Created attachment 747126 [details] openvpn3-16_beta.ebuild Hello, Please find attached openvpn3-16_beta.ebuild. OpenVPN3 is the next generation OpenVPN client for Linux. This project is very different from the more classic OpenVPN 2.x versions. First, this is currently only a pure client-only implementation. The biggest change from the classic OpenVPN 2.x generation is that it does not need to be started by a root or otherwise privileged account any more. By default, all users on the system will have access to start and manage their own VPN tunnels. It will also support configuring DNS out-of-the-box. I suggest net-vpn/openvpn3. Florian
Thank you Florian, this ebuild helped me setting up OpenVPN 3 on my machine. It wasn’t working entirely out of the box, though. After emerging the ebuild, the “openvpn” system account was not part of the user group with the same name, and the directory /var/lib/openvpn3/configs/ was missing as well. Especially the config directory is important, as you won’t be able to import .ovpn profiles without it. TL;DR: This is what I did to get it fully up and running: gpasswd -a openvpn openvpn mkdir -p /var/lib/openvpn3/configs chown -R openvpn:openvpn /var/lib/openvpn3 Unfortunately, I don’t know enough about ebuild building, but I guess these should go into some kind of post-processing routine. Cheers, Clemens
Created attachment 759869 [details, diff] openvpn3 ebuild Hello, Thanks for the feedback (and sorry for the late answer). Here is the patched ebuild. Florian
Created attachment 765688 [details] openvpn3-17_beta.ebuild The ebuild you posted has several issues and shortcomings. Here's my attempt at a more correct and complete one. Comes with support + ebuild for the new ovpn-dco Kernel Module. The ovpn-dco ebuild is very bare-bones as of now. It doesn't check any kernel options and version, since I could not find any concrete documentation what's needed and which versions are supported. So use at your own risk. It seems to work on 5.15.
Created attachment 765689 [details] ovpn-dco-15.ebuild
Created attachment 765690 [details] openvpn3-17_beta.ebuild
Using the 17_beta results in glib include errors which were fixed in commit f7d6d3ae1d52b18b398d3d3b6e21c720c98d0e89. Renaming the file to use 19_beta works though.
Bumped the ebuild to version 20 (no longer a beta) and it's working fine over here. I'll try to make a real overlay. Cheers
Hello there! Please, can someone review this sub-project again? It was alot of changes for last months, e.q. DCO module released: https://github.com/OpenVPN/ovpn-dco/archive/refs/tags/v0.2.20230323.tar.gz and openvpn3 also not in beta stage: https://github.com/OpenVPN/openvpn3/archive/refs/tags/release/3.7.2.tar.gz Please, who know how to write .ebuild files, prepare for tests, I'll appreciate! Thanks alot!
The openvpn3 ebuild here installs https://github.com/OpenVPN/openvpn3-linux, not https://github.com/OpenVPN/openvpn3. As for https://github.com/OpenVPN/ovpn-dco, I personally don't use/need it so I didn't touch that ebuild.
Thank You for comment! I found repo BtbN / gentoo-overlay / net-vpn / openvpn3 Mr. Timo Rothenpieler , seems it is Your? But unable to compile openvpn3-20.ebuild with USE-flag "dco" enabled. There are bunch of errors like: In file included from src/netcfg/netcfg-dco.hpp:17, from src/netcfg/netcfg-device.hpp:41, from src/netcfg/netcfg.hpp:34, from src/netcfg/openvpn3-service-netcfg.cpp:34: ./openvpn3-core/openvpn/tun/linux/client/genl.hpp: In member function ‘void openvpn::GeNL<ReadHandler>::send_data(int, const void*, size_t)’: ./openvpn3-core/openvpn/tun/linux/client/genl.hpp:204:31: error: ‘OVPN_CMD_PACKET’ was not declared in this scope; did you mean ‘OVPN_CMD_UNSPEC’? 204 | auto msg_ptr = create_msg(OVPN_CMD_PACKET); | ^~~~~~~~~~~~~~~ | OVPN_CMD_UNSPEC (please, see log attached)
Created attachment 860762 [details] Error log for openvpn3-20
It's not a new major version. It's an entirely independent bit of software that shares basically nothing of the code, and is a pure client (it can't act as server, and that's also not a planned feature). I'm not entirely sure why one would want it over normal openvpn yet.
(In reply to Timo Rothenpieler from comment #12) > It's not a new major version. (I really just wanted net-vpn/openvpn in the title because it's still of possible interest to its maintainers and having it there makes it easier to find by other tools - the substring isn't enough.)
(In reply to Timo Rothenpieler from comment #12) > It's not a new major version. > It's an entirely independent bit of software that shares basically nothing > of the code, and is a pure client (it can't act as server, and that's also > not a planned feature). > > I'm not entirely sure why one would want it over normal openvpn yet. My employer bought a subscription from openvpn.net so I'm definitely using the openvpn3 client on a daily basis. If you want to set up your own server, then yeah, openvpn3 is 100% useless.
Is this openvpn3 ebuild available from any of the "eselect repository list" on https://repos.gentoo.org/ or is a local overlay the only way to get this installed while it is not pulled into the main Gentoo repository yet?
(In reply to Timo Rothenpieler from comment #12) > It's not a new major version. > It's an entirely independent bit of software that shares basically nothing > of the code, and is a pure client (it can't act as server, and that's also > not a planned feature). > > I'm not entirely sure why one would want it over normal openvpn yet. Some features are not possible with the regular ("old") openvpn client. For example, we're using openvpn access server with SSO (which is using the browser for authenticating). I'm not a huge fan, but I have to use it.
Same issue at my job as `André Malo` already mentioned. We use SAML (integration with OKTA) and openvpnv2 doesn't support this.
There have been a couple releases since I last looked at this. I need to update the ebuild, I'll try to set up a public overlay then.