OpenVPN 3 Linux v19 (beta)
This release does another round of improving the logging system,
in addition to bug fixes and other improvements.
* Log system changes
The net.openvpn.v3.log service has been extended to support logging
directly to systemd-journald as an alternative to syslog. The
default log destination has been changed from syslog to journald.
Using the systemd-journald as the log destination allows attaching
more meta data variables to the log events, which can be used when
querying the journal using journalctl. These additional meta data
variables can be observed when using the 'verbose', 'json',
'json-pretty' or 'export' output modes (journalctl --output)
The OpenVPN 3 Linux specific meta data variables are prefixed with
"O3_". The meta variables OpenVPN 3 Linux may make use of are:
- O3_LOG_GROUP / O3_LOG_CATEGORY
These are direct mapped to the logging classification described
here: <https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/dbus/dbus-logging.md>
- O3_LOGTAG
This tag is unique per openvpn3-service-* process and will be
changed if the process restarts. This information has so far
been added to the beginning of the log lines, as the '{tag:....}'
prefix. This prefixing to the log lines can now be removed by
running:
# openvpn3-admin log-service --enable-log-prefix false
The O3_LOGTAG will have the same content as the prefix, without
the '{tag:...}' encapsulation; O3_LOGTAG contains only the plain
identifier. The log tags currently active can be listed by
running:
# openvpn3-admin log-service --list-subscriptions
- O3_SENDER, O3_INTERFACE, O3_OBJECT_PATH
These are added if the D-Bus log details are enabled by running:
# openvpn3-admin log-service --dbus-details true
- O3_SESSION_TOKEN
This is used by the openvpn3-service-client process, where the
session token has the same value as the argument the process
is started with
To list only these OpenVPN 3 Linux meta variables, run this
command:
# journalctl -o verbose --since today \
--output-fields=O3_SENDER,O3_INTERFACE,O3_METHOD,O3_OBJECT_PATH,O3_LOGTAG,O3_SESSION_TOKEN,O3_LOG_GROUP,O3_LOG_CATEGORY,MESSAGE \
_PID=$(pidof openvpn3-service-logger)
This query can be extended further to narrow down the log scope.
To only list client process log events, add this to the line
above: O3_LOG_GROUP=Client
* Enhancement: IV_PLAT_VER sent to server
This field provides OS details of the platform the OpenVPN 3 client
is running on. This will contain an arbitrary string provided by
either the systemd-hostnamed service, or if that is unavailable it
will extract some more generic information using the uname()
system function.
The IV_GUI_VER string has also been slimmed down a bit to only
provide information about the OpenVPN 3 Linux client alone. The
IV_VER will contain information about the OpenVPN 3 Core library
version which OpenVPN 3 Linux is compiled against.
* Update to OpenVPN 3 Core Library v3.7.1
This update of the OpenVPN 3 Core library is a maintenance release.
The changes which touches OpenVPN 3 Linux is related to the ovpn-dco
kernel module support. On systems running more VPN sessions in
parallel with DCO (Data Channel Offload) enabled, the Core library
could in some situations perform operations on the wrong DCO
interface.
* Bugfix: Web based authentication with OpenVPN Access Server fix
When connecting to OpenVPN Access Server configured with web based
authentication (i.e. SAML), the authentication could fail on
renegotiations. The fix currently applied will require to import
the Access Server profile once again. This will be improved
further in the next release.
<https://github.com/OpenVPN/openvpn3-linux/issues/154>
* Bugfix: Python warning with openvpn3-as on Ubuntu 22.04
When running the openvpn3-as utility on Ubuntu 22.04 it would complain
about using a deprecated ssl.SSLContext() mode. This has
been updated to use the preferred mode.
* Bugfix: openvpn3 command line bash-completion
The bash-completion support has been changed to avoid adding an
additional space after file and directory names.
