Tags give the ability to mark specific points in history as being important
-
v10_beta protectedff27a9f8 · ·
OpenVPN Linux v10 (beta) The highlights of this release are: * Feature: systemd-resolved integration By default, OpenVPN 3 Linux will modify the /etc/resolv.conf file with DNS configurations pushed by the VPN server. This release adds systemd-resolved as an alternative to this approach, where the systemd-resolved service will be in charge of querying the proper DNS resolvers and there will no longer be any fight over configuration files such as /etc/resolv.conf. In this release, pushed DNS configurations will be handled quite similar to how DNS queries has been handled before. The DNS settings pushed by the VPN server will typically take precedence, but systemd-resolved may query other servers on other interfaces as well. That said, if the VPN server pushes "dhcp-options DOMAIN ....", hosts under that domain will in this case only be queried via the VPN tunnel alone. You may call this a partial DNS-split. In coming releases, we will evaluate further possibilities to configure how DNS requests would be handled by systemd-resolved. This could include modes such as full split (only query for pushed DOMAIN via the DNS server provided by the VPN) or exclusive VPN (DNS queries should only go via the VPN tunnel). This systemd-resolved integration requires at least CentOS 8, Fedora 31, 32 or Rawhide, Red Hat Enterprise 8 or Ubuntu 20.04. Other distributions may work as long as it uses systemd v243 or newer. To enable systemd-resolved, fully ensure that systemd-resolved is properly configured and activated on your system. Currently only Ubuntu 20.04 does that somewhat out-of-the-box (there might be some additional changes to nsswitch.conf is required for optimal performance). Please read the available systemd-resolved documentation for your Linux distribution. Once systemd-resolved is enabled and activated, run this command as root before starting any VPN tunnels: # openvpn3-admin netcfg-service --config-set systemd-resolved 1 and wait until the openvpn3-service-netcfg has restarted. With the log-level set to 5 or higher in netcfg-service, the log file will include this log line: Network Configuration VERB2: systemd-resolved DNS configuration backend * Feature: openvpn3 log with --config will now wait for a not-started session When starting the end-user session logging, prior versions required the VPN session to already be running before a log client could be attached. With this release, if the session has not already been started, the openvpn3 log command will wait until it sees the appropriate VPN session has started and will attach to it instantly. This allows to grab the first log lines of a starting VPN sessions for an end-user without other ways of accessing OpenVPN logs. * Improvement: openvpn3 log sanitizes new line characters better The log output of openvpn3 log could contain a lot of additional blank lines. These has been removed and indenting has been added for multi- line log events to make the log output more readable. * Improvement: openvpn3-as indicates tls-crypt-v2 support to AS When downloading a VPN configuration profile from an OpenVPN Access Server, the openvpn3-as script will now signal to the server it is capable of handling configurations with --tls-crypt-v2. * Bugfix: Improper session clean-up on server triggered disconnect If the VPN server forcefully disconnected an already established session, the Session Manager would not properly track this which lead to lacking session details with openvpn3 sessions-list. This has now been resolved by properly catching a server triggered disconnect and properly shutting down the openvpn3-service-client process responsible for the session, which will properly update the session manager about the disconnected session. * Bugfix: AWS integration failed to propagate routes in some AWS regions The openvpn3-service-aws process could in some AWS regions fail to push routes to the AWS-VPC, leading to a process crash. Both the crash and the AWS service has been extended with more region CA certificates used for the request validations. In addition it will now pick up more of system CA certificate file locations than before. * Bugfix: openvpn3 command could throw unfriendly error messages If a user was not granted access to a running VPN session, attempting to access this session via openvpn3 session-manage would lead to a openvpn:BusProxyAccessDeniedException exception error. This has been improved and will now instead show "Access Denied" in a more user-friendly way to the user. * Bugfix: openvpn3-service-netcfg would crash without --resolve-conf If the openvpn3-service-netcfg would be started without the --resolv-conf configuration, it would crash if the VPN server pushed a DNS configuration. This has been properly resolved and it is now possible to