Hi, The OpenVPN 3 Linux v13 beta is now ready.
The highlights of this release includes:
* Feature: IPv6 and TCP protocol support in
OpenVPN Data Channel Off-load (DCO) kernel module
-------------------------------------
## WARNING ## TECH-PREVIEW FEATURE ##
-------------------------------------
The DCO feature is currently a tech-preview feature. It is not
targeted for production usage in its current shape. As this is
still under heavy development, we currently only support the latest
Fedora releases (Fedora 32 and newer), Ubuntu 20.04 and Ubuntu 20.10.
This currently requires Linux kernel 5.4 and newer.
This release includes an updated ovpn-dco implementation which adds both
TCP and IPv6 protocols to be used for the transport between client and server.
If you are testing the DCO feature, also be sure you use the updated
kmod-ovpn-dco package or build the ovpn-dco module based on git
commit 8f04ed862539f0.
Please see the information at the end how to enable the DCO feature.
* Bugfix: Misleading argument count when options are missing arguments
If an option requring a certain minimum amount of arguments was missing one
or more arguments, for example using just --keepalive 30, the error would be:
ERR_PROFILE_OPTION: option_error: option 'keepalive' must have at least 3
arguments
This is incorrect. The correct number should be "2 arguments". This has
been fixed in the OpenVPN 3 Core library which generated this error string.
* Bugfix: Multi-factor authentication broke with v12_beta
With the v12_beta release, web based authentication was added. This also
added signalling support for the CR_TEXT authentication method which was not
intended to be added. This resulted in many multi-factor authentication
configurations to fail, in particular those connecting to OpenVPN Access
Server. This has been corrected and openvpn3-linux does no longer signal
CR_TEXT authentication method support.
Supported Linux distributions:
- Debian 9, 10 (x86_64)
- CentOS 7 and 8 (x86_64, aarch64)
- Fedora 32, 33 and Rawhide (x86_64, aarch64, s390x)
- Red Hat Enterprise Linux 7 and 8 (x86_64, aarch64)
- Ubuntu 16.04, 18.04, 19.10 and 20.04 (x86_64)
- Tech-preview: Ubuntu 20.10 [grovy] (x86_64)
Ubuntu 20.10 is expected to be fully supported as of the next release.
Instructions how to install OpenVPN 3 Linux can be found here:
<https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux>
--
kind regards,
David Sommerseth
OpenVPN Inc
---- Tech preview: Enable OpenVPN Data Channel Offload ------------------
-------------------------------------
## WARNING ## TECH-PREVIEW FEATURE ##
-------------------------------------
The ovpn-dco kernel module is under heavy development.
This means that the API used between the kernel space
and OpenVPN user space processes may change. Therefore
the kernel module version must be the same which
OpenVPN 3 Linux has been compiled against. Once
the API is has become stable, this restriction will no
longer be needed.
Currently the DCO feature is only available for testing on Fedora 32,
Fedora 33, Fedora Rawhide, Ubuntu 20.04 and Ubuntu 20.10.
On Fedora, with the openvpn3 Copr repository enabled:
# yum install kmod-ovpn-dco
On Ubuntu, with the openvpn3 apt repository configured:
# apt install kmod-ovpn-dco
With the kernel module installed, the configuration file must be
be imported:
$ openvpn3 config-import --config CONFIG_FILENAME \
--name CFGNAME \
--persistent
Then the imported configuration profile must get the DCO feature
enabled:
$ openvpn3 config-manage --show --config CFGNAME --dco true
To preserve this setting through reboots, --persistent was added
when importing the configuration file via 'openvpn3 config-import'.
Now everything is ready and a VPN session can be started:
$ openvpn3 session-start --config CFGNAME
In the log data generated by OpenVPN 3 Linux, you should see
an UDPv4-DCO, UDPv6-DCO, TCPv4-DCO or TCPv6-DCO reference similar
to this line:
[...] CONNECTED servername:port (x.x.x.x) via /UDPv4-DCO [...]
---- Source tarballs ----------------------------------------------------
* OpenVPN 3 Linux v11 beta
<https://swupdate.openvpn.net/community/releases/openvpn3-linux-13_beta.tar.xz>
<https://swupdate.openvpn.net/community/releases/openvpn3-linux-13_beta.tar.xz.asc>
---- SHA256 Checksums ---------------------------------------------------
3eb1ea7166f21525c23ff37d971ac71916e4b476df7ddd6c50dc3684e864e738
openvpn3-linux-13_beta.tar.xz
fa69dedbeaf754eac298e55f7b3b490959cc34b183ee777cd8651533b403241e
openvpn3-linux-13_beta.tar.xz.asc
---- git references -----------------------------------------------------
git repositories:
<https://gitlab.com/openvpn/openvpn3-linux>
<https://github.com/OpenVPN/openvpn3-linux>
git tag: v13_beta
git commit: 20319752618587500d7d5bc496965d742ce161dc
---- Changes from v11 to v12 --------------------------------------------
David Sommerseth (1):
client: Don't signal support for crtext authentication
Lev Stipakov (5):
ovpn-dco: support for various transport protocols
core: Update to Core library with ovpn-dco transport improvements
ovpn-dco: Update to latest git master
ovpn-dco: truncate nonce_tail length
ovpn-dco: remove cbc-hmac support
-------------------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
