OpenVPN 3 Linux v21 (stable)
This is primarily a maintenance release with several minor bug fixes
and general improvements.
* Improvement: Upgrade OpenVPN 3 Core Library to v3.8.2
This is an upgrade from Core Library 3.7, which provides more
enhancements and adds support for the newer ovpn-dco-v2 kernel module
* Bugfix: OpenVPN 3 Linux AWS VPC lacks support for IMDSv2
mattjbyrd reported the AWS VPC integration was not working with EC2
instances where IMDSv2 was enforced. This issue is resolved with
the OpenVPN 3 Core Library upgrade.
Details: <https://github.com/OpenVPN/openvpn3-linux/issues/192>
* Bugfix: Python StatusCallback did not work without LogCallback enabled
Jeremy Fleischman reported an issue related the openvpn3 Python
module did not work when just setting up a
SessionManager.StatusCallback() method. He provided a fix which is
now included in v21. Thanks a lot, Jeremy!
Details: <https://github.com/OpenVPN/openvpn3-linux/commit/ba6fe37e7e28d1e633b56052383da3072f03c11e>
* Bugfix: openvpn3 config-manage override may not always work
The openvpn3 config-manage override options would in some cases not work
due to a programming error related to an internal set_override() method
and the SetOverride() D-Bus method. The result was that typically
string values ended up empty. Now all the overrides can be configured
again.
* Bugfix: OpenVPN 3 Python based configuration parser issues
Several options and --profile-overrides did not work or was completely
missing, like the dns-scope and allow-compression overrides. This
has been improved and the list of overrides should now be up-to-date
with openvpn3 config-manage.
The Python based option parser also did not fully support overrides
with a boolean true/false setting properly. This has also been
fixed.
* Improvement: Detect needed host specific settings during package install
The OpenVPN 3 Linux v20 introduced the openvpn3-admin init-config
command. This has been further improved and will now be run
automatically during the package installation. This command will
probe the system for important features on the system, like what
kind of system logging is in use, what kind of DNS resolver
approach being available (systemd-resolved, /etc/resolv.conf) as
well as doing other sanity checks, like if the needed openvpn
user/group is present, important directories being configured
correctly and that SELinux based systems have the proper file
contexts set up.
The default behaviour is that existing configuration changes done
will NOT be overwritten. But if no settings has been set, it will
generate configurations files better matching the running system.
* Improvements: OpenVPN 3 Log Service
The OpenVPN 3 Log service (openvpn3-service-logger) made it
hard to track where Attached: and Detached: log events came
from. This does now add a PID reference, which can be traced
more easily in the logs.
* Improvements: OpenVPN 3 Configuration Manager feature support tracking
When upgrading OpenVPN 3 Linux versions, there might be situations
where an older OpenVPN 3 Configuration Manager will be running but
the openvpn3 command line tool is newer. When the command line tool
attempts to access features in the Configuration Manager backed not
available, it would result in an error and a poorer user experience.
The code providing the glue interface for the calling side (openvpn3)
has been extended with a feature/version mapping, so it can filter out
operations not supported if the backend version is lacking certain
functions. In most cases, the openvpn3 config commands will then
continue to work as before, just not providing access to features
available in newer back-ends.
A similar functionality is planned for the Session Manager and is
being considered for the OpenVPN 3 Python module.
* Improvements: OpenVPN 3 Python module
Configuration profiles from OpenVPN Access Server and
some times OpenVPN Cloud Connexa will often contain "meta options",
typically prefixed with "# OVPN_". The Python parser would
not accept several of the deprecated meta options. The
parser has now been extended to filter out those options not
needed, used or supported by the OpenVPN 3 Core Library.
* Improvements: Adjustments needed to satisfy Debian packaging
Several minor issues has been done to satisfy the Debian package linter
utility. There are still some issues left, some will not be possible
to improve before Debian ships with a newer dbus-daemon - as we need
functionality present in a newer release. The dbus-broker is also
lacking a similar functionality currently.
This work is also done in collaboration with Marc Leeman who is
working on providing an native Debian repo package for OpenVPN 3 Linux.
Thanks a lot, Marc!
Details: <https://github.com/OpenVPN/openvpn3-linux/issues/193>
* Feature: Label/tag support for imported OpenVPN configuration profiles
The OpenVPN 3 Configuration Manager and the openvpn3 config-manage and
configs-list commands has been extended to with the ability to add one
or more text labels to configuration profiles. At import time, the
openvpn3 config-import command can also assign tags immediately.
Users with many imported configuration profiles can more easily filter
which configurations shown with the openvpn3 configs-list command.
