OpenVPN 3 Linux v20 (stable) This is the first stable release of OpenVPN 3 Linux. This release is mostly adding minor improvements, a few bug fix and adding two more helper tools.
* Feature: openvpn3-admin journal This is a helper function to retrieve log events from the OpenVPN 3 Linux stack logging with systemd-journald. It can be considered a lightweight journaldctl tool, which is targetting some of the filters useful for OpenVPN 3 Linux. * Feature: openvpn3-admin init-setup This is another helper function to configure OpenVPN 3 Linux in an automated fashion based on the current runtime environment. It will ensure proper state directories are present with the proper ownership and access, as well as SELinux context labels if that is available. It will check if the needed user/group accounts is present and whether to use systemd-journald and systemd-resolved or not. In the next release, this feature will be used in the the packaging scripts for Debian/Ubuntu and Fedora/Red Hat Enterprise Linux packaging as well. * Improvement: CR_TEXT based multi-factor authentication support Prior releases did not support CR_TEXT/crtext based authentication which would result in disconnecting from the server while querying the user for the additional credentials. This new mode is more efficient and will keep the connection to the server alive. * Improvement: Improve behaviour with incorrect private key passphrase Prior releases would dump an error message which would not be much end-user friendly if the connection failed due to incorrect passphrase to the private encryption key needed for the connection. This has been improved and the error handling should be more clear for non-technical users.
* Improvement: Run resume and restart operations in the background Until now, the openvpn3 session-manage --resume and --restart operations would run in the foreground, resulting in stopping the VPN session if this operation would be interrupted. These operations can typically run in the background. If a re-authentication would be need, the openvpn3 session-auth command is available to complete that operation. It is also possible to run these operations in the foreground by adding the --timeout argument with a value reasonable to wait for this operation to complete. * Improvement: Install openvpn3/constants.h header file This adds a header file which contains all the constants used by the OpenVPN 3 Linux stack, which is suitable for C programs. The constants listed here is similar to the constants found when importing the Python 3 openvpn3.constants module. These constants are typically used in D-Bus signals issued by the OpenVPN 3 Linux stack. * Bugfix: Don't hardcode use of --journald in openvpn3-service-logger Not all Linux distributions ships with the systemd stack. Auto-detect during build time if systemd support is available or not and fallback to syslog if systemd support is lacking. * Bugfix: Don't hard-fail if systemd-resolved is unreachable If openvpn3-service-netcfg could not reach or access the systemd-resolved service, it would hard-fail which again would cause the VPN session to fail starting. This has been changed so the VPN session will succeed, but it will instead not do the DNS configuration. This situation will be duly logged in the system logs. * Documentation: Highlight deprecation of openvpn3-autoload The openvpn3-autoload feature is being deprecated in favour of using the systemd openvpn3-session@.service feature instead. The openvpn3-autoload feature will still be around though, until there is a suitable alternative for Linux distributions not capable of using the native systemd approach. * Documentation: Generic overhaul Lots of the man pages as well as README.md file has been reviewed and updated. Lots of details has been clarified and the README.md has been split up into several files as it has grown quite a lot and some of the information would be better to have in other files to avoid duplicating the information. * Code: Coding style There exists now a .clang-format coding style definition and all the C++ source code and headers should now be using this style. * Copyright: Switch to SPDX license tags To ease the maintenance of copyright blobs, all files with an AGPL copyright blob has been switched to the SPDX license tag. * Source code hosting Codeberg has been tested for a little while and I have decided to give it more widely use. As of this release, the main source code hosting will be at the codeberg.org instance. The OpenVPN 3 Linux project will in the coming days do a full migration where all issues from GitHub will be migrated as best as it can. The GitHub and GitLab instances will still carry a mirror of the git repository, but issue tracking will be moved to Codeberg. Supported Linux distributions ----------------------------- - Debian 10 (amd64, arm64) - Debian 11 (amd64, arm64) - Fedora 36, 37 and 38 (x86_64, aarch64, s390x) - Red Hat Enterprise