Comments (21)
Sorry for the delay. I('ll take a glance at that as soon as possible.
from openvpn3-linux.
Happens that I ommitted (oop's) to install openvpn3-client. I just had openvpn3.
That doesn't fix the initial persistence issue, but at least I am able to start a vpn session without persistence..
So I am not blocked! Fine.
from openvpn3-linux.
Can you try to run as root: openvpn3-admin init-config
. You can also compare that with the log from the package install step, located here: /var/lib/openvpn3/openvpn3-init-config.log
.
During the configuration import, it's also important to add the --persistent
or -p
option.
$ openvpn3 config-import -p --name PROFILE_NAME --config CONFIG_FILE
from openvpn3-linux.
# openvpn3-admin init-config
- Detected settings will be saved to disk? No
* Checking for OpenVPN user and group accounts
Found: openvpn user - uid 983
Found: openvpn group - gid 982
* Checking OpenVPN 3 Linux state/configuration directory
Using directory: /var/lib/openvpn3
Directory found
* Logger Configuration
Configuration file: /var/lib/openvpn3/log-service.json
systemd-journald active state: active
:: Result :: Will use systemd journald for logging
!! Configuration UNCHANGED
* Network Configuration
Configuration file: /var/lib/openvpn3/netcfg.json
!! Could not access systemd-resolved
Found accessible /etc/resolv.conf
:: Result :: Will use /etc/resolv.conf
!! Configuration UNCHANGED
* Ensuring SELinux file labels are correct
- SELinux status: Not enabled; skipping
Also, yes, I use the --persistent
flag.
The exact commands I use are:
(myuser) $ openvpn3 config-import --config myconfig.ovpn --name MyConfig –-persistent
(myuser) $ openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
(root) # systemctl enable openvpn3-session@MyConfig
(root) # systemctl start openvpn3-session@MyConfig
from openvpn3-linux.
Hmm ... this all looks as expected .... do you have any files present under /var/lib/openvpn3/configs
?
from openvpn3-linux.
No, I don't :(
I've checked that the directory exists, and is owned by openvpn. I do not understand what happens...
from openvpn3-linux.
Hmmm .... Is the openvpn3-service-configmgr
process running with the --state-dir /var/lib/openvpn3/configs
argument?
from openvpn3-linux.
Yes:
# ps -ef | grep vpn
openvpn 1260 1 0 07:24 ? 00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --state-dir /var/lib/openvpn3/configs
openvpn 1628 1 0 07:24 ? 00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-logger --service --state-dir /var/lib/openvpn3 --log-level 4 --journald
openvpn 1656 1 0 07:24 ? 00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-sessionmgr
root 2472 2424 0 07:26 pts/5 00:00:00 grep --color=auto vpn
What I have tried too is to config-dump --json into /var/lib/openvpn3/configs, hoping that this would help, but no luck :(
from openvpn3-linux.
Below a full copy of a new morning session, after a fresh reboot, and made sure system is up to date..:
$ openvpn3 config-import --config ns3197235.ovpn --name MyConfig –-persistent
Configuration imported. Configuration path: /net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9
[myuser@rl9-2 OVPN] $ openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
Granted access to root (uid 0)
Configuration has been locked down
Configuration name: MyConfig
Owner: (1001) myuser
Read-only: no
Locked down: yes
Ownership transfer: no
Public access: no
Users granted access: 1 user
- (0) root
[myuser@rl9-2 OVPN]
Corresponding journalctl :
# journalctl -f | grep openvpn
May 21 07:47:37 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Parsed configuration 'MyConfig', owner: myuser
May 21 07:47:59 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Access granted to UID 0 by UID 1001
May 21 07:47:59 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Configuration lock-down flag set to true by UID 10
And as root :
# systemctl start openvpn3-session@MyConfig
And the relevant journalctl :
May 21 07:48:20 rl9-2 openvpn3-systemd[2566]: Loaded configuration profile MyConfig (path: /net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9)
May 21 07:48:20 rl9-2 systemd[1]: Created slice Slice /system/dbus-:1.0-net.openvpn.v3.backends.
May 21 07:48:20 rl9-2 systemd[1]: Started dbus-:[email protected].
