Open ihipop opened 7 months ago
schwabe
commented
7 months ago OpenVPN Connect might be using old version of OpenVPN3 that only warns and ignores these options instead of failing.
Also we have unit te sts that check for
https://github.com/OpenVPN/openvpn3/blob/master/test/unittests/test_remotelist.cpp#L98
so <connection> is supported
ihipop
commented
7 months ago OpenVPN Connect might be using old version of OpenVPN3 that only warns and ignores these options instead of failing.
Also we have unit te sts that check for support:
https://github.com/OpenVPN/openvpn3/blob/master/test/unittests/test_remotelist.cpp#L98
so
<connection>is supported
https://aur.archlinux.org/packages/openvpn3
I’m using https://github.com/OpenVPN/openvpn3-linux/tree/v21
It will fail with <connection> indeed
and shall we have the detail about UNKNOWN/UNSUPPORTED OPTIONS or at least the line numbers in the future?
dsommers
commented
7 months ago @ihipop Which command do you use to start the VPN session? openvpn3 session-start or the Python script /usr/bin/openvpn2?
ihipop
commented
7 months ago @ihipop Which command do you use to start the VPN session?
openvpn3 session-startor the Python script/usr/bin/openvpn2?
openvpn3 session-start
dsommers
commented
7 months ago @ihipop Thanks! I'll run some tests locally and debug this. I have to admit that <connection> profiles has not been tested in OpenVPN 3 Linux, and it does some parsing as well (via the OpenVPN 3 Core library). It might be there are some issues related to that parsing. The openvpn2 python wrapper does a different set of pre-parsing, that's why I asked about that.
ihipop
commented
7 months ago @ihipop Thanks! I'll run some tests locally and debug this. I have to admit that
<connection>profiles has not been tested in OpenVPN 3 Linux, and it does some parsing as well (via the OpenVPN 3 Core library). It might be there are some issues related to that parsing. Theopenvpn2python wrapper does a different set of pre-parsing, that's why I asked about that.
I am glad to know about that :)
While looking forward to a fix for that, may I have a wish for a detailed error about UNKNOWN/UNSUPPORTED OPTIONS in the future, which will help us a lot to find out which UNKNOWN/UNSUPPORTED OPTIONS causes the problem instead of testing it by commenting out the config line by line.
I think a line number of the config file is required at least, I would much appreciate it if you give the name of the specific UNKNOWN/UNSUPPORTED OPTIONS
schwabe
commented
7 months ago @ihipop that should already be detailed enough. There might be a bug with reporting in respect to <connection>. Can you share your configuration that triggers that?
ihipop
commented
7 months ago this will cause the error when connecting (not importing)
2024-04-05 19:07:13 Client -- ERROR --: Connection failed: option_error: sorry, unsupported options present in configuration: UNKNOWN/UNSUPPORTED OPTIONS
# setenv USERNAME "test@example.com"
# OVPN_WEBAUTH_FRIENDLY_USERNAME=test@example.com
# OVPN_FRIENDLY_PROFILE_NAME=TEST
client
<connection>
remote example.com 1988 udp
</connection>
<connection>
remote example.com 1988 tcp
</connection>
push-peer-info
# Easy-RSA Type: client
# Name: test@example.com
<cert>
-----BEGIN CERTIFICATE-----
.
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
.
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
.
-----END CERTIFICATE-----
</ca>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
.
-----END OpenVPN Static key V1-----
</tls-crypt>
dev tunNO line numbers, NO detailed error about which UNKNOWN/UNSUPPORTED OPTIONS cause the problem
comment out the <connection> </connection> fixs the issue
dsommers
commented
7 months ago @ihipop Can you please try the latest development snapshot to see if the missing "unkown/unsupported options details" are resolved? The builds pushed out yesterday and today have a newer OpenVPN 3 Core library release included which should have some more improvements in that area.
Fedora Copr devsnapshots: https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3-devsnapshots/ Ubuntu PPA based devsnapshots: https://launchpad.net/~djpig/+archive/ubuntu/openvpn
ihipop
commented
6 months ago @dsommers I'm sorry but I didn't use Fedora or Ubuntu, would this work if I rebuild using the AUR https://aur.archlinux.org/packages/openvpn3 ?
dsommers
commented
6 months ago @ihipop I'm not experienced in how the PKGBUILD setup works. And I see that does several hacks to link against an older glib2 currently.
If you can get a PKGBUILD to use the latest glib2 library, using the dev/gdbuspp-migration branch in the OpenVPN 3 Linux git repo and you can get the GDBus++ library built ... then it should most likely be possible to test this properly on Arch too.
ihipop
commented
3 months ago I can confirm it still not works well with <connection> well now
with <connection> indise the cfg
openvpn3 session-start --config /tmp/client-udp.ovpn
Using configuration profile from file: /tmp/client-udp.ovpn
openvpn3/session-start: ** ERROR ** Configration profile is missing required optionsremove <connection> will make it works
openvpn3 version
openvpn3-linux v22:dev (openvpn3)
OpenVPN core 3.git:HEAD:03236ed7 linux x86_64 64-bit
Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.Thanks for testing! This will be looked into in a future release. Unfortunately, we won't be able to get this into the next v23 release.
https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html#CONNECTION%20PROFILES:~:text=By%20enacpulating%20the,a%20successful%20connection.
if a configure file is contains any
<connection>, the connection will fail withthere are two problems about the error: