openvpn / openvpn3-linux Goto Github PK

View Code? Open in Web Editor NEW

547.0 44.0 142.0 4.78 MB

OpenVPN 3 Linux client

License: GNU Affero General Public License v3.0

Shell 0.36% C++ 86.01% Python 10.47% CMake 0.55% JavaScript 0.05% Meson 2.55%

openvpn vpn-tunnel vpn-client linux dbus security vpn

openvpn3-linux's People

Stargazers

Watchers

Forkers

wei576262547 jeis2497052 jiuzhuaxiong guozanhua jmcabandara realtime4life kristallwang umtkrl1993 szczygielskid bestjie lightvpn githubfocus benyanke pepe-invest chinesefree slamj1 thewafflication kikou2016 beenjaminmb bohdanhamulets lifenng smxzi zorro2000se ed-os han767 anhduy0962 httpsgithu watemlifts sitedata vlad0115 yogeshchandola highland-custom-designs wuju86 adot-martin changsongyang adityavs robertozz nigelwz swsjonathan stribog-konsult-ltd rc-chuah raynersec sivakumar46 shawshining mvoitko claytonburns krstnaparker bendb-instacart petercrosby oribenhur kmihiranga isabella232 wookieesnacks kenux-sudo worratep2546 dylu6699 inkythousand rloutrel icecreamrua my-2-test ricardocchaves rodrigo-calovi salewski chamuel86 blogericg felipealfonsog axkami drcomvampi1 classicvalues optydeviocourses nashsequeira katteyoung gptubpkcshkzjc8fkcrxudk6sbecpm49p5xu46u potatoparser fldu mattock tsuibin ghassanmab jkotra d12fk techsd webzcc gugen-otsuki pks-os jhonedoe993 ab49k swebdev100 805jurassicparkharp dsch obleey xgtat guilherme-argentino mascazubi abdalhalanz45 nicolas-hubup raphmad gmh5225 sallamy2580 asgardkali mralone9021

openvpn3-linux's Issues

Failed to start new session: Connection not ready to connect yet (object does not exist)

when I run sudo openvpn3 session-start --config client.ovpn on ubuntu 18.04 It failed, it prints:

Using configuration profile from file: client.ovpn
Session path: /net/openvpn/v3/sessions/f004337ds9e88s4d23s8d9esd5027a5b0972
Auth User name:
Auth Password: 
Enter Google Authenticator Code: 165297
session-start: ** ERROR ** Failed to start new session: Connection not ready to connect yet (object does not exist)

and on journalctl -ex:

 1월 20 00:23:19 bhyoo-virtual-machine dbus-daemon[927]: [system] Activating service name='net.openvpn.v3.sessions' requested by ':1.115' (uid=0 pid=5804 comm="openvpn3 session-start --config client.ovpn " label
 1월 20 00:23:19 bhyoo-virtual-machine net.openvpn.v3.sessions[927]: OpenVPN 3/Linux v7_beta (openvpn3-service-sessionmgr)
 1월 20 00:23:19 bhyoo-virtual-machine net.openvpn.v3.sessions[927]: OpenVPN core 3.git:HEAD:1668f1cd linux x86_64 64-bit
 1월 20 00:23:19 bhyoo-virtual-machine net.openvpn.v3.sessions[927]: Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved.
 1월 20 00:23:19 bhyoo-virtual-machine net.openvpn.v3.log[4958]: Logger VERB2: Attached: {tag:4455907153902855771}  [:1.116/net.openvpn.v3.sessions]
 1월 20 00:23:19 bhyoo-virtual-machine dbus-daemon[927]: [system] Successfully activated service 'net.openvpn.v3.sessions'
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15979736196443158099} Config Manager INFO: Parsed single-use configuration 'client.ovpn', owner: root
 1월 20 00:23:20 bhyoo-virtual-machine dbus-daemon[927]: [system] Activating service name='net.openvpn.v3.backends' requested by ':1.116' (uid=122 pid=5808 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/openvpn3
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: OpenVPN 3/Linux v7_beta (openvpn3-service-backendstart)
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: OpenVPN core 3.git:HEAD:1668f1cd linux x86_64 64-bit
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved.
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.log[4958]: Logger VERB2: Attached: {tag:3185898936652274477}  [:1.117/net.openvpn.v3.backends]
 1월 20 00:23:20 bhyoo-virtual-machine dbus-daemon[927]: [system] Successfully activated service 'net.openvpn.v3.backends'
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: Re-initiated process from pid 5817 to backend process pid 5818
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: OpenVPN 3/Linux v7_beta (openvpn3-service-client)
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: OpenVPN core 3.git:HEAD:1668f1cd linux x86_64 64-bit
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.backends[927]: Copyright (C) 2012-2017 OpenVPN Inc. All rights reserved.
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.log[4958]: Logger VERB2: Attached: {tag:15086041118856162295}  [:1.118/net.openvpn.v3.backends]
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.log[4958]: Logger VERB2: Attached: {tag:15921432625201831649}  [:1.118/net.openvpn.v3.sessions]
 1월 20 00:23:20 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15086041118856162295} Client VERB1: Initializing VPN client session, token 8e178843t404ct4f28t84e7t9760cc0a3c2e
 1월 20 00:23:21 bhyoo-virtual-machine openvpn3-servic[5818]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
 1월 20 00:23:21 bhyoo-virtual-machine dbus-daemon[927]: [system] Rejected send message, 0 matched rules; type="method_return", sender=":1.118" (uid=122 pid=5818 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/op
 1월 20 00:23:26 bhyoo-virtual-machine net.openvpn.v3.log[4958]: Logger VERB2: Detached: {tag:3185898936652274477}  [:1.117/net.openvpn.v3.backends]
 1월 20 00:23:27 bhyoo-virtual-machine openvpn3-servic[5818]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
 1월 20 00:23:27 bhyoo-virtual-machine dbus-daemon[927]: [system] Rejected send message, 0 matched rules; type="method_return", sender=":1.118" (uid=122 pid=5818 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/op
 1월 20 00:23:32 bhyoo-virtual-machine openvpn3-servic[5818]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
 1월 20 00:23:32 bhyoo-virtual-machine dbus-daemon[927]: [system] Rejected send message, 0 matched rules; type="method_return", sender=":1.118" (uid=122 pid=5818 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/op
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15086041118856162295} Client INFO: Starting connection
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15086041118856162295} Client VERB1: Username/password provided successfully for 'isac.yoo'
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15086041118856162295} Client VERB1: Waiting for server response
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:17621744109520087757} Network Configuration INFO: Virtual device '8e178843t404ct4f28t84e7t9760cc0a3c2e' registered on /net/openvpn/v3/netcfg/
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.netcfg[927]: Error while executing NetlinkRoute4(add: 1) ens33: -17
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:17621744109520087757} Network Configuration INFO: Add bypass route to 52.68.183.173 ipv6: no
 1월 20 00:23:32 bhyoo-virtual-machine net.openvpn.v3.log[4958]: {tag:15086041118856162295} Client INFO: Connecting
 1월 20 00:23:34 bhyoo-virtual-machine openvpn3-servic[5818]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
 1월 20 00:23:34 bhyoo-virtual-machine dbus-daemon[927]: [system] Rejected send message, 0 matched rules; type="method_return", sender=":1.118" (uid=122 pid=5818 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/op
 1월 20 00:23:36 bhyoo-virtual-machine openvpn3-servic[5818]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
 1월 20 00:23:36 bhyoo-virtual-machine dbus-daemon[927]: [system] Rejected send message, 0 matched rules; type="method_return", sender=":1.118" (uid=122 pid=5818 comm="/usr/lib/x86_64-linux-gnu/openvpn3-linux/op
 1월 20 00:23:36 bhyoo-virtual-machine kernel: openvpn3-servic[5818]: segfault at 18 ip 000055d134a3481b sp 00007ffc7cf3c9a0 error 4 in openvpn3-service-client[55d1349f5000+147000]
 1월 20 00:23:36 bhyoo-virtual-machine kernel: Code: 48 8b 7d 00 48 85 ff 74 0f 48 89 44 24 08 e8 8c 50 ff ff 48 8b 44 24 08 48 89 45 00 48 89 45 08 48 05 40 02 00 00 48 89 45 10 <48> 8b 43 18 0f b6 90 e9 03 00 
 1월 20 00:23:36 bhyoo-virtual-machine net.openvpn.v3.sessions[927]: terminate called after throwing an instance of 'openvpn::DBusException'
 1월 20 00:23:36 bhyoo-virtual-machine net.openvpn.v3.sessions[927]:   what():  Failed retrieving property value for 'device_path': The name :1.118 was not provided by any .service files

