Comments
dsommers
Tested on RHEL-8 by installing kmod-ovpn-dco from the dsommers/openvpn3 Fedora Copr repository. This packaging depends on common.postinst.
After installing the package:
# dkms status
ovpn-dco/0.2.20240619.1.el8, 4.18.0-553.33.1.el8_10.x86_64, x86_64: installed
ovpn-dco/0.2.20240619.1.el8, 4.18.0-553.el8_10.x86_64, x86_64: installed
This update has been unpushed.
There are coming reports on the CVE fixes impacting some configuration setups negatively.
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27342.html
There are coming reports on the CVE fixes impacting some configuration setups negatively.
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27342.html
This update has been unpushed.
There are coming reports on the CVE fixes impacting some configuration setups negatively. https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27342.html
This update will be pulled until a 2.6.8 release is approaching.
There are coming reports on the CVE fixes impacting some configuration setups negatively. https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27342.html
This update will be pulled until a 2.6.8 release is approaching.
There are issues with the xkey provider needed by Yubikeys and similar external PKI providers. Will spin a 2.6.1-2 build which contains an additional upstream patch.
This update has been unpushed.
As with the Fedora 36 build, I am requiring more +1 karmas to release this one due to the issues this release caused. If there are no -1 within 30 days, this is also considered stable.
An updated 2.5.7-2 build is now on the way into updates-testing. Please test this build and give the appropriate votes. Since this update caused so much issues and regressions, the 2.5.7-2 build requires more +1s than I normally require.
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8ca0f56650
Upstream has sent a patch to the mailing list to be considered: https://patchwork.openvpn.net/patch/2504/
I've put together a few quick test builds
F36: https://koji.fedoraproject.org/koji/taskinfo?taskID=87830798
Rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=87830820
If some of you can do a quick test of those build to see if that helps, I can get a 2.5.7-2 prepared later this weekend.
This contains more related details as well: https://bugzilla.redhat.com/show_bug.cgi?id=2093069
@thm How do you start your client? Via the openvpn-client@.service systemd unit or NetworkManager?
Input and in the BZs here will be brought up with the upstream community as well
@dpsh This is the expected behaviour. With OpenVPN 2.5, the openvpn binary no longer executes ifconfig nor ip commands. It integrates directly using the Netlink interface, provided by the Linux kernel, to configure the tun/tap intefaces and routing.
Thanks for the glob pattern notifications; I see someone created #1953687, which I will follow up.
That is right. The tmpfiles.d stuff is related to systemd, which is EL7 and any Fedora releases after 17 or so. And /var/run/openvpn is packaged properly in openvpn-2.4.2 and openvpn-2.4.3, so this is no longer an issue. The openvpn-2.4.1 package this update is about, is obsolete and outdated.
Sorry, a little clarification. That bz comment you reference, is related to a Fedora release with systemd.
Please test a far newer OpenVPN release. This release is obsolete. OpenVPN 2.4.3 was put submitted 5 days ago.
$ rpm -ql openvpn | grep run
/var/run/openvpn
$ rpm -q openvpn
openvpn-2.4.3-1.el6.x86_64
This should not be an issue at all. You can find it here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9ec615ff74
Btw. the bz you reference is also an invalid reference. That is related to Fedora 26, which relies on systemd and its tmpfiles service. That does not exist on EL6.
This update is being tracked through #2357052