OpenVPN 3 Linux v25 (Stable release)
The v25 release provides three new features and several enhancements
since the previous release.
Please notice the deprecation of openvpn3-autoload.
* Feature: Live route updates (PUSH_UPDATE) support
When connecting to OpenVPN servers capable of pushing new
network configurations, such as new network routes, the
OpenVPN 3 Linux client will now update the current VPN
network setup, including DNS, and replace it with the previous
configuration without triggering a reconnect to the server.
* Feature: Automatic restart of VPN client processes disappearing
When configured, the OpenVPN 3 Linux Session Manager service
will now detect if a VPN process unexpectedly disappears and
will attempt to restart it automatically.
See the --automatic-restart option in the openvpn3 config-manage
man page for further details. This feature is disabled by
default.
* Feature: AWS VPC integration can now use named routing tables
When the "route-table-name" setting is configured in the
OpenVPN 3 AWS Integration add-on, this add-on will perform a
lookup for this AWS VPC routing table and apply the routes here.
If this table is not to be found, the add-on will create it
on-the-fly as needed.
* FEATURE DEPRECATION: openvpn3-autoload
The openvpn3-autoload feature was deprecated already in the
v20 release. This feature will be removed in a coming stable
release.
The replacement is the openvpn3-session@.service systemd unit.
Please see the openvpn3-systemd man page [1] for more details.
If you depend on openvpn3-autoload today, please migrate ASAP
to the systemd approach.
[1] <https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-systemd.8.rst>
* Improvement: Better error messages for SSL/TLS issues
The openvpn3 command will now provide more details on SSL/TLS
related issues, due to enhancements in the update OpenVPN 3
Core Library.
* Improvement: openvpn3-admin journal shows correct time
It has been an open issue for a long time where time zone
and the local DST state resulted in the openvpn3-admin journal
command presenting the wrong time in the log events. This
has been resolved by the conversion taking the current time zone
and DST state into consideration.
* Improvement: A more resilient systemd-resolved integration
The prior systemd-resolved integration could in many cases
fail to properly configure the DNS resolver settings. This
was often due to the systemd-resolved service responding slower
than expected. This could in the most sever situations result
in the VPN session failing to properly start.
This has been improved by doing all the calls to systemd-resolved
in the background, allowing the VPN session to be properly
connected while the systemd-resolved integration will be more
persistent in allowing the low-level D-Bus calls to complete
independently of the main VPN session itself.
* OpenVPN 3 Core Library update
The OpenVPN 3 Core Library has been updated to version 3.11.3,
which also provide new features such as Epoch Data Keys support,
Live route updates (PUSH_UPDATE), improved events on TLS alerts,
support for more pushed routes, improved --dns and --dhcp-option
parsing.
Known issues:
- The openvpn3-service-netcfg service does not differentiate between
--dns server X resolve-domains and --dns search-domains when using
the --resolv-conf mode, which is not as this feature is
intended to work. This was discovered in the v24 release and is
on the schedule to be fixed in the next releases. When this gets
fixed, only --dns search-domains will be considered as search
domains and --dns server X resolve-domains will enable split-DNS
when using --systemd-resolved and otherwise ignored when using
--resolv-conf with openvpn3-service-netcfg.