start the service completely without any DNS configuration support. * Bugfix: openvpn3-service-client crash on some hosts with log redirection If the openvpn3-service-backendstart was given the ' --client-log-file stdout:', this would tell it to start the openvpn3-service-client process with '--log-file stdout:'. This would on some hosts cause a program crash instead. This has been resolved. * Bugfix: openvpn3-service-sessionmgr would crash on illegal log-levels If a user attempted to change the log-level in the D-Bus session object the user is granted access to with an invalid value, it would lead to a crash of the openvpn3-service-sessionmgr process. This would make it impossible to further manage already running VPN sessions without root privileges. This has been resolved to properly rejecting invalid values as an error back to the calling user instead of treating it as a fatal failure. The complete overview of all changes: Arne Schwabe (5): Announce tls-crypt-v2 support on AS configuration import Compile fix for ILP32 platforms like Raspberry Pi contrib/cmake: Remove extra ${OPENVPN3_LINUX_ROOT} from source files contrib/cmake: Make CMakeLists.txt work with config.h from configure contrib: Improve Jenkinsfile with stage and archiving test-suite.log David Sommerseth (81): vendor: Update ASIO to 1.16.0 core: Update to latest core git master cli/session: Fix incorrect command reference in throws sessionmgr/proxy: Add TunInterfaceException cli/session: Properly catch DBusException log: Remove trailing newlines in LogEvents ovpn3cli/log: Indent multiline log lines ovpn3cli/log: Add --interface option sessionmgr: Fix crash with incorrect log level sessionmgr: Add SessionManager::Event class sessionmgr: Implement sending SessionManagerEvent signals ovpn3cli/log: Improve the complete session log setup logic client: Fix failing --log-file feature docs: Add missing dependency in Debian/Ubuntu instructions netcfg: Avoid segfault when configured without --resolv-conf client: New debug option in openvpn3-service-backendstart common/build: Rework version information handling build: Clean up after version metadata rework build: Fix 'make install' dbus: Clarify a few StatusMinor states in the comment client: Process CLIENT_HALT event build: Fix 'make uninstall' for the SELinux policy client: Fix incorrect environment array handling netcfg: Fix a typo in the AddNameServers exceptions netcfgmgr/dns: Add indication when to apply DNS settings netcfgmgr/dns: Extend ResolverSettings object store tun device name netcfgmgr/dns: Apply resolver settings according to the backend dbus/glib: Extend checkParams() to optionally ignore children count dbus/proxy: Migrate to better value extraction in GetProperty() and CheckServiceAvail() policy: Added polkit policy for systemd-resolved interaction netcfg: Add proxy code for systemd-resolved netcfg: Add ResolverBackendInterface implementation for systemd-resolved netcfg: Complete the systemd-resolved support netcfg: systemd-resolved - Make all global queries also go via VPN policy: Add support for legacy polkit PKLA files man: Minor cleanups and improvements common/cmdargparser: Refactor ParsedArgs passing to be a smart pointer common/ParsedArgs: New methods to retrieve the last set option values common: Extend ParsedArgs with CheckExclusiveOptions() method common: Extend command parser with ParsedArgsConfig class man: Make template out of a few of the man pages netcfg: Extend service with --state-dir common: Extend ParsedArgs::Present() with a std::vector variant common: Move command line parsing related exception common: Implement a simple and generic JSON config parser common: Extend ParsedArgs with a simpler config file parser approach netcfg: Implement the new config file parser common: Remove the no longer used ParsedArgsConfig implementation netcfg: Extend manager object with a config_file property cli/netcfg-service: Extend with --config-show, --config-set and --config-unset netcfg: Fix incorrect default log-level cli/netcfg: Add --config-file-override to netcfg-service cli/netcfg: Make netcfg-service command more robust common: Extend Configuration::File parser with option groups cli/netcfg: Extend netcfg-service with CheckExclusiveOptions() check common: Extend Configuration::File with GetRelatedExclusiveOptions() common: Extend ParsedArgs::ImportConfigFile() with exclusive check netcfg: Allow configuration file to override command line arguments python: Add support for --tls-cipher cli/log: Extend shell auto-completion with --config cli/log: Fix typ0 in AttachByConfig() method name deps: Update ASIO to 1.17.0 deps: Update OpenVPN 3 Core library to latest git master Update .gitignore - it was missing openvpn3.pp.bz2 dbus: Add a couple of missing header files cli: Handle DBusProxyAccessDeniedException events better netcfg/resolved: Better exception handling when communicating