OpenVPN 3 Linux v9 (beta)
The highlights of this release are:
* Feature: New AWS VPC add-on service (openvpn3-service-aws) which
can be configured on EC2 Linux hosts deployed inside an AWS Virtual
Private Cloud (VPC). This allows the host running an OpenVPN 3 Linux
client with this service configured to act as a proper VPN gateway
for hosts inside the VPC. The AWS service will update the VPC
configuration dynamically, adding and removing routes pushed to the
VPN client.
* Bugfix: openvpn3 session-manage --restart and --resume
modes would not respond to re-authentication requests required by the
VPN server
* Bugfix: openvpn3 session-start and openvpn3 session-manage
commands would not handle CTRL-C (SIGINT) situations properly during
the connect phase to the remote server or when asking for user input.
Prior releases would just leave the VPN session running in the
background. To get rid of these background sessions the user had
to also use openvpn3 session-manage --disconnect to really stop
these lingering sessions. With this update, interrupting the
openvpn3 session-start and openvpn3 session-manage operations
during the connect phase or when acquiring user input, will result
in the running VPN session will be properly shutdown.
* Bugfix: openvpn2 will now properly ignore the --dev-node
option. This option has not functionality on OpenVPN running on
Linux and can be safely ignored.
* Documentation: The openvpn2(1) man page now renders properly. The
D-Bus service documentation for net.openvpn.v3.netcfg has also
been improved.
* SELinux: The policy file needed on hosts with SELinux enabled has
been relocated to a more proper location for such extensions, moving
it out of /etc/openvpn3/selinux. A slightly modified version
of this SELinux policy has also been accepted for inclusion in the
upstream SELinux reference policy project. Packagers needs to
ensure this policy is not shipped on distributions with a recent
enough reference policy. See the GitHub pull-request #209 [1] in
the SELinux referenece policy project for details.
The complete overview of all changes:
David Sommerseth (13):
selinux: Clean up SELinux policy
selinux: Compress the policy and move install dir
build: Rework SELinux logic with --disable-selinux-build
addons/aws: Implement proper option parser
log/core: Extend CoreDBusLogBase to also set LogGroup
docs: Update D-Bus service doc for net.openvpn.v3.netcfg
selinux: Further minor improvement to policy module
python: Add --dev-node to the list of ignored options
docs/man: More rendering improvements to openvpn2(1)
vendor: Update to asio-1.14.0
ovpn3cli/session: Handle re-authentication for --resume/--restart
ovpn3cli/sessions: Improve SIGINT handling when starting/resuming sessions
ovpn3cli/session: Improve user input of credentials
Lev Stipakov (5):
netcfg/cli.cpp: add missing #ifdef guard
Add missing override declaration
Update to latest openvpn3-core library
addons: Add Amazon Web Service VPC support
man: Add conditional man page for openvpn3-service-aws
[1] <https://github.com/SELinuxProject/refpolicy/pull/209>