Hi, The OpenVPN 3 Linux v19 (beta) release is now available.
First, thank you to all who have reported issues and as well those
who also contributed with changes. Your efforts and interest in this
project is highly appreciated. Please reach out if you have any
questions or wonder about how OpenVPN 3 Linux works or issues related
to using it.
If you have ideas how to make common operations easier with your daily
usage, please get in touch so we can explore those ideas further!
So to the v19 (beta) changes:
This release does another round of improving the logging system,
in addition to bug fixes and other improvements.
* Log system changes
The net.openvpn.v3.log service has been extended to support logging
directly to systemd-journald as an alternative to syslog. The
default log destination has been changed from syslog to journald.
Using the systemd-journald as the log destination allows attaching
more meta data variables to the log events, which can be used when
querying the journal using journalctl. These additional meta data
variables can be observed when using the 'verbose', 'json',
'json-pretty' or 'export' output modes (journalctl --output)
The OpenVPN 3 Linux specific meta data variables are prefixed with
"O3_". The meta variables OpenVPN 3 Linux may make use of are:
- O3_LOG_GROUP / O3_LOG_CATEGORY
These are direct mapped to the logging classification described
here:
<https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/dbus/dbus-logging.md>
- O3_LOGTAG
This tag is unique per openvpn3-service-* process and will be
changed if the process restarts. This information has so far
been added to the beginning of the log lines, as the '{tag:....}'
prefix. This prefixing to the log lines can now be removed by
running:
# openvpn3-admin log-service --enable-log-prefix false
The O3_LOGTAG will have the same content as the prefix, without
the '{tag:...}' encapsulation; O3_LOGTAG contains only the plain
identifier. The log tags currently active can be listed by
running:
# openvpn3-admin log-service --list-subscriptions
- O3_SENDER, O3_INTERFACE, O3_OBJECT_PATH
These are added if the D-Bus log details are enabled by running:
# openvpn3-admin log-service --dbus-details true
- O3_SESSION_TOKEN
This is used by the openvpn3-service-client process, where the
session token has the same value as the argument the process
is started with
To list only these OpenVPN 3 Linux meta variables, run this
command:
# journalctl -o verbose --since today \
--output-fields=O3_SENDER,O3_INTERFACE,O3_METHOD,O3_OBJECT_PATH,O3_LOGTAG,O3_SESSION_TOKEN,O3_LOG_GROUP,O3_LOG_CATEGORY,MESSAGE
\
_PID=$(pidof openvpn3-service-logger)
This query can be extended further to narrow down the log scope.
To only list client process log events, add this to the line above: O3_LOG_GROUP=Client * Enhancement: IV_PLAT_VER sent to server This field provides OS details of the platform the OpenVPN 3 client is running on. This will contain an arbitrary string provided by either the systemd-hostnamed service, or if that is unavailable it will extract some more generic information using the uname() system function. The IV_GUI_VER string has also been slimmed down a bit to only provide information about the OpenVPN 3 Linux client alone. The IV_VER will contain information about the OpenVPN 3 Core library version which OpenVPN 3 Linux is compiled against. * Update to OpenVPN 3 Core Library v3.7.1 This update of the OpenVPN 3 Core library is a maintenance release. The changes which touches OpenVPN 3 Linux is related to the ovpn-dco kernel module support. On systems running more VPN sessions in parallel with DCO (Data Channel Offload) enabled, the Core library could in some situations perform operations on the wrong DCO interface. * Bugfix: Web based authentication with OpenVPN Access Server fix When connecting to OpenVPN Access Server configured with web based authentication (i.e. SAML), the authentication could fail on renegotiations. The fix currently applied will require to import the Access Server profile once again. This will be improved further in the next release. <https://github.com/OpenVPN/openvpn3-linux/issues/154> * Bugfix: Python warning with openvpn3-as on Ubuntu 22.04 When running the openvpn3-as utility on Ubuntu 22.04 it would complain about using a deprecated ssl.SSLContext() mode. This has been updated to use the preferred mode. * Bugfix: openvpn3 command line bash-completion The bash-completion support has been changed to avoid adding an additional space after file and directory names. The OpenVPN 3 Linux project is now fully focusing on stabilising the code for the first stable release. If the next release will be one of the last beta releases or a stable release depends on what bugs and issues are discovered in this release and what kind of code changes are needed to complete the outstanding issues we want resolved for the stable release. Supported Linux distributions ----------------------------- - Debian 10 (amd64, arm64) - Debian 11 (amd64, arm64) - Fedora 35 and 36 (x86_64, aarch64, s390x) - Red Hat Enterprise Linux 7 (x86_64) - Red Hat Enterprise Linux 8 and 9 (x86_64, aarch64) - Ubuntu 18.04, 20.04, 21.10 and 22.04 (amd64, arm64) Both Fedora 37 and Ubuntu 22.10 will come in the near future as well, they