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: OpenVPN3/Linux v21 (openvpn3-service-backendstart)
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:3907885248702202842} [:1.29/net.openvpn.v3.backends], pid 2567
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2571]: Re-initiated process from pid 2571 to backend process pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: OpenVPN3/Linux v21 (openvpn3-service-client)
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:5069780414131606635} [:1.30/net.openvpn.v3.backends], pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:15451295260794154855} [:1.30/net.openvpn.v3.sessions], pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Assigned session /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8 to {tag:5069780414131606635}
May 21 07:48:21 rl9-2 systemd[1]: Created slice Slice /system/dbus-:1.0-net.openvpn.v3.netcfg.
May 21 07:48:21 rl9-2 systemd[1]: Started dbus-:[email protected].
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: Loading configuration file: /var/lib/openvpn3/netcfg.json
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:11438381200322716884} [:1.32/net.openvpn.v3.netcfg], pid 2576
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:12474136228574105405} [:1.32/net.openvpn.v3.netcfg.core], pid 2576
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: OpenVPN3/Linux v21 (openvpn3-service-netcfg)
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Redirect method: host-route
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: [Logger] Log forward added for :1.28
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: Added new log proxy by :1.14 - session: /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8, target: :1.28, tag: 5069780414131606635
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:8445300873117634211} Added log forwarding to :1.28
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Session initiated: /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Starting session connection
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Cleaning up resources for PID 2572.
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Starting connection
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Session started successfully
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997624 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CFG_OK) config_path=/net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997717 Starting connection
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997740 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTING)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Waiting for server response
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.022628 Waiting for server response
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Socket protect called for socket 8, remote: '51.91.25.164', tun: '', ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Connecting
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.050359 Connecting
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.050420 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTING)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Virtual device '118842a1t7f10t4ffftb395t506bc9638e7c' registered on /net/openvpn/v3/netcfg/2572_118842a1t7f10t4ffftb395t506bc9638e7c (owner uid 983, owner pid 2572)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding IP Address 10.8.0.7/24 gw 10.8.0.1 ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Setting remote IP address to 51.91.25.164 ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.122.1.0/26' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.9.1.30/32' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.9.1.61/32' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Connected: ns3153065.ovh.net:1194 (51.91.25.164) via /TCP on tun/10.8.0.7/ gw=[10.8.0.1/] mtu=(default)
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.165628 Connected: ns3153065.ovh.net:1194 (51.91.25.164) via /TCP on tun/10.8.0.7/ gw=[10.8.0.1/] mtu=(default)
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.165676 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTED)
May 21 07:48:26 rl9-2 openvpn3-service-logger[1647]: Detached: {tag:3907885248702202842} [:1.29/net.openvpn.v3.backends], pid 2567
May 21 07:48:26 rl9-2 systemd[1]: dbus-:[email protected]: Deactivated successfully.
May 21 07:48:26 rl9-2 systemd[1]: dbus-:[email protected]: Unit process 2572 (openvpn3-servic) remains running after unit stopped.
Very verbose, sorry, but I do not know where to search for something relevant..
As a workaround, I have setup a config-import and a start as root at startup..
from openvpn3-linux.
I would like to see the journalctl
logs around the time where you do the config-import
... to see if that reveals why it isn't stored to disk. It would be good to boost the log service to do "debug logging" as well: openvpn3-admin log-service --log-level 6
.
The best way is probably to use the query mechanism in journalctl
. The best is to identify the PID of both the openvpn3-service-logger
and openvpn3-service-configmgr
when you try your import operation. Then you grab the log like this:
# journalctl --since today _PID=3377607 + _PID=599907
In my example above, the first _PID
value is the logger and the latter one the config manager.
If this also does not give much clues .... do a simple killall -INT openvpn3-service-configmgr
.... and then in a separate terminal run this command:
# /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --log-level 6 --log-file stdout: --idle-exit 0 --state-dir /var/lib/openvpn3/configs
Then try importing a persistent config once again and see what happens in the terminal window of the command above.
from openvpn3-linux.