Cannot build on openSUSE

I'm trying to package openvpn3 for openSUSE and running into the following failures with ./configure

checking for OPENSSL... yes
configure: Using ASIO source directory: ./vendor/asio
configure: Using OpenVPN 3 Core Library directory: ./openvpn3-core
checking OpenVPN 3 Core Library version... 3.git:HEAD:ce0c9963
configure: Using ovpn-dco source directory: ./ovpn-dco
./configure: line 7802: syntax error near unexpected token `${datarootdir}/selinux/devel,'
./configure: line 7802: `        AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

I'm not sure where to start figuring this out :-/

Connections fails with `--remote-random-hostname`

Version Used

openvpn3 version
OpenVPN 3/Linux v14_beta (openvpn3)
OpenVPN core 3.git:HEAD:fce979ec linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

Error message

session-start: ** ERROR ** Failed to start new session: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.sessions.error: Failed communicating with VPN backend: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.error.client: Configuration parsing failed: ERR_PROFILE_GENERIC: remote_list_error: remote-random-hostname without PRNG

Improve openvpn3 and Python module to support libsecret for providing credentials automatically

Hello.
If i use many '.ovpn' config files. I set autoload json files: "autostart": false .
This is so that all sessions do not autostar at once.

Then I need to use session-start.
But I have to catch the stdin username/password prompt.

Why is this logic?

Сan solve the problem by making one directory per conf/autoload file. And set "autostart": true .
But all the time using openvpn3-autoload will generate new sessions for one config file.

openvpn3-service-client misinterprets `--keepalive` option

Hi,

I've exported openvpn config file from my Asus router and imported to ubuntu 20.10:
openvpn3 config-import --config client.ovpn
openvpn3 session-start --config-path /net/openvpn/v3/configuration/21672a50xbf... etc
When I try to login: auth user and password, I always get: session-start: ** ERROR ** Failed to start session

Could anyone help, please?

Best,
Rui

keepalive must have at leasdt 3 arguments - docs only outline 2

I am trying to use OpenVPN to connect from Github Actions to a remote server.

Using openvpn2 --config config.ovpn --pkcs12 foo.p12 --daemon I get the following error message:

 ERROR ** org.gtk.GDBus.UnmappedGError.Quark._g_2dio_2derror_2dquark.Code36: GDBus.Error:net.openvpn.v3.sessions.error: Failed communicating with VPN backend: Failed calling D-Bus method Connect: GDBus.Error:net.openvpn.v3.backend.error.standard: Failed executing D-Bus call 'Connect': Configuration parsing failed: ERR_PROFILE_OPTION: option_error: option 'keepalive' must have at least 3 arguments

keepalive 5 20 is defined in the .ovpn file.

https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/man/openvpn2.1.rst#options shows that keepalive accepts 2 args.

How to make openvpn3-linux client work with network manager?

