OpenVPN 3 Linux v26 (Stable release)
The v26 release is a small bugfix and enhancement release.
Please notice the deprecation of openvpn3-autoload.
* Enhancement: Improve user feedback when a VPN profile is not valid
Since the OpenVPN 3 Linux v22_dev release, the
openvpn3-service-configmgr service has provided an API to validate
VPN profiles it manages. This has been used in the rest of the
available tools to check if everything is in order before
attempting to start a VPN session.
When a configuration profile was lacking certain required options,
it would fail this validation. But the feedback to the user was
not much helpful and the user would need to check the
configuration profile manually.
With the v26 release, the end user will be provided a list of
required configuration options missing.
* Enhancement: Set route metric value when provided via VPN session
Since the very beginning of OpenVPN 3 Linux, the route metric
value has been ignored. This has been improved in the v26 release
and the metric values provided in the configuration profile or
pushed from the VPN server will now be respected.
* FEATURE DEPRECATION: openvpn3-autoload
The openvpn3-autoload feature was deprecated already in the
v20 release. This feature will be removed in a coming stable
release.
The replacement is the openvpn3-session@.service systemd unit.
Please see the openvpn3-systemd man page [1] for more details.
If you depend on openvpn3-autoload today, please migrate ASAP
to the systemd approach.
[1] <https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-systemd.8.rst>
* Bugfix: Proper parsing of <connection/> tags in OpenVPN configs
The internal VPN profile configuration parser did not properly
parse configuration files containing <connection>...</connection>
tags to configure a remote server. This has been fixed and both
the openvpn3-service-configmgr and the openvpn3 Python module has
been updated to support this feature.
* Bugfix: Proper parsing of semicolon (;) as comment line
The openvpn3 Python module did not properly parse configuration
files which used semicolon (;) as a comment separator. This
has been improved and both hash (#) and semicolon can now be
used for comments in configuration profiles.
* Bugfix: openvpn3-service-netcfg may stop on route setup errors
In some corner cases, when the openvpn3-service-client (VPN
client) process called the Network Configuration service
(openvpn3-service-netcfg) to establish the VPN network
interface, the Network Configuration service could crash
and not recover, resulting in the VPN session not being able
to be established. This has been improved and this error
situation is now handled and logged properly.
* Bugfix: Background D-Bus calls to systemd-resolved fails
On some systems the D-Bus communication between the
openvpn3-service-netcfg (NetCfg) process and systemd-resolved
could be too slow, resulting in the NetCfg process retrying
the D-Bus call. Due to an incorrect retry logic, the parameters
systemd-resolved would need had been released from memory and
was no longer accessible. This has been resolved and the
retry logic now behaves as expected.
* Bugfix: VPN session restart triggers assertion warning in logs
When an on-going VPN session is attempted restarted, for example
via the openvpn3 session-manage command, the NetCfg service
would log an assertion warning in the system logs. This has
been resolved and VPN session restarts will now work as expected.
* Bugfix: OpenVPN 3 AWS-VPC fails changing IPv6 routes
Due to a typo in the parameter name used for changing IPv6
routes in the AWS VPC service, setting IPv6 routes would result
in an error. This has been resolved in the OpenVPN 3 Core
version 3.11.4 release, which OpenVPN 3 Linux v26 has
upgraded to.
* OpenVPN 3 Core Library update
The OpenVPN 3 Core Library has been updated to version 3.11.4,
which is contains the fix for the AWS VPC route fix. It also
enables building against Linux 6.16 kernel headers.
Known issues:
- The openvpn3-service-netcfg service does not differentiate between
--dns server X resolve-domains and --dns search-domains when using
the --resolv-conf mode, which is not as this feature is
intended to work. This was discovered in the v24 release and is
on the schedule to be fixed in the next releases. When this gets
fixed, only --dns search-domains will be considered as search
domains and --dns server X resolve-domains will enable split-DNS
when using --systemd-resolved and otherwise ignored when using
--resolv-conf with openvpn3-service-netcfg.
---- Changes from v25 to v26 ---------------------------------------
David Sommerseth (30):
build: Add fmt subproject
configmgr: Add details when profile validation fails
ovpn3cli/config-import: Show warning if imported profile is invalid
netcfg/resolved: Ensure glib2 params are available on retries
common: Refactor and clean-up core-extensions.hpp
common/core-extensions: Move helper functions into OptionListJSON class
tests: Parse Access Server meta options in config-export-json-test
common: Properly parse <connection/> blocks
netcfg: Catch Core library exceptions in method_establish()
configmgr: Let <connection/> tags be equivalent to --remote when validating the profile
python: Deprecate openvpn3.ConfigParser.SanityCheck()
python/openvpn2: Make Configuration.Validate() errors more user friendly
python/openvpn2: Add IMPORT_ONLY debug more
python: Implement <connection/> tag support in ConfigParser
netcfg: Clarify IP address 'prefix' usage
netcfg: Split up the NetCfgProxy::Network object construction
netcfg: Small clean-up/codestyle fixup for IPAddr, Network and VPNAddress classes
netcfg: Add support for route metric when assing VPN routes
netcfg/proxy: Add service version check for D-Bus API compatibility
python: Semicolon is not accepted by openvpn3.ConfigParser
common: Minor cleanups in cmdargparser code
netcfg/resolved: Fix g_variant_ref assertion warning on session restarts
core: Update to OpenVPN 3 Core Library v3.11.4
docs: Minor updates to the coding style guide
Code style cleanup
git: Update .git-blame-ignore-revs ignoring last code-style changes
Quick spellcheck fixes all over project
configmgr: Fix auth-user-pass handling regression
netcfg: Make logged metric details more user friendly
core: Update to OpenVPN 3 Core Library v3.11.5
--------------------------------------------------------------------