with systemd-resolved python/shell: Add bash-completion for openvpn2 build: Enable installing bash-completion scripts docs: Update README.md with missing googletest mention common: Fix Configuration::File::Save() not writing empty files build/aws: Simplify the autotools setup for addons/aws build: Fix missing uninstall of bash-completion scripts build/aws: Fix failing out-of-tree builds build/aws: Fix incorrect distribution of D-Bus policy and systemd unit files contrib/CI: Enable the AWS addon in Jenkins builds common: Configuration::File::Load() should accept empty files netcfg/resolved: Revert tun interface DNS settings on removal core: Update to latest OpenVPN 3 Core library cli/admin: netcfg-service could exit with an empty error docs: Update README.md Lev Stipakov (5): client: properly handle client termination contrib: Add missing files in CMakelists.txt addons/aws: Improve error handling addons/aws: AWS certificates to verify instance identity addons/aws: provide AWS certs directory to core library -
v9_beta protected4e251217 · ·
OpenVPN 3 Linux v9 (beta) The highlights of this release are: * Feature: New AWS VPC add-on service (openvpn3-service-aws) which can be configured on EC2 Linux hosts deployed inside an AWS Virtual Private Cloud (VPC). This allows the host running an OpenVPN 3 Linux client with this service configured to act as a proper VPN gateway for hosts inside the VPC. The AWS service will update the VPC configuration dynamically, adding and removing routes pushed to the VPN client. * Bugfix: openvpn3 session-manage --restart and --resume modes would not respond to re-authentication requests required by the VPN server * Bugfix: openvpn3 session-start and openvpn3 session-manage commands would not handle CTRL-C (SIGINT) situations properly during the connect phase to the remote server or when asking for user input. Prior releases would just leave the VPN session running in the background. To get rid of these background sessions the user had to also use openvpn3 session-manage --disconnect to really stop these lingering sessions. With this update, interrupting the openvpn3 session-start and openvpn3 session-manage operations during the connect phase or when acquiring user input, will result in the running VPN session will be properly shutdown. * Bugfix: openvpn2 will now properly ignore the --dev-node option. This option has not functionality on OpenVPN running on Linux and can be safely ignored. * Documentation: The openvpn2(1) man page now renders properly. The D-Bus service documentation for net.openvpn.v3.netcfg has also been improved. * SELinux: The policy file needed on hosts with SELinux enabled has been relocated to a more proper location for such extensions, moving it out of /etc/openvpn3/selinux. A slightly modified version of this SELinux policy has also been accepted for inclusion in the upstream SELinux reference policy project. Packagers needs to ensure this policy is not shipped on distributions with a recent enough reference policy. See the GitHub pull-request #209 [1] in the SELinux referenece policy project for details. The complete overview of all changes: David Sommerseth (13): selinux: Clean up SELinux policy selinux: Compress the policy and move install dir build: Rework SELinux logic with --disable-selinux-build addons/aws: Implement proper option parser log/core: Extend CoreDBusLogBase to also set LogGroup docs: Update D-Bus service doc for net.openvpn.v3.netcfg selinux: Further minor improvement to policy module python: Add --dev-node to the list of ignored options docs/man: More rendering improvements to openvpn2(1) vendor: Update to asio-1.14.0 ovpn3cli/session: Handle re-authentication for --resume/--restart ovpn3cli/sessions: Improve SIGINT handling when starting/resuming sessions ovpn3cli/session: Improve user input of credentials Lev Stipakov (5): netcfg/cli.cpp: add missing #ifdef guard Add missing override declaration Update to latest openvpn3-core library addons: Add Amazon Web Service VPC support man: Add conditional man page for openvpn3-service-aws [1] <https://github.com/SELinuxProject/refpolicy/pull/209> -
v8_beta protectedee9ae866 · ·
