OpenVPN 3 Linux v23 (Stable release)
The v23 release is stable release which expands the distribution target
since v22_dev was released. The goal for this step was to stabilize the
codebase which was migrated to GDBus++ and the new Meson building system.
This release brings back the OpenVPN 3 AWS-VPC Add-on which was not
ready for the v22_dev release. This service has also been migrated to
use GDBus++. The behaviour of this add-on should otherwise be identical
to the service shipped in v21 and older releases.
In addition, a new add-on is included in this release. The Cloud Connexa
service is being extended with a new functionality, referred to as Device
Posture Checks (DPC). This feature will enable the VPN server to request
certain checks to be performed on the client side and reported back to
the server. These checks are restricted to what the new OpenVPN 3 Device
Posture Service (openvpn3-service-devposture) provides. To enable the
client-side functionality, the VPN client configuration must be pre-
imported and an Enterprise ID must be assigned to the configuration
profile. That will allow the server to request Device Posture Checks
to be performed.
The currently implemented DPC tests only provides platform information,
like Linux distribution name and version, kernel versions, CPU
architecture and the client's local time. In future releases, more tests
may be implemented.
Known issues:
- Shell completion may list duplicated options in some cases
- openvpn3-admin journal --since has a time zone related issue
and may not list all log events within the closest hours.
Other changes:
* Improvement: Upgrade to OpenVPN 3 Core Library v3.10.1
This library update provides the functionality to provide the
Device Posture Check functionality in the OpenVPN wire
protocol. A fix to resolve compilation errors when the
-Wnon-virtual-dtor compiler flag is enabled is included too.
* Bugfix: Report client and version correctly in IV_GUI_VER
The v22_dev release unfortunately changed the format of the
IV_GUI_VER. It would report: 'openvpn3-linux/v22:dev' when
it should have been 'OpenVPN3/Linux/v22_dev'. This has
been corrected.
* Bugfix: --tag option not working with config-import or config-manage
A regression bug was introduced in v22_dev which handled the
available tracking of Configuration Manager features incorrectly
and ended up disabling this feature in the openvpn3 config-import
and openvpn3 config-manage commands. This has been fixed.
* Bugfix: systemd-resolved support rejected IPv6 DNS resolver address
An oversight in the systemd-resolved implementation refused to accept
pushed DNS resolver addresses when it was an IPv6 address. This has
been fixed and both IPv4 and IPv6 addresses are now fully supported.
* Improvement: Python configuration parser support for --connect-retry{,-max}
The Python configuration parser in the openvpn3 module did
not provide a pass-through for --connect-retry and --connect-retry-max
options. This would result in configuration profiles containing
these options would not function when using the Python based tools
while it would work using the 'openvpn3' command.
Credits
-------
Thanks goes to those continuing testing and reporting issues. A
special thanks to Grzegorz Gutowski who provided the fix to the
Python module. He is also the project lead behind the openvpn3-indicator
project, which provides a tray-icon for OpenVPN 3 Linux. If you
use a graphical desktop, that's a project worth checking out!
Many thanks also goes to Razvan Cojocaru who has stepped in providing
many great improvements and done all the work for the Device Posture
support in OpenVPN 3 Linux. And Lev Stipakov who migrated the
OpenVPN 3 AWS-VPC add-on service to GDBus++
---- Changes from v22_dev to v23 ---------------------------------------
David Sommerseth (24):
configmgr: Load configuration profiles before starting the D-Bus service
netcfg: Make NetCfgNotifSubscriptions use uint32_t as filter bit mask
codestyle: Fix minor code style deviations
build: Enable overriding OpenVPN 3 Core Library version string
scripts: Modify the output of the --gui-version
addons/devposture: Fix compilation error with older JsonCpp libraries
addons/devposture: Make devposture-proxy test program more generic
addons/devposture: Document the Enterprise Profile file format
build: Install some additional documentation by default
docs: Clarify a GDBus++ and mbed TLS build dependencies better
build: Set PACKAGE_NAME to 'OpenVPN3/Linux'
Some minor #include clean-ups
configmgr: Cleaning up #include files
configmgr: Use CoreLog for logging events from the Core library.
client: Don't stop if devposture service is unavailable
devposture/test: Improve argument parsing in devposture-proxy
addon/devposture/proxy: Properly re-throw DevPosture::Proxy::Handler exceptions
netcfg/resolved: Factor out resolved::Exception to a separate file
tests/resolved: Extend systemd-resolved proxy test client with IPv6 support
netcfg/resolved: Add new D-Bus IP Address parser class
netcfg/resolved: Use GDBus++ glib2 helpers extracting data in SearchDomains::GetGVariant
netcfg/resolved: Plug-in resolved::IPAddress into ResolverRecord
netcfg/resolved: Refactor out resolved::ResolverRecord
core: Update to OpenVPN 3 Core Library v3.10.1
Grzegorz Gutowski (1):
python: Pass through --connect-retry and --connect-retry-max
Lev Stipakov (5):
netcfg: use proper C++ base type for NetCfgChangeType
netcfg/proxy: Check non-response call for nullptr before freeing
configmgr: remove unused class members
addons/aws: Switch to GDBus++
addons/aws: adapt to core RandomAPI changes
Razvan Cojocaru (10):
core: Update to OpenVPN 3 Core Library releaseprep/3.10
addons/devposture: Add openvpn3-linux-devposture
configmgr: Add the enterprise-profile override
ovpn3cli/config: Add openvpn3 config-manage --enterprise-profile
client: Plug in Device Posture support
configmgr: Use a regular expression to determine version number
configmgr: Accumulate proxy feature flags instead of overwriting
netcfg: Check stub-resolv.conf before giving up on systemd-resolved
common: give SingleCommand a virtual destructor
addons/devposture: Add core_ver and extra_ver to client_info