are currently not made available yet. The arm64 support on selected Debian and Ubuntu releases are currently considered a tech-preview. We would like to get feedback from arm64 users how OpenVPN 3 Linux works here, then we can remove the tech-preview label for arm64. -- kind regards, David Sommerseth OpenVPN Inc ---- Source tarballs --------------------------------------------------- * OpenVPN 3 Linux v18 beta <https://swupdate.openvpn.net/community/releases/openvpn3-linux-19_beta.tar.xz> <https://swupdate.openvpn.net/community/releases/openvpn3-linux-19_beta.tar.xz.asc> ---- SHA256 Checksums -------------------------------------------------- ---- git references ---------------------------------------------------- git repositories: <https://gitlab.com/openvpn/openvpn3-linux> <https://github.com/OpenVPN/openvpn3-linux> <https://codeberg.org/OpenVPN/openvpn3-linux>git tag: v19_beta
git commit: 33da965fa4151a05f95f385f00f338fa028471a2
---- Changes from v18_beta to v19_beta ----------------------------------
David Sommerseth (74):
tests: Improve MachineIDTest::get_systemd_api test
build: Split up proxy-netcfg into a manager and device compilation unit
core: Update to latest OpenVPN 3 Core Library 3.7 development
shell: Fix proposing more options to --config shell completion
shell: Fix trailing spaces in bash-completion
build: Generate C compatible header file
dbus: Add missing #include in glibutils.hpp
log: Move LogTag into its own compilation unit
log: Extend LogTag to enable/disable the tag mark encapsulation
log: Extend LogTag with copy constructor
log: Add new helper classes for log meta data
log: Implement the new meta data log handling
log: Extend LogMetaDataValue to process LogTag objects
log: Extend LogMetaData with GetMetaDataRecords() method
log: Use LogTag in Logger class instead of std::string
common: Allow setting default filename in Configuration::File ctor
common: Extend Configuration::File with Get/Set for more data types
log: Re-implement configuration state saving
log: Switch to GLibUtils::ExtractValue in LogEvent
log: Implement LogTag prefix configuration setting
log: Extend LogEvent with LogGroup/Category string extraction
log: Add support for native systemd-journald logging
log: Implement systemd-journald support in openvpn3-service-logger
log: Split logwritter.hpp into its own compilation unit
log: Split out StreamLogWriter and ColourStreamWriter
log: Split out SyslogWriter to its own compilation unit
log: Split out JournaldWriter to its own compilation unit
log: Final change of the logwriter.hpp split-up refactoring
log: Extend LogWriter API to provide backend info
log: Extend net.openvpn.v3.log interface with log_method property
cli/log: Provide information about logging method in use
cli/log: Add admin --enable-log-prefix config setting
log: Fix memory corruption with syslog/openlog()
log: Rework initial opening information in logger service
common: Extend Configuration::File with GetFilename()
log: Extend state/config file option coverage
log/logger: Simplify exclusive option check
log/logger: Rework configuration/state loading
log/logger: Extend with D-Bus property for config_file
common: Add missing include files in cmdparser-exceptions.hpp
cli/log: Add new options for logger config file management
logger: Enable --journald as default log method
build: Don't use space in PACKAGE_NAME
docs/man: Add missing --auth-req option in openvpn3 session-auth
docs: Added GitHub pull-request template
log: Avoid halting logger startup on missing log-service.json
dbus: Make bus_name and interface protected members in DBusProxy
dbus/proxy: Check if property proxy is configured
dbus/connection: Add extra connection tests in DBus constructors
common: Add PlatformInfo API
client: Send platform OS/distro peer information to server
client: Simplify IV_GUI_VER string
utils: Fix incorrect string concat in get_guiversion()
tests/unit: Handle PlatformInfo::DBus error gracefully
python: Use ssl.PROTOCOL_TLS_CLIENT in openvpn3-as
configmgr: Initialise all members of ConfigurationObject class
common: inline optparser_mkline function in core-extensions
build: Fix clang++ warnings related to __LINE__ usage
sessionmgr: Remove not needed namespace reference
build: Fix missing override issues in logging and netcfg-signals.hpp
log: Remove not used class variable in LoggerProxy
log: Add virtual destructor in LogTag
log: Pass the LogTag objects as smart pointers
tests: Extend LogMetaData unit tests (LogMetaData, LogMetaDataValue)
client: Add workaround for OpenVPN Access Server web authentication
tests/core: Extend profilemerge-optionlist with dump functionality
ovpn-dco: Update to latest headers
docs: Add details about nscd and sssd
log: Fix lacking LogWriter::AddMeta() doxy doc
log: Fix missing O3_LOGTAG meta data variable
cli/log-service: Fix incorrect change detection for log prefixing
cli/log-service: Correct the behaviour with journald and D-Bus details
distro: Improve [email protected] unit
core: Update to OpenVPN 3 Core Library v3.7.1
Jagadeesh Kotra (1):
docs/client: fix typo in net.openvpn.v3.client docs
Raphael Mader (1):
log: Fix non-systemd build
-------------------------------------------------------------------------
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
