Skip to content
OpenVPN 3 Linux v22_dev (Limited Release)

This is a limited release primarily targeting Fedora 39 and newer plus
Ubuntu 24.04.  Other Linux distributions shipping glib2 version 2.76
or newer will also benefit from this release.

This release contains a massive re-factoring of the D-Bus integration
layer with glib2.  The glib2 2.76 and newer releases contains several
internal changes which broke the D-Bus implementation layer in
OpenVPN 3 Linux v21 and older releases [1]. To fix this, it was decided
to split out the base D-Bus integration into a new standalone library
which OpenVPN 3 Linux will depend on.  This new project is called
GDBus++.

[1] <https://github.com/OpenVPN/openvpn3-linux/issues/171>

This change brings in a vastly improved D-Bus integration which will
now make extended use of multi-threading when processing D-Bus method
calls and implements modern C++17 approaches when handling requests to
registered D-Bus objects.  It has also been a strong focus on getting
rid of as much of various glib2 warnings which could occasionally appear
in prior OpenVPN 3 Linux releases.

There are most likely a still a lot more room for improvements to both
the new DBus++ and the upgraded OpenVPN 3 Linux code, which is why this
release targets a more limited release scope.

That said, this new code can be made available for all the officially
supported RPM distributions by enabling a "development snapshots" repository.
But this repository will also not have the same QA guarantees as the
official stable repositories.

This release has only been through the full QA validation on Fedora 39,
Fedora 40 and Ubuntu 24.04.

On a development note, this project has now migrated to use Meson [2] as
the build system.  The autoconf/automake build system is now completely
removed.  The Meson build system has turned out to be way simpler to
use and configure than autotools ever was, especially from a developers
point of view.

[2] <https://mesonbuild.com/>

There are unfortunately a few known issues which is targeted for
the coming v23 release:

  - AWS VPC integration is not yet ready, so this add-on is currently
    not available in this v22_dev release.

  - Shell completion may list duplicated options in some cases

  - openvpn3-admin journal --since has a time zone related issue
    and may not list all log events within the closest hours.

Other changes worth mentioning with this release:

* Improvement: Upgrade to OpenVPN 3 Core library v3.8.5

  This upgrade contains several bug fixes related to the option
  parser, mostly issues reported by a wide range of users.  In
  addition to incorrect behaviour with the stub compression when
  the --compress option was used.

* Improvement: openvpn3-admin journal --since argument

  The --since argument can now use the keywords 'today' and
  'yesterday'.

* Bug fix: openvpn3-admin log-service would not change some settings

  On some distributions, the --dbus-details and other boolean flags
  was not properly changed when requested.  This has been improved.

Credits
-------

Finally, it is needed to give a HUGE THANK YOU to all the community
testers which installed and tested rolling development snapshots during
the development of this release.  Without all this testing, we would
not have the same confidence in this release as we have now.  All your
help and feedback has been really valuable and helpful during this the
development phase.