The complete list of changes:
David Sommerseth (74):
tests: Improve MachineIDTest::get_systemd_api test
build: Split up proxy-netcfg into a manager and device compilation unit
core: Update to latest OpenVPN 3 Core Library 3.7 development
shell: Fix proposing more options to --config shell completion
shell: Fix trailing spaces in bash-completion
build: Generate C compatible header file
dbus: Add missing #include in glibutils.hpp
log: Move LogTag into its own compilation unit
log: Extend LogTag to enable/disable the tag mark encapsulation
log: Extend LogTag with copy constructor
log: Add new helper classes for log meta data
log: Implement the new meta data log handling
log: Extend LogMetaDataValue to process LogTag objects
log: Extend LogMetaData with GetMetaDataRecords() method
log: Use LogTag in Logger class instead of std::string
common: Allow setting default filename in Configuration::File ctor
common: Extend Configuration::File with Get/Set for more data types
log: Re-implement configuration state saving
log: Switch to GLibUtils::ExtractValue in LogEvent
log: Implement LogTag prefix configuration setting
log: Extend LogEvent with LogGroup/Category string extraction
log: Add support for native systemd-journald logging
log: Implement systemd-journald support in openvpn3-service-logger
log: Split logwritter.hpp into its own compilation unit
log: Split out StreamLogWriter and ColourStreamWriter
log: Split out SyslogWriter to its own compilation unit
log: Split out JournaldWriter to its own compilation unit
log: Final change of the logwriter.hpp split-up refactoring
log: Extend LogWriter API to provide backend info
log: Extend net.openvpn.v3.log interface with log_method property
cli/log: Provide information about logging method in use
cli/log: Add admin --enable-log-prefix config setting
log: Fix memory corruption with syslog/openlog()
log: Rework initial opening information in logger service
common: Extend Configuration::File with GetFilename()
log: Extend state/config file option coverage
log/logger: Simplify exclusive option check
log/logger: Rework configuration/state loading
log/logger: Extend with D-Bus property for config_file
common: Add missing include files in cmdparser-exceptions.hpp
cli/log: Add new options for logger config file management
logger: Enable --journald as default log method
build: Don't use space in PACKAGE_NAME
docs/man: Add missing --auth-req option in openvpn3 session-auth
docs: Added GitHub pull-request template
log: Avoid halting logger startup on missing log-service.json
dbus: Make bus_name and interface protected members in DBusProxy
dbus/proxy: Check if property proxy is configured
dbus/connection: Add extra connection tests in DBus constructors
common: Add PlatformInfo API
client: Send platform OS/distro peer information to server
client: Simplify IV_GUI_VER string
utils: Fix incorrect string concat in get_guiversion()
tests/unit: Handle PlatformInfo::DBus error gracefully
python: Use ssl.PROTOCOL_TLS_CLIENT in openvpn3-as
configmgr: Initialise all members of ConfigurationObject class
common: inline optparser_mkline function in core-extensions
build: Fix clang++ warnings related to __LINE__ usage
sessionmgr: Remove not needed namespace reference
build: Fix missing override issues in logging and netcfg-signals.hpp
log: Remove not used class variable in LoggerProxy
log: Add virtual destructor in LogTag
log: Pass the LogTag objects as smart pointers
tests: Extend LogMetaData unit tests (LogMetaData, LogMetaDataValue)
client: Add workaround for OpenVPN Access Server web authentication
tests/core: Extend profilemerge-optionlist with dump functionality
ovpn-dco: Update to latest headers
docs: Add details about nscd and sssd
log: Fix lacking LogWriter::AddMeta() doxy doc
log: Fix missing O3_LOGTAG meta data variable
cli/log-service: Fix incorrect change detection for log prefixing
cli/log-service: Correct the behaviour with journald and D-Bus details
distro: Improve openvpn3-session@.service unit
core: Update to OpenVPN 3 Core Library v3.7.1
Jagadeesh Kotra (1):
docs/client: fix typo in net.openvpn.v3.client docs
Raphael Mader (1):
log: Fix non-systemd build