[Openvpn-devel] OpenVPN 3 Linux v22_dev released

OpenVPN 3 Linux v22_dev (Limited Release) This is a limited release primarily targeting Fedora 39 and newer plus Ubuntu 24.04. Other Linux distributions shipping glib2 version 2.76 or newer will also benefit from this release. This release contains a massive re-factoring of the D-Bus integrat

[Openvpn-devel] OpenVPN 3 Linux v23 released

OpenVPN 3 Linux v23 (Stable release) The v23 release is stable release which expands the distribution target since v22_dev was released. The goal for this step was to stabilize the codebase which was migrated to GDBus++ and the new Meson building system. The next release (v24) will also be a st

Re: [Openvpn-devel] [PATCH] build: reduce hardcode in `asio_path`

On 09/09/2024 21:43, Petr Portnov wrote: Hi there! Any updates on this proposal? пн, 2 сент. 2024 г. в 22:34, Petr Portnov >: Hi there! While working on packaging `openvpn3-linux` for NixOS I've discovered a problem with `asio_path` child path being too

Re: [Openvpn-devel] [PATCH] build: reduce hardcode in `asio_path`

On 09/09/2024 21:43, Petr Portnov wrote: Hi there! Any updates on this proposal? пн, 2 сент. 2024 г. в 22:34, Petr Portnov >: Hi there! While working on packaging `openvpn3-linux` for NixOS I've discovered a problem with `asio_path` child path being too

Re: [Openvpn-devel] [PATCH] Configurable installation directories

On 24/09/2024 15:26, Petr Portnov wrote: Hi there! Continuing the packaging of the latest OpenVPN-linux for NixOS, I would like to propose the following addition to the build system. What it does is it allows you to customize the installation paths for DBus and systemd services and adds the o

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

On 13/11/2024 14:59, נתי שטרן wrote: -- Forwarded message - מאת: *נתי שטרן* mailto:nsh...@gmail.com>> ‪Date: יום ד׳, 13 בנוב׳ 2024, 15:52‬ Subject: Re: [Openvpn-devel] Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE) To: Gert Doering mailto:g..

Re: [Openvpn-devel] Fwd: Inquiry About Potential Vulnerabilities in OpenVPN for Remote Code Execution (RCE)

On 13/11/2024 15:24, נתי שטרן wrote: In which programming languages openvpn has written? Python , C or etc.? We do expect you to do some research on your own. But here is a starting point: https://github.com/OpenVPN/ -- kind regards, David Sommerseth OpenVPN Inc __

Re: [Openvpn-devel] [PATCH] Allow auth plugins not to be invoked if other auth plugins fail

On 06/11/2024 17:59, Michael Clarke wrote: The current authentication process loops through all plugins, invoking them each in turn, then returning a combined result from each invocation. This causes a challenge if multiple plugins are configured and a later plugin should only be executed if an e

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

The interesting lines are these: 2024-11-18T20:53:01+1100 [stdout#info] [OVPN 0] OUT: '2024-11-18 09:53:01 152.32.247.23:55730 Non-OpenVPN client protocol detected' These lines indicates the server seems to be configured with --port-share. And those packets are forwarded to the s

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

Please stop now. A client which cannot reach a server because the client side has connectivity issues towards the server is not a DoS, it is not a CVE and will never be considered a security issue. First of all, a DoS attack is commonly related to a SERVER becoming unresponsive due to traff

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

On 19/11/2024 09:25, נתי שטרן wrote: have something to fix configuration? I already answered that: > Since you seem to run OpenVPN Access Server, just log into the web > portal and download a new configuration profile. Otherwise, read the fine manual we have for OpenVPN. You already

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

On 15/11/2024 13:37, נתי שטרן wrote: ‫בתאריך יום ו׳, 15 בנוב׳ 2024 ב-14:31 מאת נתי שטרן <‪nsh...@gmail.com ‬‏>:‬ Is it cve/vdp? Whether it is or not, I would appreciate it if you could guide me on how to develop a patch that will close the aforementioned

[Openvpn-devel] OpenVPN 3 Linux v24 released

OpenVPN 3 Linux v24 (Stable release) The v24 release is another stable release. This resolves issues reported in several earlier releases and improves OpenVPN 3 Linux in several areas. * Improvement: Add --dns option support DNS resolver settings has been troublesome for many years, since

Re: [Openvpn-devel] SystemD user names

On 06/12/2024 10:29, Marc Leeman wrote: David, cf. att. Thanks a lot! Patch has been committed. commit 9a1cf3fae9fb3788e9714d148d9b7efcb5f4c948 Author: Marc Leeman Date: Fri Dec 6 10:29:19 2024 +0100 build: Fix incorrect OPENVPN_USERNAME in D-Bus autostart files Remove hard c

Re: [Openvpn-devel] spelling errors

On 06/12/2024 10:35, Marc Leeman wrote: FYI While preparing a package for debian, lintian complained about some spelling errors. I had a quick look, but since some are signals (e.g. succeded), I didn't want to meddle with them atm. I: openvpn3-client: spelling-error-in-binary Configration Confi

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

On 31/12/2024 21:46, Ben Boeckel via Openvpn-devel wrote: Without this, the password request will expire after 90 seconds leaving no way to provide the password without OpenVPN asking for it again. Given that interactive use will wait for input without a timeout, it makes sense to have non-intera

Re: [Openvpn-devel] [PATCH 1/1] console_systemd: remove the timeout when using `systemd-ask-password`

On 31/12/2024 21:46, Ben Boeckel via Openvpn-devel wrote: Without this, the password request will expire after 90 seconds leaving no way to provide the password without OpenVPN asking for it again. Given that interactive use will wait for input without a timeout, it makes sense to have non-intera

Re: [Openvpn-devel] [patch]: debian lintian informational warning (Authorization)

On 18/03/2025 11:37, Marc Leeman wrote: > trivial spelling error raised by lintian. Thank you for the fix! And sorry for the slow response. It got handled last week, but forgot to reply and do the final push to the public repos. --

[Openvpn-devel] OpenVPN 3 Linux v24.1 released

OpenVPN 3 Linux v24 (Bugfix/security release) The v24.1 release is a small security and bugfix release. * Security: CVE-2025-3908 - openvpn3-admin init-config follows symlink Wolfgang Frisch from the SUSE security team reach out and notified us of a potential issue with the openvpn3-admin ini