When I connect the VPN using openvpn3 session-start --config client.ovpn I am able to connect to the internet alongwith the VPN local IPs but when I connect using network-manager, I am able to connect to the VPN local IPs but not able to connect to the internet. I have the update-systemd-resolve setup and I am able to resolve DNS while connected to VPN to get that out of the way.

network-manager

aguru@pc:~$ resolvectl query github.com
github.com: 192.30.255.113                     -- link: tun0

-- Information acquired via protocol DNS in 1.1ms.
-- Data is authenticated: no

openvpn3 uses my wifi for all internet and tun0 only for certain IPs?

aguru@pc:~$ resolvectl query github.com
github.com: 13.234.210.38                      -- link: wlp0s20f3

-- Information acquired via protocol DNS in 97.6ms.
-- Data is authenticated: no

The only difference that I could note was the link.

System:

aguru@pc:~$ uname -a
Linux pc 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
aguru@pc:~$ 
aguru@pc:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.2 LTS
Release:	20.04
Codename:	focal
aguru@pc:~$ 
aguru@pc:~$ openvpn3 version
OpenVPN 3/Linux v13_beta (openvpn3)
OpenVPN core 3.git:HEAD:ce0c9963 linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
aguru@pc:~$ 
aguru@pc:~$ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
aguru@pc:~$ 
aguru@pc:~$ nmcli --version
nmcli tool, version 1.22.10

I have 2 openvpn versions (as mentioned in the output above)- any probable conflicts?

From what I can understand nmcli is not able to correctly setup routes that are pushed by VPN server?
Is there someway to correctly setup network-manager?

Rejected options in Python config parser: --data-ciphers / --data-ciphers-fallback

Hi, I connected to a vpn with the openvpn3 command and it works. But as I tried to auto load the vpn it throwed an error.

VPN client is not reporting a MAC/UUID address.

I used the HW address checking script in my openvpn server : OpenVPN Access Server Post_auth Hardware Address Checking Script

When I use openvpn3 in Ubuntu 16.04 / 20.04 , I cannot login my server, here is server log:

VPN Auth Failed: 'VPN client is not reporting a MAC/UUID address. Please verify that a suitable OpenVPN client is being used.' ['VPN client is not reporting a MAC/UUID address. Please verify that a suitable OpenVPN client is being used.']

2021-01-15T15:34:56+0800 [stdout#info] ***** POST_AUTH MAC CHECK: action taken : VPN connection denied with a suitable error message.
2021-01-15T15:34:56+0800 [stdout#info] ***** POST_AUTH MAC CHECK: connection attempt : FAILED

While other OS client is OK (MacOS)

I don't know if my config is wrong .. or openvpn3-linux doesn't report client's MAC address is by design...
Thanks a lot .

Question: It supports ipsec connections?

I need ipsec in my vpn´s

Could not establish a connection with 'net.openvpn.v3.sessions'

We are trying to get this working for NixOS (NixOS/nixpkgs#120352)
However we get the error * ERROR ** Could not establish a connection with 'net.openvpn.v3.sessions
I have not been able to find more debugging information (nothing in journalctl)
Please advise how to proceed.

Thanks!

Port Override Requires Int, but Config Manager Requires Boolen or String for Overrides

I was trying to use the port override in a .autoload file. Using any integer results in the error message, "Unsupported override data type: i." This is true even if I quote the integer. Escaping the quotes (i.e. trying to force the string) errors out because an int is required.

configmgr.hpp OverrideValue set_override function only accepts string and boolean g_types. I would submit a pull request, but I haven't quite used github enough to be comfortable doing so.

Cannot install on Fedora 34

$ sudo yum install openvpn3-client
[sudo] password for user: 
Last metadata expiration check: 1:14:56 ago on Wed 28 Apr 2021 12:31:59 PM PDT.
Error: 
 Problem: conflicting requests
  - nothing provides libprotobuf.so.24()(64bit) needed by openvpn3-client-13-0.beta1.fc34.x86_64
(try to add '--skip-broken' to skip uninstallable packages)

Looks like Fedora shipped with protobuf 3.14 which has libprotobuf.so.25, not .24.

Configurations using --pkcs12 for key/cert/ca are not working

READ THIS CAREFULLY BEFORE ADDING A NEW COMMENT

Does your configuration file use the pkcs12 option? If yes, continue. If not, this issue ticket is not your problem - look up another issue or file a new one.
Can you try starting the session using the openvpn2 command line front-end? If that does not work, this issue ticket is not your problem - look up another issue or file a new one.
If you still do not know if your issue is related to the pkcs12 option, search for pkcs12 in the configuration you have?
a) Have you imported your configuration using openvpn3 config-import or do you use openvpn3-autoload? Run this command:
```
  $ openvpn3 config-dump --config $CONFIG_NAME | grep pkcs12
```
If this returns nothing, this issue ticket is not your problem - look up another issue or file a new one.

If you do not know your $CONFIG_NAME, run openvpn3 configs-list and see if you find it there.

b) If you have your OpenVPN client configuration file saved as a file, run this command:
```
 $ grep pkcs12 $CONFIG_FILE
```
If this returns nothing, this issue ticket is not your problem - look up another issue or file a new one.

If you have discovered that your configuration file does make use of the pkcs12 option, then you can continue reading. Otherwise, this issue ticket is not your problem - look up another issue or file a new one.

I set up a clean install of OpenVPN 3 client on my Ubuntu 18.04 machine. When I run:

sudo openvpn3 session-start --config FILENAME.ovpn

I get the following error:

session-start: ** ERROR ** Failed to start new session: Failed calling D-Bus method Ready: GDBus.Error:net.openvpn.v3.sessions.error: Backend VPN process have died.  Session is no longer valid.

This configuration file contains a PKCS#12 file with valid client/ca certs and private key.

Can anyone help figure out what is going wrong here?

Repository - considder adding the [arch=] parameter to (deb) sources lists

Hi,

you may want to add the [arch=] parameter to your downloadable (deb) sources lists, defining the available architectures ege. deb [arch=amd64] https://swupdate.openvpn.net/community/openvpn3/repos buster main.