Hello,
Thank you for your patience :)
Below the log of the first try :
# date; openvpn3-admin log-service --log-level 6
Thu May 23 09:51:16 CEST 2024
Log method: journald
Attached log subscriptions: 0
Log timestamps: enabled
Log tag prefix enabled: enabled
Log D-Bus details: enabled
Current log level: 6 (was 0)
$ date; openvpn3 config-import --config myconfig.ovpn --name MyConfig –-persistent
Thu May 23 09:52:45 CEST 2024
Configuration imported. Configuration path: /net/openvpn/v3/configuration/2f03f616xc1d1x410axaecbxedccaf95f0a5
$ date; openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
Thu May 23 09:53:54 CEST 2024
Granted access to root (uid 0)
Configuration has been locked down
Configuration name: MyConfig
Owner: (1001) myuser
Read-only: no
Locked down: yes
Ownership transfer: no
Public access: no
Users granted access: 1 user
- (0) root
# date; ls -lA /var/lib/openvpn3/configs/
Thu May 23 09:54:02 CEST 2024
total 0
# date; ps -ef | grep vpn
Thu May 23 09:54:22 CEST 2024
openvpn 2541 1 0 09:51 ? 00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-logger --service --state-dir /var/lib/openvpn3 --log-level 4 --journald
openvpn 2595 1 0 09:52 ? 00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --state-dir /var/lib/openvpn3/configs
root 2639 2461 0 09:54 pts/5 00:00:00 grep --color=auto vpn
# date; journalctl --since today _PID=2541 + _PID=2595
Thu May 23 09:55:02 CEST 2024
May 23 09:51:16 inlingua-rl9-2 openvpn3-service-logger[2541]: OpenVPN3/Linux v21 (openvpn3-service-logger)
OpenVPN core v3.8.2 linux x86_64 64-bit
Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log method: journald
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: OpenVPN3/Linux v21 (openvpn3-service-logger)
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log method: journald
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Idle exit set to 10 minutes
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log level changed to 6
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: OpenVPN3/Linux v21 (openvpn3-service-configmgr)
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:52:45 rl9-2 openvpn3-service-logger[2541]: Attached: {tag:16897353765334379230} [:1.29/net.openvpn.v3.configuration], pid 2595
May 23 09:52:45 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Parsed configuration 'MyConfig', owner: myuser
May 23 09:53:54 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Access granted to UID 0 by UID 1001
May 23 09:53:54 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Configuration lock-down flag set to true by UID 1001
[root@rl9-2 ~] #
Doesn't seem to be very verbose :(
So I have run your second proposal (and hit Enter in the console between each command to better distinguish the steps) :
# killall -INT openvpn3-service-configmgr
[root@inlingua-rl9-2 ~] # date; ps -ef | grep vpn
Thu May 23 09:56:07 CEST 2024
root 2706 2461 0 09:56 pts/5 00:00:00 grep --color=auto vpn
# /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --log-level 6 --log-file stdout: --idle-exit 0 --state-dir /var/lib/openvpn3/configs
[INFO] Dropping root group privileges to openvpn
[INFO] Dropping root user privileges to openvpn
OpenVPN3/Linux v21 (openvpn3-service-configmgr)
OpenVPN core v3.8.2 linux x86_64 64-bit
Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
2024-05-23 09:57:25 Config Manager DEBUG: ConfigManagerObject registered on 'net.openvpn.v3.configuration':/net/openvpn/v3/configuration
2024-05-23 09:57:32 Config Manager INFO: Parsed configuration 'MyConfig', owner: myuser
2024-05-23 09:57:32 Config Manager DEBUG: New configuration object created: /net/openvpn/v3/configuration/aa74782ex4e52x49ffx8f08x400d95dd08b6 (owner uid 1001)
2024-05-23 09:57:48 Config Manager INFO: Access granted to UID 0 by UID 1001
2024-05-23 09:57:48 Config Manager INFO: Configuration lock-down flag set to true by UID 1001
No more luck here..
from openvpn3-linux.
A bit more of context : the machine acts as a client of an OpenVPN server, and as a passive backup of this same OpenVPN server. Which does mean that the openvpn packages are installed, though disabled.
I have tried to remove both openvpn and openvpn3, reboot and re-install just openvpn3. This unfortunately doesn't improve the result.
But the installation log displays:
Running scriptlet: kmod-ovpn-dco-0.2.20231010-1.el9.noarch 81/85
Loading new ovpn-dco-0.2.20231010.1.el9 DKMS files...