---- Changes from v21 to v22_dev ---------------------------------------

David Sommerseth (324):
      ovpn3cli/admin: log-service lacked initial state and init
      ovpn3cli/admin: Add today/yesterday to journal --since
      codestyle: Use default lambda scope indentation
      processwatch: Remove the processwatch.hpp feature
      idlecheck: Remove IdleChecker implementation for GDBus++ refactoring
      build: Add bare meson build setup
      GDBus++: First step in migrating to the new D-Bus implementation
      GDBus++: Rework constants setup for OpenVPN 3 Linux
      GDBus++: Migrate the log/proxy-log.hpp implementation
      build: Add bare meson setup for generating man pages
      build: Install the base D-Bus policy
      build: Replace individual D-Bus auto-start service files with a template
      GDBus++: Migrate openvpn3-service-backendstart
      build: Add some log handling into the internal shared common library
      GDBus++: Migrate D-Bus proxy code for net.openvpn.v3.config
      client: Simplify StatusEvent() constructors
      build: Extend version extraction to include a few git flags
      build: Build and install SELinux policies via Meson
      GDBus++: Partial migration of netcfg code required to build VPN client backend
      common: Extend RequiresQueue with callback functionality
      GDBus++: Complete migration of StatusEvent()
      GDBus++: Kick out THROW_LOGEXCEPTION() macro
      GDBus++: GDBus++: Complete migration of LogEvent()
      GDBus++/LogSender: Use SignalDeclaration() methods setting up signals
      GDBus++/common: Improve RequiresQueue, avoid static_cast<>()
      GDBus++: First stab at migrating openvpn3-service-client
      build/selinux: Fix wrongly behaving SELinux build detection
      build: Fix issues with missing sd_id128 variable in meson
      build: Prepare the ground for building dco-keyconfig.proto
      GDBus++/common: Migrate PlatformInfo
      GDBUs++/sessionmgr: Initial migration of SessionManager::Event()
      GDBus++/netcfg: Initial migration of NetCfg:DNS::ResolverSettings()
      netcfg: Enforce smart-pointer usage for  NetCfg::DNS::ResolverSettings()
      GDBus++/netcfg: Extend NetCfgChangeType with GDBus++ glib2 helpers
      GDBus++: Migrate the unit tests
      client/log: Rewrite the Core library D-Bus log implementation
      client: Fix minor coding style issues in ConnectionStatDetails
      common: Refactor build-config.h inclusion in MachineID
      Avoid including build-config.h in header files
      GDBus++: Complete migration of NetCfg::DNS::SettingsManager
      common: Add missing sstream include file in configfileparser.hpp
      GDBus++: Migrated NetCfgSubscriptions
      client: Minor code cleanup in core-client.hpp
      GDBus++: Migrate NetCfgSignals
      GDBus++: Extend NetCfgProxy::Device with DCO support
      GDBus++/client: Fix dco and log_level property handling
      client: Remove pointless debug logging of the current run status
      client: Add debug logging when validate_sender() rejects a caller
      build: Use --prod-version as Meson project version
      build: Replace hard-coded -Werror with werror option
      client/core: Rename 'signal' object to 'signals'
      client/core: Reorder and fix #include file related challenges
      client/core: Relocate statistics.hpp include
      client/core: Clean up some #include hierarchy in core-client/core-client-netcfg
      build: Add libnl-3.0 as a dependency
      build: Add debug_internal build configuration flag
      client: Add BackendSignals::Create() static helper function
      log/proxy: Use DBus::Object::Path instead of std::string
      configmgr/proxy: Use DBus::Object::Path instead of std::string
      client: Use DBus::Object::Path in NetCfgTunBuilder::netcfg_get_device_path()
      client: Cleanup leftovers in NetCfgTunBuilder for ovpncli-netcfg
      client: Add debug logging when requesting NetCfg Cleanup()
      netcfg/proxy: Use DBus::Object::Path instead of std::string
      tests/netcfg: Migrate netcfg-changeevent-selftest to GDBus++/meson
      netcfg: Migrate NetCfgChangeEvent fully to GDBus++
      tests/netcfg: Migrate netcfg-proxy-unit to GDBus++/Meson
      tests/netcfg: List D-Bus paths if the "Re-fetching" fails