On Systems that have enabled i386 apt/apt-get update throws a warning otherwise that the repository "..doesn't support architecture 'i386'"

openvpn2 front-end: ModuleNotFoundError

Hey there,

I just want to inform you about one minor bug I noticed on Debian 9 and Ubuntu 18.04:
After compiling and installing the project, using /usr/bin/openvpn2 produces the following error:

/usr/bin/openvpn2 --help

Traceback (most recent call last):
File "/usr/bin/openvpn2", line 45, in
from openvpn3 import StatusMajor, StatusMinor
ModuleNotFoundError: No module named 'openvpn3'

Using openvpn3-linux/src/python/openvpn2 on the other hand works as expected.
openvpn3-linux/src/python/openvpn2 --help (produces expected output)

Alpine/musl support

Currently attempting to build this for alpine, it looks like most things are good, a missing #include <sys/types> and <unistd.h> in a couple spots, but otherwise looks like I should be able to build this.

It would be really nice to just be able to install this via apk, or even the binaries. Building projects like this is not a specialty of mine, so ever updating might be kinda painful.

OpenVPN Client for Ubuntu 18.04LTS with NetPlan Issues

Hi,
I hope this is the right place for this as I couldn't put this in the OpenVPN section for issues. OpenVPN doesn't get DNS resolution on a connection under Ubuntu 18.04LTS since ubuntu went to Netplan for the networking stack. This is becoming an issues for me since this was working under 14.04 and 16.04. Connecting to a pfsense box i was able to do DNS and see the entire network. Under Ubuntu 18.04 I get a connection but broken network connection and not able to hit different vlans under the same pfsense systems. The GUI portion of the client works fine as far as importing configs and what not but the underlying stack is broken. Please advise.

Thanks.

syntax error near unexpected token `${datarootdir}/selinux/devel,' Ubuntu 20.04

Hi dear OpenVpn Team,
I tried to build this project on my Xubuntu 20.04, but it failed when I ran:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/va
And I should verify that autoconf-archive is installed too.

Here is the log:

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to create a pax tar archive... gnutar
checking whether make supports nested variables... (cached) yes
checking for g++... g++
checking whether the C++ compiler works... yes
checking for C++ compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of g++... gcc3
checking for gcc... gcc
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... gcc -E
checking for ranlib... ranlib
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking whether g++ supports C++11 features by default... yes
checking whether g++ supports C++14 features by default... yes
checking for a Python interpreter with version >= 3.5... python3
checking for python3... /usr/bin/python3
checking for python3 version... 3.8
checking for python3 platform... linux
checking for python3 script directory... ${prefix}/lib/python3.8/site-packages
checking for python3 extension module directory... ${exec_prefix}/lib/python3.8/site-packages
checking for LIBLZ4... yes
checking for LIBJSONCPP... yes
checking for LIBGLIBGIO... yes
checking for LIBUUID... yes
checking for LIBCAPNG... yes
checking for OPENSSL... yes
configure: Using ASIO source directory: ./vendor/asio
configure: Using OpenVPN 3 Core Library directory: ./openvpn3-core
checking OpenVPN 3 Core Library version... 3.git:HEAD:5b15dbe9
configure: Using ovpn-dco source directory: ./ovpn-dco
./configure: line 7699: syntax error near unexpected token ${datarootdir}/selinux/devel,' ./configure: line 7699: AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

Error: openvpn3-autoload: error: argument --key: No such file or directory (If the file name contains spaces)

Hi.
Step to reproduce:
add to file name space: 'ovpn config.key'
Edit the config file:
key '/etc/openvpn/client/ovpn config.key' or key "/etc/openvpn/client/ovpn config.key"

Run:
openvpn3-autoload --directory ...
And get error:
Error: openvpn3-autoload: error: argument --key: No such file or directory ' "/etc/openvpn/client/ovpn config.key" '

And it's enough to get an error to specify in the file path (" ") or (' ')

./configure: line 7255: syntax error

Hi, and thanks for the opportunity to try you next thing. Trying to build it on Arch Linux, no luck. I see it's not officially supported, just letting you know.

➜  openvpn3-linux git:(master) uname -a
Linux jotunheim 5.1.7-arch1-1-ARCH #1 SMP PREEMPT Tue Jun 4 15:47:45 UTC 2019 x86_64 GNU/Linux

Current master, same result for v6_beta

➜  src git clone [email protected]:OpenVPN/openvpn3-linux.git
Cloning into 'openvpn3-linux'...
remote: Enumerating objects: 1249, done.
remote: Counting objects: 100% (1249/1249), done.
remote: Compressing objects: 100% (435/435), done.
remote: Total 5150 (delta 873), reused 1179 (delta 808), pack-reused 3901
Receiving objects: 100% (5150/5150), 2.07 MiB | 3.58 MiB/s, done.
Resolving deltas: 100% (3785/3785), done.
➜  src cd openvpn3-linux            
➜  openvpn3-linux git:(master) ./bootstrap.sh 
** Initializing git submodules ...
Submodule 'openvpn3-core' (git://github.com/OpenVPN/openvpn3) registered for path 'openvpn3-core'
Submodule 'asio' (git://github.com/chriskohlhoff/asio) registered for path 'vendor/asio'
Cloning into '/home/etsvigun/devenv/src/openvpn3-linux/openvpn3-core'...
Cloning into '/home/etsvigun/devenv/src/openvpn3-linux/vendor/asio'...
Submodule path 'openvpn3-core': checked out 'e1647eb4072090859ca8ed5b0b6e3b9e24961a9c'
Submodule path 'vendor/asio': checked out '90f32660cd503494b3707840cfbd5434d8e9dabe'

** Updating version.m4 ...
Version: master_346098aef5b1a092

** Running autoreconf ...
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf
autoreconf: running: /usr/bin/autoheader
autoreconf: running: automake --add-missing --copy --no-force
configure.ac:27: installing './compile'
configure.ac:24: installing './install-sh'
configure.ac:24: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
src/python/Makefile.am:34: installing './py-compile'
autoreconf: Leaving directory `.'