OpenVPN 3 Linux v8 (beta) The highlights of this release are: * Improvement: Brand new DNS resolver settings handling. This is expected to avoid several bugs found in the prior releases, all from not cleaning up correctly to adding duplicated entries for pushed DNS settings. * Improvement: Refactored the code tied to setting up the direct route for the VPN server. * Improvement: openvpn3-admin log-service --list-subscriptions now adds the PID of the process the log subscription is tied to. * Bugfix: The openvpn3 Python module broke in v7_beta for Ubuntu 16.04 and other distributions shipping with Python 3.5 or older. This has now been fixed but it will be required to install the aenum Python module via pip3. This is not needed on distributions with Python 3.6 or newer. * Bugfix: The openvpn2 interface would not work if the --verb option was missing. * Bugfix: The D-Bus policy was incorrect for the net.openvpn.v3.netcfg service, related to the org.freedesktop.DBus.Ping method. * Bugfix: Corrected a typo in Python constants related to DNS_SERVER_ADDED * Bugfix: openvpn2 will now warn about ignoring --up and --down options, and will silently ignore --down-pre and --script-security. These are not relevant or supported in OpenVPN 3 Linux. Prior versions did not work. * Build: It now builds with GCC 10 * Build: It should be possible to build openvpn3-linux with no warnings on most platforms (gcc-4.8.5 requires -std=c++1y) * OpenVPN 3 Core: Upgraded to the latest development version, with lots of bugfixes and improvements. The complete overview of all changes: Arne Schwabe (14): contrib: Add cli-netcfg as a CMake build target netcfg: Move D-Bus logic returning fd in method call netcfg: Use C++ default copy constructor in NetCfgOptions Code style fixes ovpn3cli: Compile config command with USE_TUN_BUILDER netcfg: Declare ~NetCfgProxyException() as an override properly netcfg: Move device object creation into a separate method netcfg: Factor out notification signals in core-tunbuilder netcfg: Implement honouring remove_cmds in core tunbuilder contrib: Update CMake file to add missing files netcfg/client: Replace add_bypass_route with socket_protect netcfg/client: Cleanup tun devices and protected sockets on exit build: Update cmake files to include DNS related changes netcfg/client: Fix NetCfg::Cleanup() not called from openvpn-service-client David Sommerseth (48): netcfg: NetCfgChangeEvent could incorrectly parse GVariant data client: Allow non-session manager access to log_level and device_path client: Provide more information on non-sessionmgr rejections client: Fix incorrect return in the Ready D-Bus method docs: Improve documentation dbus: Add missing glib2 include file in dbus/exceptions.hpp sessionmgr: Don't panic when device_path or device_name is unavailable common: Fix lookup functions returning uid/gid -1 common/lookup: Update callers of lookup functions to handle exceptions core: Update to latest OpenVPN 3 Core library git master Replace empty destructors with default common/lookup: Add missing include file common/lookup: Fix memory leaks in lookup_{gid,uid}() build: Updating default C++ compiler flags contrib: Update Jenkins build slave tag python: Set a default verb level when --verb option is missing Update .gitignore policy: Fix incorrect org.freedesktop.DBus.Peer.Ping access on netcfg python: Fix incorrect NetCfgChangeType constant for DNS_SERVER_ADDED ovpn3cli/netcfg: Add presenting PID of subcribers in --list-subscribers python: Extend the IgnoreArg handler to issue warnings python: Add 4 script related options to the ignore list man: Add information about script execution in OpenVPN 3 python: Extend ConfigParser to support embedding --auth-user-pass file netcfg: Make the NetCfgEvent const in NetCfgSignals::NetworkChange() netcfg/signals: Add support for providing device name with Debug logging netcfg: Add a new DNS settings framework netcfg: Implement new resolv.conf backend processor netcfg: Use the new DNS resolver settings framework netcfg: Do not apply DNS changes to backend with no registered changes netcfg: Explicitly restore the backup resolv.conf at exit netcfg: Add a mutex lock for changes to the resolv.conf file netcfg: Pass NetCfgSignals object to SettingsManager::ApplySettings() netcfg: Rework removal of DNS resolver settings netcfg/dns: Send NetworkChange signals on DNS resolver settings changes build: Fix GCC 10 build issues - missing includes build: Fix GCC 10 build issues - uint*_fast_t contrib/jenkins: Run make distcheck with proper parallelism netcfg: Do not add duplicated DNS resolver settings netcfg/test: Fix memory leaks from GLibUtils::wrapInTuple() netcfg: Clear the memory buffered resolv.conf properly core: Update to latest OpenVPN 3 Core client: Don't provide statistics if vpnclient object is unavailable dbus: SetDBusError() does not change the exception object sessionmgr: Need to also tackle DBusException with CheckACL() build: Upgrade to Python 3.5 as the minimum version python/build: Add enum workaround for older Python versions core: Update to latest OpenVPN 3 Core Lev Stipakov (1): contrib: add missing sources to CMake alternative -
v7_beta protected9478329e · ·