      core: Update to OpenVPN 3 Core Library v3.8.4
      netcfg/dns: Migrate NetCfg::DNS::resolved proxy to GDBus++
      netcfg/dns: Refactor the SettingsManager and ResolverBackendInterface
      netcfg/dns: Refactor NetCfg::DNS::ResolvConfFile
      netcfg/dns: Fix NetCfg::DNS::ResolverSettings::operator<<() behaviour
      netcfg/dns: Refactor NetCfg::DNS::SystemdResolved
      netcfg/build: Include NetCfgChangeType into the static netcfg library
      build: Move some netcfg components out of the static libnetcfg library
      GDBus++: Migrate openvpn3-service-netcfg (non-DCO)
      selinux: Allow openvpn3-service-netcfg to use syslog
      client: Fix incorrect empty session_path property
      client: Explicitly set the scope on a few Core library types
      netcfg/dns: Fix glib2 GVariant ref counting issues
      netcfg: Preserve a pointer to the LogWriter object in NetCfgDevice
      netcfg: Return the proper data type in DcoAvailable
      netcfg: GDBus++: Complete migration of openvpn3-service-netcfg
      vendor: Remove googletest as a git submodule
      netcfg: Check the results when preserving capabilities
      netcfg/dns: systemd-resolved SetDefaultRoute is a method
      netcfg/dns: Detect unsupported SetDefaultRoute feature in systemd-resolved
      sessionmgr: Replace GetIntrospection() with SessionManager::Event::SignalDeclaration()
      sessionmgr: Minor cleanups of SessionManager::Event
      log: Make the StatusChange signal optional in LogSender
      log: Make LogWriter::Ptr a std::shared_ptr
      netcfg: Use DBus::Object::Path in method_fetch_interface_list()
      client: Add AttentionReq class
      GDBus++/tests: Migrate signal-listener
      configmgr/proxy: Do an extra object existence check in ctor
      dbus: Add a GDBus++ DBus::Object extension - Object::ACL
      core: Update to OpenVPN 3 Core Library v3.8.5
      Provide operator<<() function for OpenVPN 3 Linux specific types
      log: Fix incorrect data type in LogProxy::ProxyLogEvents()
      python: Migrate openvpn3.constants generator to Meson
      sessionmgr: Remove not needed arg in SessionManager::Event::SignalDeclaration()
      build: Include dbus/path.cpp into the common static library
      sessionmgr: Adding SessionManager::NewTunnelQueue infrastructure
      sessionmgr: Add generic code for sending session and manager signals
      sessionmgr: GDBus++ migration of the openvpn3-service-sessionmgr
      Codestyle refresh of migrated code
      docs: Update openvpn3-service-sessionmgr man page
      docs: Update D-Bus documentation for net.openvpn.v3.sessions
      vendor: Upgrade ASIO to v1.30.2
      build: Relocate build-version.h for dist packaging
      build: Fix scripts/get-version, use proper path for build-version.h
      build: Generate and install openvpn3/constants.h
      netcfg/dns: Fix missing virtual destructor compiler warnings
      configmgr: Fix warnings about dangling references
      gdbus++: Simplified DBus::Service API
      tests: Extend request-queue-service with file logging
      tests: Add request-queue-test
      tests: Make PlatformInfo unit-test run without D-Bus
      tests: Add more Meson test cases
      tests: Classify already declared Meson test cases
      events: Relocate AttentionReq and StatusEvent
      events: Relocate LogEvent into Events::Log
      dbus: Codestyle cleanup in GDBusPP::Object::Extension::ACL
      dbus/signals: Refactor AttentionRequired and StatusChange signals
      sessionmgr: Cleanup in sessionmgr-events.hpp
      log: Refactor LogFilter to Log::EventFilter
      dbus/signals: Implement ::Signals::Log
      dbus: Clean up minor issues in DBusRequiresQueueProxy
      dbus: Extend DBusRequiresQueueProxy to allow proxy assignment later on
      sessionmgr: Migrate the Session Manager D-Bus proxy client to GDBus++
      dbus/signals: Implement Signals::ReceiveLog
      log: Clarify DBus::Signal::Group::Create() call destination
      signals/statuschange: Harden StatusChange::GetLastStatusChange() in empty cases
      client/backendstart: Rework how StatusChange signals are sent
      client: Rework how backend VPN client sends StatusChange/AttentionRequired
      client: Rework RegistrationRequest signal sending