➜  openvpn3-linux git:(master) ./configure 
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to create a pax tar archive... gnutar
checking whether make supports nested variables... (cached) yes
checking for g++... g++
checking whether the C++ compiler works... yes
checking for C++ compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of g++... gcc3
checking for gcc... gcc
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... gcc -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking whether g++ supports C++11 features by default... yes
checking whether g++ supports C++14 features by default... yes
checking for a Python interpreter with version >= 3.4... python
checking for python... /usr/bin/python
checking for python version... 3.7
checking for python platform... linux
checking for python script directory... ${prefix}/lib/python3.7/site-packages
checking for python extension module directory... ${exec_prefix}/lib/python3.7/site-packages
checking for LIBLZ4... yes
checking for LIBJSONCPP... yes
checking for LIBGLIBGIO... yes
checking for LIBUUID... yes
checking for LIBCAPNG... yes
checking for OPENSSL... yes
configure: Using ASIO source directory: ./vendor/asio
configure: Using OpenVPN 3 Core Library directory: ./openvpn3-core
checking OpenVPN 3 Core Library version... 3.git:HEAD:e1647eb4
./configure: line 7255: syntax error near unexpected token `${datarootdir}/selinux/devel,'
./configure: line 7255: `        AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

DNS randomly doesn't pop

OS : Ubuntu 20.04 LTS
Openvpn version : OpenVPN 3/Linux v13_beta

Problem :

Randomly, the DNS isn't configured.
I run a systemd-resolve --status and see no DNS.
Restarting it or disconnecting and re connecting fixes the issues most of the time.
I've tried to get a number : Out of 10 disconnection / reconnection, i get the DNS 7/10 times

OpenVPN3 stopped working after kernel update

Installed openvpn3 client as per instructions (https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux).

Everything worked fine until last kernel update.
I can provide more info if needed -- please write back.

Running this openvpn3 version on Debian 10:

$ openvpn3 version
OpenVPN 3/Linux v13_beta (openvpn3)
OpenVPN core 3.git:HEAD:ce0c9963 linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

My system:

$ uname -a
Linux lenovo-m58 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux

and:

$ cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Ubuntu issues with libcap-ng-dev

The readme states that to build, the following packages need to be installed from apt:

build-essential git pkg-config autoconf autoconf-archive libglib2.0-dev libjsoncpp-dev uuid-dev libmbedtls-dev liblz4-dev libcapng-dev

The package libcapng-dev is not found, but libcap-ng-dev is, and allows the build to continue.

Invalid JSON data

I'm trying to setup autoload. I made a folder ~/.config/openvpn3/autoload containing two files client.ovpn and client.autoload where the latter is simply:

{
    "autostart": true,
}

When I run openvpn3-autoload --directory .config/openvpn3/autoload I get the error:

Invalid JSON data in ".config/openvpn3/autoload/client.ovpn": Expecting property name enclosed in double quotes: line 3 column 1 (char 25)

The .ovpn file shouldn't be json right? Or did I misunderstand something. Thanks in advance!

Change pulling of codename to something sensible

In your docs there are multiple errors. You are not after either distro nor releasename

You are after codename. Man lsb_release for more.

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.10
Release:        20.10
Codename:       groovy

Replace

 wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list

with

 wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$(lsb_release -sc).list

example echo

$ echo wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$(lsb_release -sc).list
wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-groovy.list

--disable-selinux-build not working

Hello, I'm trying to package openvpn3@13_beta for NixOS.
I tried to disable the selinux build (that is only needed for distros like fedora) with --disable-selinux-build but I it seems like this switch is ignored :

./configure: line 8859: syntax error near unexpected token `${datarootdir}/selinux/devel,'
./configure: line 8859: `        AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

Reproducing

install nix cf https://nixos.org/guides/install-nix.html
run :

$ nix-store -r $(nix-instantiate -E 'import (builtins.fetchTarball {
  url = "http://github.com/SCOTT-HAMILTON/Nixpkgs/archive/5041c3e9106cb7180c2401804d3d9d7b2be3f508.tar.gz";
  sha256 = "1v7kpc4lz77sx66dd2bvdqwspk8aim4x1libdw65rxbb7f6dsdj8";
}) {}' -A openvpn3)

Here is the full build log :

building '/nix/store/gypx5m3g5inasi12r72q0dakg1dwzfq8-openvpn3-13_beta.drv'...
unpacking sources
unpacking source archive /nix/store/yzfv64z1vjbh1c70sskihb5apzcl5x73-source
source root is source
patching sources
Version: fetchgit_2031975261858750
patching script interpreter paths in ./openvpn3-core/scripts/version
./openvpn3-core/scripts/version: interpreter directive changed from "#!/bin/bash" to "/nix/store/jdi2v7ir1sr6vp7pc5x0nhb6lpcmg6xg-bash-4.4-p23/bin/bash"
autoreconfPhase
autoreconf: export WARNINGS=
autoreconf: Entering directory '.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: configure.ac: not using Intltool
autoreconf: configure.ac: not using Gtkdoc
autoreconf: running: /nix/store/d8xbvj4mnw7idjyfm0lcgw1kyld9cfmh-autoconf-2.70/bin/autoconf --force
autoreconf: running: /nix/store/d8xbvj4mnw7idjyfm0lcgw1kyld9cfmh-autoconf-2.70/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:27: installing './compile'
configure.ac:24: installing './install-sh'
configure.ac:24: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
src/python/Makefile.am:35: installing './py-compile'
autoreconf: Leaving directory '.'
configuring
configure flags: --disable-dependency-tracking --prefix=/nix/store/vrlixi66zh1iali33rnfdl2alq7j6v95-openvpn3-13_beta --disable-selinux-build
checking for a BSD-compatible install... /nix/store/lr96h3dlny8aiba9p3rmxcxfda0ijj08-coreutils-8.32/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... /nix/store/lr96h3dlny8aiba9p3rmxcxfda0ijj08-coreutils-8.32/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to create a pax tar archive... gnutar
checking whether make supports nested variables... (cached) yes
checking whether the C++ compiler works... yes
checking for C++ compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C++... yes
checking whether g++ accepts -g... yes
checking for g++ option to enable C++11 features... none needed
checking whether make supports the include directive... yes (GNU style)
checking dependency style of g++... none
checking for gcc... gcc
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... none
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... gcc -E
checking for ranlib... ranlib
checking whether ln -s works... yes
checking for a sed that does not truncate output... /nix/store/4nf4ih03fcq7gk08spjzxvwph1vyx1kr-gnused-4.8/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking whether g++ supports C++11 features by default... yes
checking whether g++ supports C++14 features by default... yes
checking for a Python interpreter with version >= 3.5... python
checking for python... /nix/store/d44wd6n98f93hjr6q1d1phhh1hw7a17d-python3-3.8.8/bin/python
checking for python version... 3.8
checking for python platform... linux
checking for python script directory... ${prefix}/lib/python3.8/site-packages
checking for python extension module directory... ${exec_prefix}/lib/python3.8/site-packages
checking for liblz4... yes
checking for jsoncpp... yes
checking for gio-2.0... yes
checking for gio-unix-2.0... yes
checking for uuid... yes
checking for libcap-ng... yes
checking for openssl >= 1.0.2... yes
configure: Using ASIO source directory: ./vendor/asio
configure: Using OpenVPN 3 Core Library directory: ./openvpn3-core
checking OpenVPN 3 Core Library version... 3.git:fetchgit:ce0c9963
configure: Using ovpn-dco source directory: ./ovpn-dco
./configure: line 8859: syntax error near unexpected token `${datarootdir}/selinux/devel,'
./configure: line 8859: `        AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'
builder for '/nix/store/gypx5m3g5inasi12r72q0dakg1dwzfq8-openvpn3-13_beta.drv' failed with exit code 2
error: build of '/nix/store/gypx5m3g5inasi12r72q0dakg1dwzfq8-openvpn3-13_beta.drv' failed

