentation, reviewing, testing and making the finished packages available to us all. Supported Linux distributions ----------------------------- - Debian: 12 - Fedora: 41, 42 - Red Hat Enterprise Linux 8, 9, 10[*] - Ubuntu: 22.04, 24.04, 25.05 Installation and getting started instructions can be found here: <https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux> There are in addition other Linux distributions now providing OpenVPN 3 Linux packages. These distributions are primarily supported by their respective distribution communities. We will naturally review and apply fixes deemed needed for any other distributions as they occur. NOTE: Red Hat Enterprise Linux 10 The Fedora Copr repository definition for RHEL+EPEL-10 *may* use a wrong URL. After doing the 'dnf copr enable' step on RHEL-10, please ensure the URL contains 'rhel+epel' and not just 'epel'. This is expected to automatically improve after a bit. The stable repositories provided by OpenVPN Inc should not have this issue. -- kind regards, Yuriy Darnobyt OpenVPN Inc ---- Source tarballs --------------------------------------------------- * OpenVPN 3 Linux v25 <https://swupdate.openvpn.net/community/releases/openvpn3-linux-25.tar.xz> <https://swupdate.openvpn.net/community/releases/openvpn3-linux-25.tar.xz.asc> * GDBus++ v3 <https://swupdate.openvpn.net/community/releases/gdbuspp-3.tar.xz> <https://swupdate.openvpn.net/community/releases/gdbuspp-3.tar.xz.asc> ---- SHA256 Checksums --------------------------------------------------efccb7958fefcea4e03a9b96e5391c87c7f55bb28ae36782e41e22f7ff6d15b5 openvpn3-linux-25.tar.xz 2ee1f653b8f5d7062d92120a7daa56f97f532e9d4098a56e4dc5a6a616a7e5d0 openvpn3-linux-25.tar.xz.asc c7a053a13c4eb5811a542b747d5fcdb3a8e58a4a42c7237cc5e2e2ca72e0c94e gdbuspp-3.tar.xz b9cf732d7a347f324d6a5532dc48f80c2815dbf6704c169b4ee97a411506a99b gdbuspp-3.tar.xz.asc
---- git references ---------------------------------------------------- git repositories: - OpenVPN 3 Linux <https://codeberg.org/OpenVPN/openvpn3-linux> (PRIMARY) <https://gitlab.com/openvpn/openvpn3-linux> (code-only mirror) <https://github.com/OpenVPN/openvpn3-linux> (code-only mirror) git tag: v25 git commit: f68cacc65bbb5b706de1fee987304e810ed9d3a0 - GDBus++ <https://codeberg.org/OpenVPN/gdbuspp/> (PRIMARY) <https://gitlab.com/openvpn/gdbuspp/> (code-only mirror) <https://github.com/openvpn/gdbuspp/> (code-only mirror) git tag: v3 git commit: 96f7fb688ed2dea3f192c63c5fe283dbe4900f16 ---- Changes from v24 to v25 --------------------------------------- David Sommerseth (79): spelling: Fix various spelling mistakesbuild: Fix incorrect default value assignment for create_statedir option common: Check if org.freedesktop.hostname1 is available in PlatformInfo
client: Handle exceptions in ~BackendStarterSrv tests: Only build journal-log-parse if systemd is present netcfg/resolved: Remove no longer needed service check configmgr: Catch SetOverride issues at JSON config import ovpn3cli: Improve session-start details on successful connection configmgr/proxy: Improve error message on SetOverride() failures tests: Improve config-override-selftest failure situations ovpn3cli/admin: Improve sessionmgr-service verose session list core: Update to OpenVPN 3 Core 3.11 QA/stabilization branch ovpn3cli/init-config: Add --debug argumentsessionmgr: Minor log verbosity changes in the session auto-restart feature
build: Misc cleanup in Meson build scripts client: Refactor D-Bus initialization during process start configmgr/docs: Update man page for the --automatic-restart feature netcfg: Refactor D-Bus initialization during process start netcfg: Extend NetCfgOptions to handle log settings netcfg: Remove the "default log level" passing netcfg: Use logging settings from NetCfgOptions netcfg: Remove support for --signal-broadcast netcfg: Remove unused NetCfgService member - srv_obj core: Update to final OpenVPN 3 Core Library v3.11 sessionmgr: Ignore Detach() exceptions in SessionManager::~Service() docs: Update build dependencies in BUILD.md log: Add missing cstdint header in logmetadata.hpp sessionmgr: Use Events::Status::operator<<() for tunnel restart info common: Refactor Configuration::File to use std::filesystemovpn3cli/init-config: Refactor file/directory handling to use std::filesystem ovpn3cli/init-config: Don't follow symlinks setting up state/configs dirs