      sessionmgr: Refactor out StatusChange calls via LogSender
      sessionmgr: Fix a few minor codestyle related issues
      log: Remove StatusChange signal handling from LogSender
      log: Remove classes and features which is no longer needed
      tests: Migrate logservice1 debug/test tool to GDBus++
      tests: Extend logservice1 with logtag settings support
      build: Refactor ENABLE_DEBUG macro in netcfg-dns-direct-file-selftest
      build: Remove debug_internal setting
      common: Add a '[DCO]' tag in get_version() string when DCO enabled
      build: Redo the ENABLE_OVPNDCO macro setup
      log: Clean up LogTag
      log: Extend Log::EventFilter with a smart-pointer creator
      log: Cleanup LogMetaData and LogMetaDataValue
      events: Extend Events::Log() to also carry signal sender details
      signals: Extend Signals::ReceiveLog() to pass signal sender details
      log: Simplify the LogWriter API slightly
      log: LogWriter::Write() implementations must check if metadata is valid
      log/proxy: LogServiceProxy::Detach() must wait for a reply
      log: Make more Log::EventFilter methods publicly available
      log: Improve misleading Log::EventFilter error message
      client: Signals sent should not change the D-Bus path
      client: Backendstarter can use a bit longer idle-exit
      sessionmgr: Improve retrieve sessions helper method
      dbus/signals: std::move() the callback lambda to the signal handler
      events/log: Extend Events::Log to carry a LogTag::Ptr
      log: Simplify LogWriter API - remove PrependMeta() + AddLogTag()
      log: Rework passing of LogTag to the LogWriter backend
      signals/statuschange: Implement Signals::ReceiveStatusChange
      sessionmgr: Disable log forwarding for sessions closing
      GDBus++/log: Migration of net.openvpn.v3.log / openvpn3-service-log
      sessionmgr: Add missing session_name property in Session objects
      log: Initialize logstream pointer properly
      docs: Create, build and install man pages
      log: Remove unused namespace in openvpn3-service-log.cpp
      build/tests: Build the cmdparser-test program
      common: Remove RCPtr from cmdargparser.[ch]pp
      common/cmdargparser: Pass std::string by reference
      common/cmdargparser: Replace typedef with using for consistency
      GDBus++/ovpn3cli: Start migration of openvpn3 and openvpn3-admin cli tools
      policy: Allow access to GetAll property method in backends and log services
      tests: Migrate dbus/get-service-version-prop to Meson and GDBus++
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin version'
      build: Move DNS configuration code from netcfg service to netcfgmgr_lib
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin init-config'
      log/journald: Add O3_LOG_SENDER meta data for log service
      log/journald: Update the journald log parser to new Events::Log location
      log/journald: Extend the journald parser to include the updated log service
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin journal'
      sessionmgr/proxy: Add Session::GetConfigName()
      GDBus++/ovpn3cli: Migrate argument helper functions
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin log-service'
      netcfg/proxy: Enforce NetCfgProxy::Manager to be a smart-pointer
      log: Add additional mutex around log subscription changes
      netcfg: Catch errors sending signals
      netcfg/dns: Preserve device name in systemd-resolved D-Bus proxy
      netcfg/dns: Retrieve values set in NetCfg::DNS::resolved::Link setters
      netcfg/dns-resolved: Implement sending NetworkChange DNS added/removed signals
      netcfg/dns: Provide device name when sending DNS_*_REMOVED signals
      netcfg: Fix incorrect signal subscription D-Bus API
      netcfg: Don't try to send NetworkChange signals without subscribers
      netcfg/NetworkChange: Implement crude subscription ownership tracking
      netcfg: Activate the missing NetworkChange subscription feature
      netcfg/proxy: Fix typo in D-Bus data type subscription retrival
      netcfg: Fix type inconsistency in NetCfgChangeType
      netcfg/proxy: Use DBus::Exception::GetRawError() instead of what()
      netcfg/proxy: Use synchronous call for NotificationUnsubscribe