OpenVPN 3 Linux v7 (beta) The highlights of this release are: * Bugfix: openvpn3 log --session-path was misbehaving and returned a very little helpful error message. * Bugfix: Logging integration could crash due to a strict D-Bus policy for the OpenVPN 3 log service. * Bugfix: The VPN backend process cold crash if it lost contact with the OpenVPN 3 Network Configuration service. * Bugfix: The port-override setting in configuration profiles, available via the OpenVPN 3 Configuration Manager service was not working. * Bugfix: Improve validation of the D-Bus paths which can be given to the various openvpn3 commands, which results in better error messages when an incorrect path is given. * Bugfix: Improved operational stability if a depending OpenVPN 3 D-Bus service is interrupted or stops running, by ensuring the caller of the D-Bus service has a valid connection to the D-Bus daemon and that the needed service is available before accessing it. * Enhancement: If compression is enabled on the VPN tunnel, either by the local configuration profile or being pushed by the server, this is now logged as a critical event in the log files. * Enhancement: Provide the session name set inside the OpenVPN 3 Core library by the library itself to the OpenVPN 3 Session Manager. This information is exposed via the openvpn3 sessions-list command. * Enhancement: Provide the virtual interface name used by the running VPN sessions via the OpenVPN 3 Session Manager. This information is exposed via the openvpn3 sessions-list command. * Enhancement: Several openvpn3 commands can now take the --interface option as an alternative to --path or --config. The command will now lookup the interface name and find the appropriate D-Bus path for the session this interface is tied to. Bash shell completion for --interface has also been added. * Enhancement: The output provided by openvpn3 sessions-list has been reorganized and clean-up a little bit. * Enhancement: A lot of the low level technical D-Bus related information is now stripped from most of the error messages in the user front-end applications (openvpn2, openvpn3, openvpn3-admin) * Enhancement: Added support for --verify-x509-name * Enhancement: The unified policy for all OpenVPN 3 D-Bus services has now been split up into separate policy files per service. * Enhancement: New command line utility, openvpn3-as. This can import a configuration profile from an OpenVPN Access Server by just providing the URL to the Access Server. * Extended openvpn3-admin version with --services, to list version information of all related D-Bus services * Enhancement: The OpenVPN 3 Logger service has been extended to provide a list of all services it has attached itself to for retrieving Log events. * Enhancement: Extended the Python openvpn3 module with methods to retrieve information and lightly manage interfaces handled by the OpenVPN 3 Network Configuration service. The complete overview of all changes: David Sommerseth (72): docs: Updated README file python: Give better information when starting background VPN sessions build: Ensure we really use the system liblz4 library docs: Update the pre-built section in README ovpn3cli: Fix misbehaving log --session-path core: Update to latest OpenVPN 3 Core Library tests: Adding unit-test framework tests: Port a few simple unit tests tests: Ported NetCfgChangeEvent unit test tests: Ported StatusEvent selftest to unit test tests: Ported LogEvent selftest to unit test common/cmdargparser: Slight minor improvements common: Make cmdargparser.hpp a separate compilation unit client: Tackle better if NetCfgProxy object is lost netcfg: Add version property to main service object netcfg: Make proxy-netcfg a separate compilation unit dbus/proxy: Ensure access denials exceptions are handled explicitly log: Don't throw access denied exception during init ovpn3cli/admin: Add --service argument to openvpn3-admin version tests: Make Jenkins run unit tests and collect results client: Expose session name via D-Bus sessionmgr: Expose session name ovpn3cli/session: Display session name python: Add OpenVPN 3 version to Python constants python: Add openvpn3-as - Access Server support utility python/openvpn3-as: Fix trailing slashes in URLs python/openvpn3-as: Extend with challenge/response auth support tests: Fix failing unittest with --enable-debug-core-events proxy: Add input validation on D-Bus paths client: Proxy warning from Core when compression has been enabled proxy: Provide method extracting proxy object path client: Provide methods retrieving netcfg device path and name client: Expose netcfg device path and name via D-Bus sessionmgr: Expose NetCfg device path and name for VPN sessions cli/session: Expose device name used by session in sessions-list session/proxy: Fix memory leaks in GetConnectionStats() sessionmgr: Add two new main manager methods sessionmgr/proxy: Add proxy methods for interface lookups ovpn3cli: Add argument helper for retrieving interface names ovpn3cli/session: Add --interface option to some session commands tests: Fix lookup unit-test with SUSE docker containers log/proxy: Fix -Wcatch-value compiler warnings core-ext: Replace hacky option string export client: Fix incorrect processing of port override netcfg: Fix inconsistent glib2 behaviour on Ubuntu sessionmgr: Handle missing backend gracefully for device_name tests: Add test program quering version property in services Fix incorrect spelling of 'retrieving' dbus/proxy: Strip "remote" part of GDBus errors core: Update to latest OpenVPN 3 Core library python: Add support for --verify-x509-name proxy: Don't throw access denials in GetServiceVersion() man: Update openvpn2 proxy: Fix incorrect error in DBusProxy::GetServiceVersion() netcfg: Reorganize netcfg-changeevent.