---- Changes from v24 to v25 ---------------------------------------
David Sommerseth (79):
spelling: Fix various spelling mistakes
build: Fix incorrect default value assignment for create_statedir option
common: Check if org.freedesktop.hostname1 is available in PlatformInfo
client: Handle exceptions in ~BackendStarterSrv
tests: Only build journal-log-parse if systemd is present
netcfg/resolved: Remove no longer needed service check
configmgr: Catch SetOverride issues at JSON config import
ovpn3cli: Improve session-start details on successful connection
configmgr/proxy: Improve error message on SetOverride() failures
tests: Improve config-override-selftest failure situations
ovpn3cli/admin: Improve sessionmgr-service verose session list
core: Update to OpenVPN 3 Core 3.11 QA/stabilization branch
ovpn3cli/init-config: Add --debug argument
sessionmgr: Minor log verbosity changes in the session auto-restart feature
build: Misc cleanup in Meson build scripts
client: Refactor D-Bus initialization during process start
configmgr/docs: Update man page for the --automatic-restart feature
netcfg: Refactor D-Bus initialization during process start
netcfg: Extend NetCfgOptions to handle log settings
netcfg: Remove the "default log level" passing
netcfg: Use logging settings from NetCfgOptions
netcfg: Remove support for --signal-broadcast
netcfg: Remove unused NetCfgService member - srv_obj
core: Update to final OpenVPN 3 Core Library v3.11
sessionmgr: Ignore Detach() exceptions in SessionManager::~Service()
docs: Update build dependencies in BUILD.md
log: Add missing cstdint header in logmetadata.hpp
sessionmgr: Use Events::Status::operator<<() for tunnel restart info
common: Refactor Configuration::File to use std::filesystem
ovpn3cli/init-config: Refactor file/directory handling to use std::filesystem
ovpn3cli/init-config: Don't follow symlinks setting up state/configs dirs
sessionmgr: Catch incorrect log level requests in Session object
build: Fix minor meson complaint in addons/aws
netcfg/resolved: Add internal error message storage to proxy code
netcfg/resolved: Implement base features for background async calls
netcfg/resolved: Switch serveral D-Bus calls to async background calls
netcfg/resolved: Handle errors from background D-Bus calls
netcfg/resolved: Retry if systemd-resolved background calls times out
core: Upgrade to OpenVPN 3 Core v3.11.1
build: Improve OpenVPN 3 Core library version extraction
events/log: Refactor Events::Log()
events/log: Simplify Events::Log::str() methods
events/log: Implement character filter in Events::Log
log: Extend LogSender with a Debug_wnl() method
log/core: Enable multi-line logging via the Core D-Bus logger
log/journal: Don't filter newlines from journald entries
log: Preserve the newlines in the log when openvpn3-service-log starts
tests: Add --allow-newline to logservice1 send subcommand
common/cmdargparser: Minor code cleanup in RegisterParsedArgs::register_option()
common/cmdargparser: Filter out ASCII control characters from command line
common: Merge and move string ctrl char sanitizing to a shared function
log: Filter strings coming via D-Bus calls
sessionmgr/client: Filter reason string to Pause D-Bus method call
common: Filter input value to RequiresQueue::UpdateEntry()
tests/request-queue: Remove unused local function
configmgr/test: Add tests for control chars in various configuration profiles
configmgr: Remove control characters from various user input via D-Bus
netcfg: Remove control characters from the D-Bus method inputs
python: Add FAT DEPRECATION WARNING in openvpn3-autoload
build: Allow version tags to contain dots and minor version digits
configmgr/proxy: Ignore minor version number in feature check
tests: Upgrade to googletest-1.17.0-1
docs/man: Minor language improvements to the openvpn3-service-aws.8 man page
addon/aws: Prepare for bumping the required C++ standard version to C++20
log/journald: Fix wrong timezone/dst handling in journald filter
log/journald: Refactor log event sending with better error handling
netcfg: Read the config file before parsing options
netcfg/proxy: Kick out Device::RemoveDNS() and Device::RemoveDNSSearch()
core: Update to OpenVPN 3 Core Library v3.11.2
core: Update to OpenVPN 3 Core Library v3.11.3
log: Extend CoreLog with a more flexible log prefix
build: Avoid including build-config.h in header files
netcfg/dns/systemd-resolved: Provide alternative logging framework when the signal APIs are unavailable
netcfg/dns/systemd-resolved: Ensure the GVariant objects used in background D-Bus calls are freed correctly
netcfg/dns/systemd-resolved: Ensure the ASIO background worker thread always runs
netcfg/dns/systemd-resolved: Rework the resolved::Link::BackgroundCall() implementation
client: Ensure DNS domains pushed via --dhcp-option will not enable split-DNS
netcfg/dns/resolved: Avoid race condition in BackgroundCall()
client/netcfg: Restore --dns-setup-disabled functionality
Fabio Pedretti (1):
spelling: Fix systemd-resolved spelling
Lev Stipakov (1):
addons/aws: Implement support for additional route table
Marc Leeman (1):
build: Fix incorrect OPENVPN_USERNAME in D-Bus autostart files
Razvan Cojocaru (13):
configmgr: Fix idle-exit comment
signals: Allow signal re-subscription
sessionmgr: Expose the method_ready() and method_connect() logic
sessionmgr: Allow a Session object to re-associate with a backend process
sessionmgr: Add current backend bus name and last event accessors
sessionmgr: Restart prematurely stopped backend processes
sessionmgr: Only retry to restart backend process a limited number of times
sessionmgr: Don't always try to restart a crashed backend process
Remove superfluous try block
sessionmgr: Reset the log forwarders on client process restart
netcfg: Clean up network setup for crashed client processes
sessionmgr: Reset the client process restart timer after a while
build: Prepare for bumping the required C++ standard version to C++20
--------------------------------------------------------------------