      netcfg: Base NetCfg exceptions on DBus::Exception
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin netcfg-service'
      sessionmgr/proxy: Don't call StartServiceByName() in the constructor
      build: Add workaround for tinyxml2 macro bug in OpenVPN 3 Core
      sessionmgr/proxy: Implement SessionManager::Proxy::Manager::Introspect()
      sessionmgr/proxy: Implement methods for a few Session object properties
      GDBus++/ovpn3cli: Migrate 'openvpn3-admin sessionmgr-service'
      sessionmgr: Remove superfluous check in helper_retrieve_sessions()
      utils: Add a global time_t to local date/time string converter
      configmgr/proxy: Extend the configmgr proxy with property getters
      GDBus++/ovpn3cli: Migrate 'openvpn3 configs-list'
      configmgr/proxy: Extend the configmgr proxy with CheckObjectExists()
      configmgr/proxy: Add helper code for using smart-pointers
      ovpn3cli/arghelpers: Add optional DBus::Connection to retrieve_config_path()
      GDBus++/ovpn3cli: Migrate 'openvpn3 config-manage'
      GDBus++/ovpn3cli: Migrate 'openvpn3 config-acl'
      GDBus++/ovpn3cli: Migrate 'openvpn3 config-dump'
      GDBus++/ovpn3cli: Migrate 'openvpn3 config-remove'
      GDBus++/ovpn3cli: Migrate 'openvpn3 config-import'
      configmgr/proxy: Improve error message on config object not found
      sessionmgr/proxy: Add GetConfigPath() method
      GDBus++/ovpn3cli: Migrate 'openvpn3 sessions-list'
      GDBus++/ovpn3cli: Migrate 'openvpn3 session-stats'
      sessionmgr/proxy: Add CheckSessionExists() method
      GDBus++/ovpn3cli: Migrate 'openvpn3 session-acl'
      client: Use StatusMinor::SESS_AUTH_URL for pending web authentications
      common/cmdargparser: Add missing #include <sstream>
      dbus: Improve object ownership GetUID/GetPID call error scenarios
      common: Add missing #include<string> in open-uri.hpp
      events: Fix typ0 in the Status method - Get/SetPrintMode
      log/proxy: Harden the LogProxy::Remove() method
      sessionmgr: Improve log_forwarders access across multiple threads
      configmgr/proxy: Update DBus::Proxy::Exception throw APIs
      sessionmgr: Session::method_ready() uses wrong exception string for parsing
      sessionmgr/proxy: Use *::List where possible for handling known std::vector<> types
      sessionmgr/proxy: Session::Ready() cannot use simple_call()
      sessionmgr/proxy: Session::GetLastStatus() should not return a const object
      GDBus++/ovpn3cli: Migrate 'openvpn3 session-auth'
      sessionmgr/proxy: Base SessionManager::Proxy::Exception on DBus::Exception
      ovpn3cli: retrieve_config_path() should return DBus::Object::Path
      sessionmgr/proxy: Provide all details when Proxy::Session::Ready() fallback throws
      configmgr/proxy: OpenVPN3ConfigurationProxy::Import() should return DBus::Object::Path
      ovpn3cli/GDBus++: Migrate 'openvpn3 session-start'
      ovpn3cli/session: Move statistics_plain() helper function to helpers.cpp
      ovpn3cli/GDBus++:  Migrate 'openvpn3 session-manage'
      sessionmgr: Don't wipe the log_forwarders map until we're done
      log/logwriter: Extend the API to handle Events::Status
      common/utils: Add is_colour_terminal() helper function
      tests/GDBus++: Migrate the logfwd-listener test program
      sessionmgr/proxy: Move local exceptions to SessionManager::Proxy::Exception
      ovpn3cli/GDBus++: Migrate 'openvpn3 log'
      ovpn3cli: Make main() provide argv[0] details in exceptions
      GDBus++: Remove left overs from the old DBus implementation
      policy: Be more generous with access to Ping methods
      sessionmgr/proxy: Add extra check at setup to check availability in Manager
      configmgr/proxy: Replace Ping in ctor with CheckObjectExists()
      ovpn3cli/log: Fix signal setup errors with fresh starts
      ovpn3cli/log: LogAttach::lookup_config_name() does not always need iterations
      build: Remove autoconf/automake build configuration
      docs: Update README and BUILD documentation
      codestyle: Do a complete reformat for consistency
      docs/man: The logger service is renamed - openvpn3-service-log
      docs: Update the renamed openvpn3-service-log in misc documentation
      src: Update to the renamed openvpn3-service-log in the sources