{cpp,hpp} policy: Split up the D-Bus policy per service proxy: Move the GDBus error message strip after AccessDenied check dbus: Ensure the D-Bus connection still valid sessionmgr/proxy: Verify session objects availability before calling it dbus/idlecheck: Consider last_operation when executing idle exit tests: Add simple connect/disconnect stress test dbus/signals: Add getter methods for interface and object path dbus/proxy: Ensure we have a valid D-Bus connection before proxy calls log: Add new admin method retrieving attached subscriptions log/proxy: Add C++ method for accessing GetSubscriberLog ovpn3cli/log-service: Add --list-subscriptions mode ovpn3cli/session: Minor overhaul of sessions-list sessionmgr: Grant access to the device_path in a session python/SessionManager: Add Introspection() and GetObjectPath() methods python: Add NetCfgChangeType constants python/NetCfgManager: New openvpn3 module for the netcfg service build: Clean up *~ files in a few forgotten places -
v6_beta protectede6c66892 · ·
OpenVPN 3 Linux v6 (beta) The highlights of this release are: * Support for OpenSSL 1.1.0/1.1.1 * Proper --persist-tun support, which will ensure routing table is up-to-date with the server it tries to connect to. This will ensure tunnels are able to recover if the client tries to connect to a different IP address. * openvpn3 session-manage got extended with a --cleanup mode, which removes stale sessions where the backend VPN process is no longer available. * bugfix: On slower systems the Session manager could fail to confirm the registration request from the backend VPN client process, due to the backend VPN client process not being ready to respond to the confirmation. * OpenVPN 3 D-Bus services will now start the process shutdown instantly and not wait for the internal --idle-exit timers to complete. * When being built without --enable-debug-options, the build should result in a reproducible build with the proper compiler setup. The complete set of changes can be found here: David Sommerseth (12): build: Add sitnl debug messages compile time switch ovpn3cli/sessions: Add --cleanup to session-manage sessionmgr: Improve backend Ping() error handling when registering dbus: Improve IdleCheck documentation dbus: Revamp IdleCheck to use std::condition_variable dbus/services: Clean up after IdleCheck signal handling changes dbus/services: Remove NOP SetPollTime() log: Make the log tag mechanism more generic Update Core library to latest upstream build: Strip out build date/time stamp by default docs: Update README.md client/netcfg: Add proper support for persist-tun Lev Stipakov (3): netcfg: adapt to refactored TunLinuxSetup netcfg: implement addBypassRoute method client: take addBypassRoute into use -
v5_beta protected16dd2acd · ·
OpenVPN 3 Linux v5 (beta) The highlights of this release are: * Switched to build against OpenSSL by default * Configuration profiles without client certificates does not require additional configuration via openvpn3 config-manage any more. * The ConfigurationManager and SessionManager classes in the OpenVPN 3 Python package is extended with LookupConfigName() methods. * Bug in openvpn3-service-netcfg restoring /etc/resolv.conf too early has been fixed * Incorrect log error from openvpn3-service-netcfg when trying to restoring resolv.conf has been fixed * Fixed inaccurate OpenVPN 3 Core Library version reference * Improved several areas of the build process, removing irrelevant warnings The complete set of changes can be found here. Arne Schwabe (2): Rename bash completion script build: Allow configure.ac also to work with submodules and out of dir git repos David Sommerseth (22): build: Provide an accurate OpenVPN 3 Core Library version build: Fix make VPATH builds build: Clean up autoconf warnings docs: Update openvpn3-config-import man page docs: Fix incorrect indenting on command lines docs: Add man page and D-Bus API references to README.md docs: Rearranged README.md, moving front-ends higher up docs: Add missing single-quotes on some binaries build: Switch to build with OpenSSL by default dbus/proxy: Treat internal ACL denials similar to D-Bus denials python: Add LookupConfigName method to SessionManager python: Extended ConfigurationManager with LookupConfigName method python: Added simple unit test for watching StatusChange signals python: Add more OpenVPN 2 options to the ignore list client: Auto-detect if client certificate is present netcfg: Fix unexpected DNS resolver setup restore netcfg: Don't try to restore DNS without active backup vendor: Update ASIO to 1.13.0 Update OpenVPN 3 Core Library client: Remove unused private variable client: Fix missing override tags to some Log methods tests: Fix incorrecty variable type in syslog-facility-mapping test -