Other tools (openvpn3-as, openvpn-connector-setup) will also make use
of this feature as they are being updated, to more easily understand
where a configuration profile arrived from.
* Feature: JSON formatted output with openvpn3 configs-list and config-dump
The list of configurations can now be retrieved as a JSON formatted
list via the openvpn3 configs-lists.
The openvpn3 config-dump will normally dump the normal configuration
using the standard OpenVPN configuration file format. The JSON format
will contain all the additional meta options, overrides and access
control lists not expressed in the standard file format. This format
is the same format used internally for persistent configuration
profiles.
* Feature: Filtering options when retrieving available configurations
The openvpn3 configs-list command has been extended with several
filter arguments to only extract filters with a specific tag or
owner as well as a simple prefix filter on the configuration name.
The OpenVPN 3 Configuration Manager also exposes two new D-Bus
methods to retrieve available configuration profiles based on a
tag or owner.
* Feature: Simple and verbose list formats in openvpn3 configs-list
The default listing in openvpn3 configs-list has been simplified
and will only list one configuration profile per line now. The
more comprehensive list can be retrieved using the --verbose
argument. The verbose list will also include configuration tags.
---- Changes from v20 to v21 -------------------------------------------
Antonio Quartulli (2):
ovpn3cli/init-config: use namespace NetCfg::DNS also if no systemd is available
netcfg-dco: remove code made obsolete by ovpn-dco-v2
David Sommerseth (128):
Update GitHub pull-req template
configmgr: Add override caching to OpenVPN3ConfigurationProxy::GetOverrides()
configmgr: Extend Configuration Proxy with GetOverrideValue()
ovpn3cli/config: Explicitly provide DNS Resolver Scope setting
netcfg/dns: Enable default DNS routing when scope is global
netcfg/dns: Document the NetCfg::DNS::systemdResolved::updateQueueEntry properties
build: Fix improper cleanup
aws: Remove execute flag on systemd unit file
log: Save a flag for changed properties in LogServiceProxy
log: Extend LogServiceProxy to track what the original value was
ovpn3cli/admin: Refactor log-service command
docs: Improve doxygen setup
common: Add missing header file in lookup.hpp
netcfg/dns: New method - ResolvConfFile::GetNameServers()
ovpn3cli: Extend init-config to also consider /etc/resolv.conf
log: Extend LogMetaDataValue to handle integers
log: Parse the O3_INTERNAL_METHOD meta data
log: Extend Logger with GetLogTagPtr() method
log/service: Refactor out log detaching logic to separate method
log/service: Enable automatic cleanup of stray subscriptions
python: Fix ConfigParser.ReadConfigFile not removing semicolon comments
Update to OpenVPN 3 Core library v3.8 baseline
client: Check if the configuration is DCO compliant before start
vendor: Update to ASIO 1.28.0
log: Add caller PID to Attach/Detach calls
docs: Remove Linux distributions which is no longer supported
log: Strip double {tag:...} references in openvpn3-admin journal output
core: Update to latest OpenVPN 3 Core 3.8 related changes
ovpn3cli: Add --exists and --quiet to config-manage
configmgr: Add missing #include<dbus/path.hpp>
docs: Add missing configmgr description: SetOverride/UnsetOverride
configmgr: Add support for assigning tags to config profiles
configmgr: Preserve configuration profile tags on disk
configmgr: Return gracefully if a method call is not processed
configmgr: Expose C++ method for checking config profile tags
configmgr: Add D-Bus method to search for config profile tags
configmgr/proxy: Extend proxy object with tag management
ovpn3cli: Show config profile tags in config-manage
configmgr/proxy: Improve tag management error handling in proxy object
ovpn3cli: Add tag management to config-manage
ovpn3cli/config-manage: Consider --quiet in all informational output
configmgr/proxy: Make tag prefix 'system:' reserved
python: Extend Configuration implementation with tag management
python: Implement SearchByTag() in ConfigurationManager object
python: Extend ConfigurationManager.Import() to add system tags
python/openvpn3-as: Add an openvpn3-as specific system tag on import
configmgr: Refactor ConfigManagerObject D-Bus method call handler
configmgr: Refactor ConfigurationObject D-Bus method call handler
configmgr: Rework the config profile usage counter check logic
configmgr: Replace __FUNCTION__ macro in GLibUtils calls
core: Switch to OpenVPN 3 Core version 3.8
configmgr: Reorder #include files
configmgr: Remove stray handler_fetch_json() method
configmr: Refactor g_variant_get() calls, use GLibUtils instead
