Postings by David Sommerseth

Package review - test builds for OpenVPN 3 Client


This week I've started poking at packaging pre-release builds of the new
OpenVPN 3 based client for Linux (sorry, no server support yet). I've started
a Copr build/repo for it and I'd appreciate some help reviewing the packaging
and otherwise hints (or pathces) how to improve things.

You'll find everything here:

Now, beware that this client is still under heavy development and is not ready
for a full release yet.

OpenVPN and its user/group


I just looked more carefully through some issues reported when pushing
out the openvpn-2.4.4 release.

OpenVPN v2.4.2 with two important fixes


Just making a little noise here, as the upstream OpenVPN community have
released v2.4.2 which fixes to critical authenticated remote DoS

(the site is being hammered right now, so patience is needed ;-))

I have already sent the updates to EPEL 6, EPEL7 and F-25.

Next in the pipe is F-26 and Rawhide, but that have the challenges
around OpenSSL 1.1 vs mbedtls - and I plan to test out compat-openssl
with compat-pkcs11-helper.

As always, I appreciate comments, feedback and help with testing

OpenVPN, OpenSSL and Fedora 26+


This is actually just a very late heads-up about challenges with OpenVPN
in Fedora 26.

Fedora is moving towards OpenSSL v1.1, which is in my opinion a sane and
good step forward. Unfortunately, that gives OpenVPN a real challenge.
The OpenSSL v1.1 support is not completed. Patches have been sent to
the upstream devel mailing list for review, but only half of them have
been processed and applied so far.

So, to be able to provide OpenVPN in Fedora 26 it was decided to switch
to mbed TLS instead of OpenSSL (which OpenVPN also supports).