Linux 7 (x86_64) - Red Hat Enterprise Linux 8 and 9 (x86_64, aarch64) - Ubuntu 18.04, 20.04 and 22.04, (amd64, arm64) The arm64 support on selected Debian and Ubuntu releases are considered tech-preview. We would like to get feedback from arm64 users how OpenVPN 3 Linux works here, then we can remove the tech-preview label for arm64. The non-LTS Ubuntu releases has been unlisted. The OpenVPN 3 Linux project will primarily focus the LTS releases. The non-LTS releases will still get builds, but they will no go through the same kind of testing before releases. Those builds will also not necessarily arrive at the same time as the builds for LTS releases. Installation and getting started instructions can be found here: <https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux> Credits ------- Since this is the first stable release, it's appropriate to give some credits to people who have contributed in various ways to this project so far. A huge thanks goes to: Antonio Quartulli Arne Schwabe Ben Yanke David Schneider dangerfish96 fldu Frank Lichtenheld Frans Klaver Heiko Hund Jagadeesh Kotra Johan Draaisma John Eismeier Kevin Lindsay Lev Stipakov Mykola Stolyarenko Raphael Mader Romain Loutrel Samuli Seppänen In addition comes all those who have tested OpenVPN 3 Linux and provided feedback through various channels through all these releases. You have all been important in ensuring this project has evolved and matured. I'm sorry I don't have a proper list of all you, but you would also deserve to be mentioned. -- kind regards, David Sommerseth OpenVPN Inc ---- Source tarballs --------------------------------------------------- * OpenVPN 3 Linux v20 <https://swupdate.openvpn.net/community/releases/openvpn3-linux-20.tar.xz> <https://swupdate.openvpn.net/community/releases/openvpn3-linux-20.tar.xz.asc> ---- SHA256 Checksums -------------------------------------------------- ---- git references ---------------------------------------------------- git repositories: <https://codeberg.org/OpenVPN/openvpn3-linux> (Primary) <https://gitlab.com/openvpn/openvpn3-linux> (mirror) <https://github.com/OpenVPN/openvpn3-linux> (mirror)git tag: v20
git commit: e7531f45d3743bfe58223a6b56794aa8bba01ba9
---- Changes from v19_beta to v20--- -----------------------------------
David Sommerseth (47):
Coding style update
build/clang++: Fix build issues with clang++14
log: Add default initialising of LogEvent members
log: Extend LogEvent with group/category parsing from strings
log: Extend LogEvent with str() method
ovpn3cli/log: Use the new LogEvent::str() method
log: Adding Log::Journald::Parser and related classes
ovpn3cli: New command - openvpn3-admin journal
copyright: Use SPDX license tags
core: Update to OpenVPN 3 Core library v3.7.2
Add .git-blame-ignore-revs with instructions
cli/session-manage: Make --resume and --restart run in background
log: Ensure extracted systemd-journald fields have correct length
docs/man: Fix missing backslash in Makefile.am
build: Unbreak non-systemd based builds again
dbus: Add AUTH_PENDING related constants
client: Implement support for CR_TEXT pending authentication
tests: Extend requires-queue tests with
ClientAttentionGroup::CHALLENGE_AUTH_PENDING
common/dbus: Migrate g_variant_get() to GLibUtils::ExtractValue<>()
selinux: Allow openvpn3_client_t to use syslog
copyright: Fix typo in a license tag
ovpn3cli: User credential input error handling input with session-start
cli: Improve behaviour with incorrect PK passphrase or CONN_FAILED
netcfg: Exit early if systemd-resolved cannot be reached
common: Add support for comment fields in SingleCommand arg parser
build: Add a check for the libselinux library
ovpn3cli/admin: Add new init-config command
log: Don't hard-code --journald in auto-start service
docs: Update openvpn3-autoload documentation
copyright: Update copyright years
build: Ensure OPENVPN3_STATEDIR is properly set
ovpn3cli/admin: Check chown/chmod return codes in init-config
ovpn3cli/admin: Make init-config check SELinux status first
docs: Clean up the "SEE ALSO" sections in some base man pages
log: Filter out UNDEFINED LogGroup and LogCategory
log/jourald: Don't provide strings for LogCategory/LogGroup::UNDEFINED
ovpn3cli/admin: Make init-config also check for configs subdir
ovpn3cli/admin: Clean up incorrect wording in init-config
man: Updating openvpn3-linux.7 man page
man: Use proper man page titles
dbus: Combine and reduce DBusProxy constructors
dbus: Provide a generic ProxyConnect() method
dbus: Additional DBusProxy cleanups
netcfg: Delay connecting to systemd-resolved service
docs: Overhaul of README.md and split it up
build: Add a few missing header files to satisfy GCC 13
build: Install openvpn3/constants.h header file
Frans Klaver (1):
tests: platforminfo: skip DBus test if hostname service isn't available
-------------------------------------------------------------------------
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