Building for 5.14.0-427.16.1.el9_4.x86_64
Building initial module for 5.14.0-427.16.1.el9_4.x86_64
Error! Bad return status for module build on kernel: 5.14.0-427.16.1.el9_4.x86_64 (x86_64)
Consult /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/make.log for more information.
warning: %post(kmod-ovpn-dco-0.2.20231010-1.el9.noarch) scriptlet failed, exit status 10
Error in POSTIN scriptlet in rpm package kmod-ovpn-dco
And the compilation log is :
# cat /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/make.log
DKMS make.log for ovpn-dco-0.2.20231010.1.el9 for kernel 5.14.0-427.16.1.el9_4.x86_64 (x86_64)
Thu May 23 10:23:21 CEST 2024
make: Entering directory '/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build'
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/gen-compat-autoconf.sh /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/compat-autoconf.h
make -C /lib/modules/5.14.0-427.16.1.el9_4.x86_64/build M=/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build PWD=/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build REVISION=copr:0.2.20231010.1.el9 CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/ modules
make[1]: Entering directory '/usr/src/kernels/5.14.0-427.16.1.el9_4.x86_64'
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/main.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/bind.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/crypto.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/peer.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/stats.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/crypto_aead.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/pktid.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/tcp.o
CC [M] /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.o
In file included from <command-line>:
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/linux-compat.h:27:24: error: redefinition of ‘struct genl_ops’
27 | #define genl_split_ops genl_ops
| ^~~~~~~~
./include/net/genetlink.h:248:8: note: in expansion of macro ‘genl_split_ops’
248 | struct genl_split_ops {
| ^~~~~~~~~~~~~~
In file included from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:25:
./include/net/genetlink.h:199:8: note: originally defined here
199 | struct genl_ops {
| ^~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:848:21: error: initialization of ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
848 | .pre_doit = ovpn_pre_doit,
| ^~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:848:21: note: (near initialization for ‘ovpn_netlink_family.pre_doit’)
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:849:22: error: initialization of ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
849 | .post_doit = ovpn_post_doit,
| ^~~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:849:22: note: (near initialization for ‘ovpn_netlink_family.post_doit’)
cc1: some warnings being treated as errors
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c: In function ‘ovpn_net_xmit’:
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c:433:28: error: implicit declaration of function ‘skb_gso_segment’; did you mean ‘skb_gso_reset’? [-Werror=implicit-function-declaration]
433 | segments = skb_gso_segment(skb, 0);
| ^~~~~~~~~~~~~~~
| skb_gso_reset
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c:433:26: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
433 | segments = skb_gso_segment(skb, 0);
| ^
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.c:18:
./include/net/udp.h: In function ‘udp_rcv_segment’:
./include/net/udp.h:493:16: error: implicit declaration of function ‘__skb_gso_segment’; did you mean ‘__udp_gso_segment’? [-Werror=implicit-function-declaration]
493 | segs = __skb_gso_segment(skb, features, false);
| ^~~~~~~~~~~~~~~~~
| __udp_gso_segment
./include/net/udp.h:493:14: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
493 | segs = __skb_gso_segment(skb, features, false);
| ^
In file included from ./include/net/udp_tunnel.h:6,
from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.c:25:
./include/net/udp.h: In function ‘udp_rcv_segment’:
./include/net/udp.h:493:16: error: implicit declaration of function ‘__skb_gso_segment’; did you mean ‘__udp_gso_segment’? [-Werror=implicit-function-declaration]
493 | segs = __skb_gso_segment(skb, features, false);
| ^~~~~~~~~~~~~~~~~
| __udp_gso_segment
./include/net/udp.h:493:14: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
493 | segs = __skb_gso_segment(skb, features, false);
| ^
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.o] Error 1
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.o] Error 1
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.o] Error 1
make[2]: *** [scripts/Makefile.build:585: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco] Error 2
make[1]: *** [Makefile:1934: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build] Error 2
make[1]: Leaving directory '/usr/src/kernels/5.14.0-427.16.1.el9_4.x86_64'
make: *** [Makefile:59: all] Error 2
make: Leaving directory '/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build'
So, this was a very bad idea : now, I just cannot install a working openvn3 client. Snifff..
from openvpn3-linux.
The latest RHEL-9.4 will need an updated ovpn-dco; the kernel APIs was slightly changed - backported from newer kernel bases by Red Hat. You can still use OpenVPN 3 Linux and OpenVPN 2.x, but without DCO. On the client side, the tun
interface is often capable of getting over 400-500Mbit/s, but for an OpenVPN server the DCO benefit is quite a lot higher.
Your configmgr debug output puzzles me a lot .... it's like it never receives the proper flag for "persistent config" in the Import
operation.
I'm soon about to do another Fedora Copr devsnaphot for a coming v22_dev
release. I'm wrapping up the pieces now. This will include an overhauled configmgr service and openvpn3
command line. Maybe that will solve your issue.
I'll give you a heads-up when it's ready.
from openvpn3-linux.