v4_beta protectedd2fef7e8 · ·
OpenVPN 3 Linux v4 (beta) The highlights of this release are: * Persistent configuration storage Configuration files can now be imported with the --persistent argument, which saves the configuration profile to disk under the management of configuration manager. Any modifications done via config-acl or config-manage will also be preserved. * Build against OpenSSL By providing --with-crypto-library=openssl to ./configure, OpenVPN 3 Linux can now be built against OpenSSL instead of mbed TLS. At the moment OpenSSL 1.1 is NOT supported. The default is still to build against mbed TLS. * All openvpn3 config-* and session-* commands also provides --config-path or --session-path as an alias to --path * Most openvpn3 config-* commands do now support --config as an alternative to --path/--config-path, where the configuration profile name is given instead. And lots of bug fixes and other improvements have been included as well. Arne Schwabe (2): build: Allow GIT_CHECKOUT also to work with submodules and out of dir git repos contrib: Add Jenkins build file David Sommerseth (49): exceptions: Clean up, simplify and unify python: Fix missing return in autoload_main() python: Fix PEP-8 complains in openvpn2 log: Extend LogConsumerProxy::InterceptLogEvent() with error handling sessionmgr: Filter out LogEvents not related to its own session sessionmgr: Add filtering on StatusChange when proxying client: Enable compile time session manager check disabling client: Fix crash when dynamic challenge auth is required build: Enforce wiping config-version.h when updating version.m4 configmgr: Remove support for aliases dbus: Make GetObjectId() and GetObjectPath() methods const dbus: Make GetPublicAccess() and GetAccessList() return native C++ types dbus/proxy: Declare proxy methods not changing the object const dbus/connection: Make truly const methods const dbus/creds: Make getter methods const configmgr/json: Clean up OptionListJSON class configmgr: Implement infrastructure for --state-dir configmgr: Save persistent configurations to state directory configmgr: Fix issue when sender UID cannot be retrieved in Fetch() configmgr: Split out the ConfigurationObject init configmgr: Split up set_override() to take native C++ types configmgr: Split out the config object registration configmgr: Add ConfigurationObject ctor for saved profiles configmgr: Rework ProfileMergeJSON to use Json::Value configmgr: Add private method for importing persistent configs configmgr: Load all persistent configurations when setting state dir python: Implement support for overrides dbus/proxy: Add retry logic in DBusProxy::CheckObjectExists() ovpn3cli: Be graceful to configmgr if it needs to start ovpn3cli/session: Fix missing spaces configmgr/docs: Misc updates to the service documentation dbus/proxy: Fix incorrect retry-loop check build: Implement possibility to support builds against different SSL/TLS libraries build: Enable building against OpenSSL build: Be stricter about what a version tag is Update to latest OpenVPN 3 Core library common: Prepare SingleCommandOption to handle alias arguments common: Extend SingleCommandOption with alias support common: Provide access to SingleCommandOptions via SingleCommand::AddOption() ovpn3cli: Add config/session path alias options ovpn3cli: Move config path from config name retrieval ovpn3cli/config: Extend with support for --config ovpn3cli/log: Add support for --config dbus: Extended GLibUtils with ExtractValue() configmgr: Replace g_variant_get() in ConfiguruationObject contructor core: Fix OptionListJSON::json_export() option truncation policy: Grant all users Ping priviege to netcfg service docs: Update README docs: man page maintenance Lev Stipakov (3): python: Fix several PEP-8 related coding style issues common: fix incorrect iterator type in ProfileMergeJSON contrib: update CMakeLists.txt -
v3_beta protectedbcc8e481 · ·
OpenVPN 3 Linux v3 (beta) This is essentially a quick fix for a bug which had not been detected after the v2_beta tag, which broke openvpn2 console logging. David Sommerseth (5): log: Make LogSender::ProxyLog() use LogEvent objects directly sessionmgr: Make SessionLogEvent::GetLastLogEntry() reuse code sessionmgr: Don't preseve the session token sessionmgr/log: Allow sessionmgr to intercept and manipulate proxied LogEvents ovpn3cli: Make the version command use the argv[0] Lev Stipakov (1): log: Add log group for external log event senders -
v2_beta protectedbb2e96a3 · ·