sessionmgr: Catch incorrect log level requests in Session object build: Fix minor meson complaint in addons/aws netcfg/resolved: Add internal error message storage to proxy code netcfg/resolved: Implement base features for background async callsnetcfg/resolved: Switch serveral D-Bus calls to async background calls
netcfg/resolved: Handle errors from background D-Bus calls netcfg/resolved: Retry if systemd-resolved background calls times out core: Upgrade to OpenVPN 3 Core v3.11.1 build: Improve OpenVPN 3 Core library version extraction events/log: Refactor Events::Log() events/log: Simplify Events::Log::str() methods events/log: Implement character filter in Events::Log log: Extend LogSender with a Debug_wnl() method log/core: Enable multi-line logging via the Core D-Bus logger log/journal: Don't filter newlines from journald entrieslog: Preserve the newlines in the log when openvpn3-service-log starts
tests: Add --allow-newline to logservice1 send subcommandcommon/cmdargparser: Minor code cleanup in RegisterParsedArgs::register_option() common/cmdargparser: Filter out ASCII control characters from command line common: Merge and move string ctrl char sanitizing to a shared function
log: Filter strings coming via D-Bus calls sessionmgr/client: Filter reason string to Pause D-Bus method call common: Filter input value to RequiresQueue::UpdateEntry() tests/request-queue: Remove unused local functionconfigmgr/test: Add tests for control chars in various configuration profiles configmgr: Remove control characters from various user input via D-Bus
netcfg: Remove control characters from the D-Bus method inputs python: Add FAT DEPRECATION WARNING in openvpn3-autoload build: Allow version tags to contain dots and minor version digits configmgr/proxy: Ignore minor version number in feature check tests: Upgrade to googletest-1.17.0-1docs/man: Minor language improvements to the openvpn3-service-aws.8 man page addon/aws: Prepare for bumping the required C++ standard version to C++20
log/journald: Fix wrong timezone/dst handling in journald filter log/journald: Refactor log event sending with better error handling netcfg: Read the config file before parsing optionsnetcfg/proxy: Kick out Device::RemoveDNS() and Device::RemoveDNSSearch()
core: Update to OpenVPN 3 Core Library v3.11.2 core: Update to OpenVPN 3 Core Library v3.11.3 log: Extend CoreLog with a more flexible log prefix build: Avoid including build-config.h in header filesnetcfg/dns/systemd-resolved: Provide alternative logging framework when the signal APIs are unavailable netcfg/dns/systemd-resolved: Ensure the GVariant objects used in background D-Bus calls are freed correctly netcfg/dns/systemd-resolved: Ensure the ASIO background worker thread always runs netcfg/dns/systemd-resolved: Rework the resolved::Link::BackgroundCall() implementation client: Ensure DNS domains pushed via --dhcp-option will not enable split-DNS
netcfg/dns/resolved: Avoid race condition in BackgroundCall() client/netcfg: Restore --dns-setup-disabled functionality Fabio Pedretti (1): spelling: Fix systemd-resolved spelling Lev Stipakov (1): addons/aws: Implement support for additional route table Marc Leeman (1): build: Fix incorrect OPENVPN_USERNAME in D-Bus autostart files Razvan Cojocaru (13): configmgr: Fix idle-exit comment signals: Allow signal re-subscription sessionmgr: Expose the method_ready() and method_connect() logicsessionmgr: Allow a Session object to re-associate with a backend process
sessionmgr: Add current backend bus name and last event accessors sessionmgr: Restart prematurely stopped backend processessessionmgr: Only retry to restart backend process a limited number of times
sessionmgr: Don't always try to restart a crashed backend process Remove superfluous try block sessionmgr: Reset the log forwarders on client process restart netcfg: Clean up network setup for crashed client processes sessionmgr: Reset the client process restart timer after a while build: Prepare for bumping the required C++ standard version to C++20 --------------------------------------------------------------------
OpenPGP_0x5EE3432A354AA5F2.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
