Postings by David Sommerseth

OpenVPN 3 Linux client - v3 beta release


As some of you know, I've been involved with the OpenVPN packages for some
time as well as being an upstream OpenVPN developer and maintainer. Now we
have released the third beta release of OpenVPN 3 Linux.

This new client shares the same code base the OpenVPN Connect (proprietary)
clients uses as well as the OpenVPN for Android when switching to use the
OpenVPN 3 backend. The OpenVPN 3 code base is a rewrite in C++ and makes use
of the more modern features of C++11.

The Linux version is also very different from the OpenVPN 2.x generation, as
it is now D-Bus based.

Package review - test builds for OpenVPN 3 Client


This week I've started poking at packaging pre-release builds of the new
OpenVPN 3 based client for Linux (sorry, no server support yet). I've started
a Copr build/repo for it and I'd appreciate some help reviewing the packaging
and otherwise hints (or pathces) how to improve things.

You'll find everything here:

Now, beware that this client is still under heavy development and is not ready
for a full release yet.

OpenVPN and its user/group


I just looked more carefully through some issues reported when pushing
out the openvpn-2.4.4 release.

OpenVPN v2.4.2 with two important fixes


Just making a little noise here, as the upstream OpenVPN community have
released v2.4.2 which fixes to critical authenticated remote DoS

(the site is being hammered right now, so patience is needed ;-))

I have already sent the updates to EPEL 6, EPEL7 and F-25.

Next in the pipe is F-26 and Rawhide, but that have the challenges
around OpenSSL 1.1 vs mbedtls - and I plan to test out compat-openssl
with compat-pkcs11-helper.

As always, I appreciate comments, feedback and help with testing

OpenVPN, OpenSSL and Fedora 26+


This is actually just a very late heads-up about challenges with OpenVPN
in Fedora 26.

Fedora is moving towards OpenSSL v1.1, which is in my opinion a sane and
good step forward. Unfortunately, that gives OpenVPN a real challenge.
The OpenSSL v1.1 support is not completed. Patches have been sent to
the upstream devel mailing list for review, but only half of them have
been processed and applied so far.

So, to be able to provide OpenVPN in Fedora 26 it was decided to switch
to mbed TLS instead of OpenSSL (which OpenVPN also supports).