dbus/glib: Extend GVariantBuilder helpers with type override
configmgr: Refactor std::vector D-Bus return values to use GLibUtils
configmgr/proxy: Refactor g_variant_get() calls, use GLibUtils instead
dbus: Extend GLibUtils with ParseGVariantList()
configmr/proxy: Refactor proxy code retrieving D-Bus arrays
ovpn3cli: Add --filter-config to configs-list command
configmgr/proxy: Extend proxy object with tag search
ovpn3cli: Add --filter-tag to configs-list command
configmgr: Add D-Bus method to search for profiles by specific owner
configmgr/proxy: Extend proxy object with SearchByOwner()
ovpn3cli: Add --filter-owner to configs-list
ovpn3cli: Add --count to configs-list
ovpn3cli: Improve configs-list output
client: Do not reset empty env array in backendstart
core: Update to OpenVPN 3 Core library v3.8.1
dbus: Clean up odd init booleans in DBusProxy
dbus: Cleaning up impropoer DBusProxy internal proxy pointers freeing
dbus: Remove the DBusProxy() constructor accepting DBus() objects
dbus: Protect DBusProxy::proxy pointers changes better
ovpn3cli: Fix signedness comparison issue in cmd_config_manage()
netcfg: Fix improper use of std::move() variables in NetCfgProxyException
dbus: Fix copy-paste error in DBusProxy destructor
configmgr: Use a better data type for timestamps in JSON Export()
netcfg/unit: Add DNSResolverSettings.AddNameServer_multiple test
netcfg/dns: Replace RC/RCPtr with std::shared_ptr in ResolverSettings
netcfg/dns: Be consistent with for-iterators in SettingsManager
dbus: Add more details when dbus_proxy_call() fails
dbus: Fix incorrect use of proxy object in DBusProxy::GetNameOwner()
build: Add a few missing #include files
netcfg/dns: Improve details on file removal in FileGenerator::Write()
netcfg/dns: Catch and report errors in ResolvConfFile::~ResolvConfFile()
netcfg: Check fd properly before close() in NetCfgServiceObject::protect_socket()
common: Fix potential memleak in SingleCommand::parse_commandline()
common: Fix incorrect arg passing in Configuration::OptionMapEntry
common: Fix incorrect lambda arg passing in Configuration::File
docs: Fix incorrect signal signature for netcfg.NetworkChange
ovpn3cli/configs-list: Add --json output format
build: Do not distribute ovpn-dco header as part of openvpn3-linux
configmgr: Use Json::Value::UInt64 instead of uint64_t
dbus/glibutils: Don't initialize std::stringstream
configmgr: Check override type as well as D-Bus type in set_override()
configmgr: Add missing #include in overrides.hpp
configmgr: Fix incorrect set_override() declaration
configmgr: Fix lacking config override value extraction
configmgr/tests: Update config-override-selftest exception checks
python: Add support for --ignore-unknown-option in openvpn2
core/config: Extend OpenVPN Access Server configuration support
core/config: Filter out meta-options in OptionListJSON::json_export()
tests: Add unit test for OptionsJSON string and JSON export methods
common: Extend ParsedArgs::Present(std::vector<>) to optionally return empty string
ovpn3cli: Don't throw an exception in config-manage if operation is not found
python: Fix typ0 in error message with incorrect override key
python: Move supported profile overrides definition
python: Ensure --profile-overrides is not put into generated config
python: Add support for allow-compression profile override setting
ovpn3cli/config: Move openvpn3 config-import into a separate compilation unit
ovpn3cli/config: Extend JSON schema used by config-dump --json
python: ConfigParser does not process boolean overrides correctly
python: Add support for dns-scope profile override in ConfigParser
core: Update to OpenVPN 3 Core library v3.8.2
configmgr/proxy: Add framework for backend feature checking
configmgr/proxy: Add CfgMgrFeatures::TAGS checking
ovpn3cli/config: Add feature check for configs-list and config-manage
configmgr/proxy: Add forcing feature loading in the OpenVPN3ConfigurationProxy
ovpn3cli/config: Add --tag support to config-import
ovpn3cli/config: Fix typo in JSON key for transfer_owner_session
ovpn3cli/config: Add missing feature check in config-dump
proxy: Fix incorrect version extraction logic with non-service root paths
build: Rework the OpenVPN 3 Core library version macro (OPENVPN_VERSION)
python: ConfigParser does not accept --bind
python: ConfigParser did not accept dns-fallback-google and persist-tun overrides
docs/man: Use the proper section tag in openvpn3-systemd.8
misc: Fixing several typ0s all over the code base
docs: Minor touches to README and BUILD docs
Frank Lichtenheld (1):
docs/man: Fix description in openvpn3-config-manage man page
Jeremy Fleischman (1):
python: Fix StatusChangeCallback() so it works without a LogCallback