NB : I also have to ask if openvpn3 is under agpl3Only or agpl3Plus license cf https://www.gnu.org/licenses/identify-licenses-clearly.html.

Add flag to use system default ASIO on compile

Hi, Firstly thanks for your work.
I'm currently trying to make a user defined openvpn3 client package on archlinux. Actually it's already uploaded on here. And I want to use official asio package of archlinux which is currently 1.14.0 instead of default submodule for maintainability.

So I tried to modify configure.ac but I faced two issues.

even if I set ASIO_SOURCEDIR to system asio path, archlinux does not install asio like there source tree does. asio source tree: asio/asio/include/asio, archlinux: usr/include/asio/ (you can check in Package Contents on here)
I can not set to use system asio on runtime. I did not check source but I guess -DASIO_STANDALONE exists to include asio binary to openvpn3-linux binary. So even if I set ASIO_SOURCEDIR, I can not exclude -DASIO_STANDALONE.

Should I add another flag to set to use system asio? need some help!

Routing using host names does not work

Is seems that routes using hostnames doesent work in .ovpn files,

Example: route xyz.blabla.dk 255.255.255.255 is ignored.

Whereas: route 41.114.122.15 255.255.255.255 works.

openvpn3 Auto logon not working

tried add - auth-user-pass auth.txt in configuration file but still connection failed
Session path: /net/openvpn/v3/sessions/e3e25ec5s478es40e0sb894s67967d978c99
session-start: ** ERROR ** Failed to start session

same configuration file woks without auth.txt ( manually need to pass the credentials)
openvpn3 session-start --config /home/XXXX/openvpn/XXXX.ovpn
Using configuration profile from file: /home/XXXX/openvpn/XXX.ovpn
Session path: /net/openvpn/v3/sessions/2d0b8583sbbc4s48aasaa09sa9012dd8da4a
Auth User name:
Auth Password:
Connected

openvpn3-service-configmgr crashed with SIGABRT

OS: ubuntu 20.04
This is what i see on journalctl

Aug 7 01:11:39 Oris-Laptop dbus-daemon[959]: [system] Activating service name='net.openvpn.v3.configuration' requested by ':1.1442' (uid=1000 pid=19388 comm="openvpn3 config-import --config /home/ori/Download" label="unconfined") (using servicehelper)
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.configuration[19392]: OpenVPN 3/Linux v10_beta (openvpn3-service-configmgr)
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.configuration[19392]: OpenVPN core 3.git:HEAD:bf9f309f linux x86_64 64-bit
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.configuration[19392]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.log[6307]: Logger VERB2: Attached: {tag:8095744316103647505} [:1.1443/net.openvpn.v3.configuration]
Aug 7 01:11:39 Oris-Laptop dbus-daemon[959]: [system] Successfully activated service 'net.openvpn.v3.configuration'
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.configuration[19392]: terminate called after throwing an instance of 'openvpn::option_error'
Aug 7 01:11:39 Oris-Laptop net.openvpn.v3.configuration[19392]: what(): option_error: option was not properly closed out

Python module does not properly handle MFA/OTP authentication

Q: How can I autoload user and password with OTP based MFA dynamic challenge for openvpn3 and only prompt for MFA code?

Attempts Made:

I created the below script to inject OTP based MFA code at request time into a .autoload config with openvpn3-autoload to simplify the login process with our OpenVPN requirements. I figure the script should be able to get around the static requirement until the MFA needs renewal but I am still getting issues with the dynamic_challenge parameter.