OpenVPN 3 Linux v2 (beta) Arne Schwabe (1): tests: Add clinetcfg - simple test client using netcfg David Sommerseth (80): core: Rebase to latest upstream openvpn3 core library configmgr: Add LookupConfigName method configmgr/proxy: Implement C++ interface for LookupConfigName() cli/session: Allow session-start --config to use profile names python: Add support for changing profile names in autoloader shell: Extend auto-completion for openvpn3 session-start --config shell: Improve auto-completion with subdirs build: Fix 'make distcheck' again, clinetcfg needs config-version.h shell: Fix mixed whitespace sessionmgr: Implement LookupConfigName() method sessionmgr/proxy: Implement LookupConfigName() for sessions ovpn3cli: Extend session commands with --config shell: Improve --config completion further docs: Add man pages for openvpn3 config* commands configmgr: Remove support for 'insecure' tls-cert-profile docs: Add man pages for openvpn3 session* commands docs: Add man pages related to logging docs: Add missing man page sections to SEE ALSO segments docs: Add man pages for the missing openvpn3-service-* services docs: Add a generic openvpn3-linux.7 man page Add missing test programs to .gitignore netcfg: Add str() method to class Network netcfg: Extend NetCfgDevice with methods setting/getting device name netcfg: Fix incorect const flags for sending StateChange signals dbus/signals: Declare Send() methods const netcfg: Save the real tun interface name netcfg: Send signals on changes netcfg: Rename NetCfgStateEvent to NetCfgChangeEvent netcfg: Implement GVariant parsing of NetworkChange events netcfg: Add operator== methods in NetCfgChangeEvent netcfg: Extend NetCfgChangeEvent unit test netcfg: Implement NetCfgChangeEvent for excluded routes netcfg: Implement NetCfgChangeEvent for DNS changes netcfg: The main netcfg manager object do not send NetworkChange signals netcfg: Make NetCfgChangeType bit oriented netcfg: Extend output possibilities in NetCfgChangeEvent::TypeStr() netcfg: Extend NetCfgEvent with FilterMaskList() netcfg: Extend NetCfgChangeEvent with FilterMaskStr() dbus/signal: Extend DBusSignalProducer::Send() to support std::vector dbus/signal: Extend DBusSignalProducer with new protected methods netcfg: Move signal_broadcast option into NetCfgOptions netcfg: Implement basic subscription management for signals netcfg: Implement support for subscriptions in NetCfgSignals netcfg: Implement NetworkChange subscription management docs: Extend documentation to cover netcfg NetworkChange subscription methods docs: Fix lots of typing errors in netcfg interface references dbus: Fix some minor disorganized errors in the policy client/dbus: Tighten D-Bus policy for net.openvpn.v3.be* services log/dbus: Make the main LogSender::Log() method virtual client: Add session token to all Log events netcfg: Remove netcfg's own PID from from network device paths client: Use more unique device name than 'o3tun' netcfg: Add empty objects constructors on VPNAddress and Network classes netcfg: Extend NetworkChange signals with more structured details netcfg: Merge IPv4 and IPv6 NetCfgChangeType flags docs: Update the netcfg D-Bus service documentation openvpn3: Revamp the code preparing the available commands configmgr: Make overrides.hpp an independent compile unit ovpn3cli: Make arghelpers.hpp an independent compile unit openvpn3: Split up commands into independent compilation units openvpn3: Move the 'version' command to its own commands file ovpn3cli: Generalize the command line program implementation ovpn3cli: Split out log-service from log.cpp openvpn3: Move the log-service command over to openvpn3-admin openvpn3-admin: Add netcfg-service command man: Move user commands to man section 1 build: Ensure config-version.h is built early shell: Extend bash auto-completion to support openvpn3-admin openvpn3: Improve config-import --help openvpn3-core: Update to latest upstream master docs: Correct missing change in dbus-service-net.openvpn.v3.client.md log: Make LogEvent::Parse() private log: Extend LogEvent to be more self-contained log: Make use of LogEvent parsing capabilities log: Extend LogEvent to support session-tokens log: Allow LogSender::GetLogIntrospection() to be overridden client: Extend Log signal from backend client with session token log: Log session token information as meta-data if present docs: Update README.md docs: Remove TODO.md Lev Stipakov (11): Refactor request-queue tests requiresqueue.hpp: change instance method to static Replace throw() with noexcept Fix incorrect return statement Fix undefined behavior in method return netcfg/proxy: Implement proxy interface for subscription management API netcfg: Enable using NetCfgChangeType as bit flags dbus: enable introspection for netcfg cosmetics: Fix usage of uni/multi-cast terminology contrib: Add experimental CMake support for IDEs build: Fix the incorrect value of systemd_unitdir