      docs/man: Generalize the generation and installation of man pages
      build: Move finding 'cp' from dco to main meson.build
      build: Install the Python code via Meson
      docs: Minor style cleanup in dbus-overview.md
      build: Install the distro/systemd files if systemd is enabled
      build: Remove the '-dev' extension to binaries
      build: Split out the openvpn3/ Python module to a separate meson.build
      build: Prepare and install bash-completion files when enabled
      build: Generate and install polkit and PolicyKit rules
      build: Install the persistent configurations directory
      build: Migrate profilemerge-optionlist test program to Meson
      tests: Build config JSON import/export test programs
      tests: Build open-uri-test
      common: Get rid of glib-unix.h from cmdargparser.hpp
      build: Reduce linking deps for test programs
      build: Don't build unit-tests unless enabled
      ovpn3cli: Fix failing shell-completion for 'openvpn3 log'
      configmgr: Adjust ACLs for Fetch/FetchJSON and public_access rights
      configmgr: Grant read access to more config object properties
      configmgr: Provide better user-error when Authorize() rejects access
      log: Don't duplicate Events::Log() prefix in the log writes
      ovpn3cli/log: Remove duplicated Events::Log details in log output
      configmgr/proxy: Add/Remove tag methods provided odd errors
      ovpn3cli/config-manage: Remove not needed details in errors from --tag and --remove-tag
      ovpn3cli/config-manage: Extract all profile before displaying it
      configmgr/proxy: Add method to retrieve the D-Bus path of the object
      ovpn3cli/config-acl: Add some air around the output and show D-Bus path
      ovpn3cli/config-manage: Add D-Bus path to --show
      configmgr: Fix properties via add_persistent_property() not working
      code style: Use BreakBeforeBinaryOperators: NonAssignment
      code style clean-up
      ovpn3cli/config-manage: Better message on profile objects not found
      ovpn3cli: Improve overall error extraction for the command line
      ovpn3cli/log: Improve error message when LogForward() call fails
      netcfg/proxy: Fix incorrect data type for Device::SetMtu()
      netcfg: Implement missing device object properties
      configmgr: Fix mixed up Log Attach() API usage
      sessionmgr: Generalize the check if the backend VPN proxy is valid
      sessionmgr: Remove the backend VPN proxy if session closing fails
      sessionmgr: Catch errors if DBus::Object::Manager::RemoveObject() fails
      sessionmgr: Fail Authorization() if VPN backend is dead
      configmgr/proxy: Calling CheckObjectExists() should not happen in ctor
      sessionmgr/proxy: Improve the SessionManager::Proxy::Manager setup
      configmgr: Ensure log service is available on config import
      configmgr: Improve error message to user on import errors
      client: Check vpnclient object exists in 'Ready' callback
      ovpn3cli/session-start: Improve stability starting sessions from file
      tests: Don't run config-override-selftest if Config Manager is inaccessible
      configmgr: Extend configuration objects with a Validate() D-Bus method
      ovpn3cli/session-start: Validate config profiles before starting a new VPN session
      python: Add config profile validation in openvpn2 and openvpn3-systemd
      ovpn3cli/config: Add profile validity check in config-manage and configs-list
      github: Add issue template - migration to codeberg.org
      configmgr/proxy: Add feature check for Validate method
      ovpn3cli/session-start: Always refresh feature set setting up configmgr proxy
      netcfg/proxy: Check non-response calls for nullptr before freeing
      client: Catch exceptions from NetCfgProxy::Device method calls
      netcfg: Return when no DNS resolver is configured in method_add_dns_search()

Frank Lichtenheld (1):
      build-selinux-policy: make sure to use bash

Razvan Cojocaru (4):
      GDBus++: Migrate openvpn3-service-configmgr
      build: Use version_compare(), not lexicographical comparisons
      Use get_option('sbindir') instead of hardcoded 'sbin'
      log/syslog: Don't assign NULL to const std::string& parameter