I get the following message from connection with the openvpn3-autoload using openvpn3 sessions-list:

Status: Connection, Configuration requires user input: Dynamic Challenge

OpenVPN3 Autoload Credentials Script

    #!/bin/bash
    set -e
    
    ## Requirements
    # - openvpn3
    # - openvpn3-autoload
    
    # When you are logged in you may download a client.ovpn file.  First create a
    # subdir at ~/.openvpn and copy the downloaded file to this directory.  
    
    echo '{"autostart": true,"user-auth": { "autologin": true,"username": "{{ OPENVPN_USR }}", "password": "{{ OPENVPN_PW }}", "dynamic_challenge": "{{ OPENVPN_MFA_CODE }}"},"tunnel": {"ipv6": [ "default" ],"persist": true}}' > ${HOME}/.openvpn/autoload.tmpl
    
    OPENVPN_CLIENT=client
    OPENVPN_USR="my.user"
    OPENVPN_PW="password"
    OPENVPN_USR=${OPENVPN_USR:-`read -p "User login: " OPENVPN_USR; echo $OPENVPN_USR`}
    OPENVPN_PW=${OPENVPN_PW:-`read -p "User Pass: " OPENVPN_PW; echo $OPENVPN_PW`}
    
    read -p "Please enter MFA code: " OPENVPN_MFA_CODE
    
    export OPENVPN_USR=${OPENVPN_USR}
    export OPENVPN_PW=${OPENVPN_PW}
    export OPENVPN_MFA_CODE=${OPENVPN_MFA_CODE}
    
    ## This is an internal tool to our org but you could figure out how to use jq also.
    ## tmpz -t ${HOME}/.openvpn/autoload.tmpl -o ${HOME}/.openvpn/${OPENVPN_CLIENT}.autoload
    rm ${HOME}/.openvpn/autoload.tmpl
    
    # I am open to suggestions if you have a better way.
    openvpn3-autoload --directory ${HOME}/.openvpn

I have tried passing a parameter file like below to the ovpn file with auth-user-pass credentials.txt(ie: dbus).

credentials.txt

    my.user
    password

I get connection failure with auth-user-pass and no dynamic challenge.

ERROR 'NoneType' object is not subscriptable

When I use the command openvpn2 --config client.ovpn --client I get the error
** ERROR ** 'NoneType' object is not subscriptable
It works with openvpn3.

client.ovpn:

dev tun
tls-client
remote [IP] 1194
redirect-gateway def1
dhcp-option DNS 1.1.1.1
pull
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass

Fedora 33 needs systemd-resolved; resolv.conf not being restored properly

after disconnecting from vpn, i am unable to connect again with error:

session-start: ** ERROR ** Failed to connect: Connection, Client reconnect

[:/] openvpn3 version
OpenVPN 3/Linux v13_beta (openvpn3)
OpenVPN core 3.git:HEAD:ce0c9963 linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

Ovpn

Ubuntu 21.04 support

When We can expect support for Ubuntu 21.04 ? Thanks

Remove multiple configs having same name

I was doing the openvpn3-autoload test and ended up with multiple same config name.

➜ openvpn3 config-remove -c openvpn-in* --force
config-remove: ** ERROR ** No configuration profiles found
➜ openvpn3 config-remove -c openvpn-in --force
config-remove: ** ERROR ** More than one configuration profile was found with the given name

I tried doing above but had no success.
Isn't there any hack to remove all the same configs so that I don't have to manually remove each of them.

openvpn3-autoload / ConfigParser.py do not allow the usage of possible argument

Given: The template configuration file from ubuntu 20.04

$ openvpn3 version
OpenVPN 3/Linux v13_beta (openvpn3)
OpenVPN core 3.git:HEAD:ce0c9963 linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

$ less  /usr/share/doc/openvpn/examples/sample-config-files/client.conf

When: Using the 'mute' parameter with openvpn3-autoload
mute 20

Then:

expected: the parameter is accepted
found: (I am still verifying for route-method and route-delay)

Traceback (most recent call last):
  File "/usr/sbin/openvpn3-autoload", line 83, in find_autoload_configs
    opts = openvpn3.ConfigParser(['openvpn3-autoload',
  File "/usr/lib/python3/dist-packages/openvpn3/ConfigParser.py", line 89, in __init__
    self.__opts = vars(self.__parser.parse_args(self.__args))
  File "/usr/lib/python3.8/argparse.py", line 1780, in parse_args
    args, argv = self.parse_known_args(args, namespace)
  File "/usr/lib/python3.8/argparse.py", line 1812, in parse_known_args
    namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python3.8/argparse.py", line 2018, in _parse_known_args
    start_index = consume_optional(start_index)
  File "/usr/lib/python3.8/argparse.py", line 1958, in consume_optional
    take_action(action, args, option_string)
  File "/usr/lib/python3.8/argparse.py", line 1886, in take_action
    action(self, namespace, argument_values, option_string)
  File "/usr/lib/python3/dist-packages/openvpn3/ConfigParser.py", line 863, in __call__
    args = vars(parser.parse_args(shlex.split('\n'.join(cfg),
  File "/usr/lib/python3.8/argparse.py", line 1783, in parse_args
    self.error(msg % ' '.join(argv))
  File "/usr/lib/python3/dist-packages/openvpn3/ConfigParser.py", line 64, in error
    raise Exception("%s: error: %s"  % (self.prog, message))
Exception: openvpn3-autoload: error: unrecognized arguments: --route-method exe --mute 20 --route-delay 2

Can't install openvpn3 on ubuntu - wrong URLs

wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list``

--2021-04-28 10:12:56--  https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-.list
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.18.110.96, 104.18.109.96
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.18.110.96|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2021-04-28 10:12:56 ERROR 404: Not Found.

regards

It didn't like my .ovpn config file

Should I expect it to work with my current openvpn config file?
Tried
openvpn3 session-start --config my-current-connection.ovpn

proto-overwrite isn't working

I'm trying to force openvpn3 to use TCP over UDP by using this
openvpn3 config-manage --config <NAME> --proto-override tcp
but from the log, I see it still uses the UDP

by running openvpn3 config-manage --config <NAME> -s i see there is an overwrite set for it but still it's not getting honored
BTW overwriting the port seems to be taking effect

is there anything I'm missing?

OpevVPn Access Server routing table help needed.

Hello,

I have been trying to setup::

Device A (PLC, static IP=10.10.10.11) 
        |
        | eth0 connection 
        |
Device B (raspberry B 3,  Jessie)
        |
        | OpenVPN  Clients
        |
Device C (laptop, Windows 8.1)

The thing is Device B and Device C are OpenVPN clients connected to same OpenVPN access server running on Ubuntu system. Also I am using wi-fi router for net connectivity.

My IP configurations are:

(Device A) PLC ---> 10.10.10.11

(Device B)R-pi ---> 
cat /etc/dhcpcd.conf

interface eth0 
static ip_address=10.10.10.10/24 
static domain_name_servers=192.168.1.1

VPN network IP= 10.8.0.2

(Device C) Windows 8.1 --->
VPN network IP= 10.8.0.5

My current state is:

ip route

default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
172.27.224.0/23 dev as0t0 proto kernel scope link src 172.27.224.1 
172.27.226.0/23 dev as0t1 proto kernel scope link src 172.27.226.1 
172.27.228.0/23 dev as0t2 proto kernel scope link src 172.27.228.1 
172.27.230.0/23 dev as0t3 proto kernel scope link src 172.27.230.1 
172.27.232.0/23 dev as0t4 proto kernel scope link src 172.27.232.1 
172.27.234.0/23 dev as0t5 proto kernel scope link src 172.27.234.1 
172.27.236.0/23 dev as0t6 proto kernel scope link src 172.27.236.1 
172.27.238.0/23 dev as0t7 proto kernel scope link src 172.27.238.1 
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.61 metric 600

What should be the static routes on router, on OpenVPN Server web UI and on server??

Trying to figure this out for a long time now. But no luck.
Please Help!

"./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var" error

./configure: line 7441: syntax error near unexpected token ${datarootdir}/selinux/devel,' ./configure: line 7441: AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

My config is getting deleted after a reboot

OS: ubuntu 20.04
openvpn3 version

OpenVPN 3/Linux v9_beta (openvpn3)
OpenVPN core 3.git:HEAD:811dac2e linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

I'm using openvpn3 config-import --config <path_to_ovpn_file> to import my client config file to the store.
then I'm changing it's name to be somthing more easy to type
openvpn3 config-manage --path <config_path_from_configs-list> --rename <new_name>

All is good up until I reboot then I lose my configs and I need to do it all over again

Raspbian GNU/Linux support (armv7l/armhf 32-bit)

Is openvpn3 client supported in Raspbian GNU/Linux >?

openvpn3-autoload stills asks for auth credentials

Here's my .autoload config

{
   "autostart": false,
    "name": "openvpn-in",
    "remote": {
        "proto-override": "udp",
        "timeout": "300",
        "compression": "asym"
    },
    "tunnel": {
        "ipv6": "default",
        "persist": true,
        "dns-setup-disabled": false
    },
    "user-auth": {
        "autologin": true,
        "username": "user",
        "password": "secret"
    } 
}

Here's my configs list

Configuration path
Imported                        Last used                 Used
Name                                                      Owner
------------------------------------------------------------------------------
/net/openvpn/v3/configuration/2984ca8fxda0ax416ax997exc50ee5cad031
Tue Sep 15 13:33:59 2020        Tue Sep 15 13:34:28 2020  1
openvpn-in                                                rajesh
------------------------------------------------------------------------------

As soon as I try to connect with my session path, it prompts for an auth.

➜  openvpn3 session-start -p /net/openvpn/v3/configuration/2984ca8fxda0ax416ax997exc50ee5cad031
Session path: /net/openvpn/v3/sessions/2c82f155s145ds4f0dsa4f0s5bd678025e87
Auth User name:

Am I missing anything?

Build doesn't work without selinux

Steps to reproduce:

be on a linux distro with no selinux (I'm using manjaro ARM)
run ./bootstrap.sh then ./configure ... as per building from source instructions
configure exits with an error (details below)
include the flag --disable-selinux-build as per the instructions in ./configure --help

Expected behaviour

./configure command completes successfully

Actual behaviour

./configure command still exits with the same error

Error message during configure, which I receive regardless of the --disable-selinux-build flag:

configure: Using ASIO source directory: ./vendor/asio
configure: Using OpenVPN 3 Core Library directory: ./openvpn3-core
checking OpenVPN 3 Core Library version... 3.git:HEAD:bf9f309f
./configure: line 7436: syntax error near unexpected token `${datarootdir}/selinux/devel,'
./configure: line 7436: `        AX_RECURSIVE_EVAL(${datarootdir}/selinux/devel, selinux_devel_path)'

I worked around this by simply editing and manually deleting the section about selinux from the configure script. Ideally the script would correctly detect selinux availability and exclude generating the policy files if it's not present on the system.

v12 is not asking for 2FA prompt

openvpn3 v12 is not presenting 2FA prompt, we are using a Duo Security 2FA script on the server and works on latest OSX, Windows clients and on v11 for linux.

Thanks

--auth-user-pass flag not working

I'm attempting to use the auth-user-pass config in the client.ovpn and --auth-user-pass via command line but it doesn't appear that either is supported.

When using the command line argument I receive:

sudo openvpn3 session-start --config ~/Documents/client.ovpn --auth-user-pass
            
openvpn3/session-start: unrecognized option '--auth-user-pass'

When I configure my client.ovpn with: auth-user-pass /home/nick/Documents/vpnpass.txt

I receive:

sudo openvpn3 session-start --config ~/Documents/client.ovpn
                 
Using configuration profile from file: /home/nick/Documents/client.ovpn
Session path: /net/openvpn/v3/sessions/7887ed5ds9d9bs494csaf2fsb65cf4906fcb
session-start: ** ERROR ** Failed to start session

My version:

openvpn3 version

OpenVPN 3/Linux v10_beta (openvpn3)
OpenVPN core 3.git:HEAD:bf9f309f linux x86_64 64-bit
Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.

Running without the command line argument and without the auth-user-pass configuration in my client.ovpn works fine but I obviously need to enter my credentials everytime. It would be great to get this supported like it was on openvpn

Thanks!

resolv.conf overwrite by default

By default I use some custom DNS resolvers. But Openvpn3 when activated, overwrite my DNS servers with its preferred one.
I wish to avoid leaking my DNS queries by default, is it possible ?