A new development snapshot was pushed out the other day; if you would be able to test that one, that would be appreciated. Maybe it's easier to understand what goes wrong with the persistent configuration files then.
https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3-devsnapshots/
from openvpn3-linux.
@p-wieser There should be an updated kmod-ovpn-dco
package on the way now, which should solve building on RHEL-9.4
from openvpn3-linux.
@p-wieser Can you please re-test the latest v22_dev
release pushed out to the Copr repos today and see if your issue is still present?
from openvpn3-linux.
@p-wieser Hi, some time ago, configs also stopped persisting for me (archlinux). I tried one thing this morning, and it helped: I've added my user to the openvpn group with sudo usermod -aG openvpn <username>
. You can try it too; just don't forget to relogin or reboot.
from openvpn3-linux.
@f1sty That step sounds entirely wrong.
The D-Bus policy should grant all the needed access to the net.openvpn.v3.*
services on the D-Bus, and that provides the needed privilege barrier between the processes and the end users. End-users should never need to be in the openvpn
group to use the D-Bus services in the OpenVPN 3 Linux stack.
OpenVPN 3 Linux supports multi-user environments. So configuration profiles imported as "user A" will not be accessible for "user B". It also follows the D-Bus approach of having root
also quite powerless by default (there are a few exceptions, for service maintenance, though). To grant access to other users, the openvpn3 config-acl
and openvpn3 session-acl
can be used.
That said, the issue @p-wieser has is related to configuration profiles being imported is not marked as a persistent
profile when the --persistent
flag is set. And that definitely has nothing to do with a user being member of the openvpn
group or not.
from openvpn3-linux.
@dsommers If it's nothing to do with it - I wonder why it worked for me, while I was having absolutely the same problem as OP. I'm not saying it's a solution, but that means this can have something to do with permissions. Good luck investigating, anyway. I just shared what helped me in the same situation.
from openvpn3-linux.
@dsommers,
Took some time this morning.
Dump of my session:
# dnf copr enable dsommers/openvpn3-devsnapshots
# dnf update openvpn openvpn3
Last metadata expiration check: 0:00:18 ago on Fri Jun 21 07:11:24 2024.
Dependencies resolved.
=======================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================================================================================================================================
Upgrading:
openvpn3 x86_64 22-1.dev1.el9 copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots 898 k
openvpn3-client x86_64 22-1.dev1.el9 copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots 808 k
openvpn3-selinux noarch 22-1.dev1.el9 copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots 35 k
Installing dependencies:
gdbuspp x86_64 1-1.el9 copr:copr.fedorainfracloud.org:dsommers:openvpn3-devsnapshots 117 k
I have disabled my workaround, rebooted, and re-run the standard installation procedure.
And, yes, it worked!
I mean the config is properly persisted.
Thanks a lot.
from openvpn3-linux.
That's great! Since the old version could have some corner cases handling boolean flags internally, this should generally be handled better in the refactored D-Bus implementation. And it is very likely this was exactly the issue here. I'll close this ticket now.
By the way, the version you have installed now is the official v22_dev release. Unfortunately, this release on RHEL-9 has not been through QA (Fedora 39, 40 and Ubuntu 24.04 has completed QA). But the v23 release will have a fully QA cycle across all supported Linux distributions and is already quite far in the development process.
from openvpn3-linux.
Related Issues (20)
- Failed to start session with CloudConnexa on Fedora Linux HOT 3
- D-Bus API: requests for improvements HOT 3
- OpenVPN3 doesn't set back previous DNS after disconnect using systemd-resolved in stub mode HOT 4
- Support Synology DSM? HOT 2
- Can't access sites via domain only via ip
- <connection> profiles are non-functional + unkown/unsupported option details are lacking HOT 13
- Error after ArchLinux upgrade HOT 2
- Add support for resolvconf interface HOT 4
- Support for ubuntu 24.04 HOT 12
- How to check the encryption protocol used when connecting to openvpn HOT 1
- Can't install openvpn3 (Fedora 37) HOT 2
- openvpn3 session-start using config file fails to start on first attempt, works on second attempt HOT 7
- Archlinux install fails - ConfigManager inaccesssible for test-suite on first install HOT 3
- Can't connect witt Sophos router with OpenVPN v 21. HOT 14
- Migrate to codeberg.org
- Unknown options: "python.bytecompile" HOT 6
- Support for OpenSuse Tumbleweed HOT 1
- Openvpn3 update errors with apt HOT 1
- peataihangthaisong
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn3-linux.