Mainly a package maintenance update but does also fix a particular systemd unit file issue with the old and deprecated openvpn@.service unit file.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2017-0ffb8246fa
Please login to add feedback.
This update has been submitted for testing by dsommers.
This update has been pushed to testing.
Problem solved, but I think both #1435831 and the new config should have been dealt with differently. An announcement on devel was certainly warranted and for the rest of our users it would have been even better if there was an announcement somewhere visible, like fedora magazine. When the old configurations start failing, I don't expect there will be many people searching for README.systemd (which is very useful with the examples and all) in /usr/share/doc.
Works here, after creating the
/etc/openvpn/server
directory and moving config files there.On the client side, NetworkManager-controlled, no change was needed.
works for me still, no regressions noted
This update has been submitted for stable by bodhi.
Works fine on x86_64.
@dimitrisk, I will have a new 2.4.1-3 update soon which takes care of the /etc/openvpn/{client,server} directories and fixes a lot of the rpmlint issues as well.
@alexpl, I completely agree that the process around v2.4 have been incredibly ugly. I appreciate the work of former package maintainers, they've done a great job over a long period of time. Unfortunately, the state of the package had drifted away from upstream expectations and there was a lot of legacy cruft which in several areas was just wrong. So despite the v2.4 upgrade not really being this dramatic, it turned out way more ugly than I wanted. And in all this, I didn't consider the state of openvpn@.service carefully enough. The initial plan was that users of openvpn@.service wouldn't notice this at all in F25 and F26, but there were some entanglements I didn't consider carefully enough. Depending on how F25/F26 goes with all this fixed, I will consider if openvpn@.service deprecation will be postponed from F27 to F28. And I will certainly send mails to Fedora ML once the dust settles. Silly of me not doing that in the beginning.
Again, I'm truly sorry about this mess. But I'm the type of person who seldom looks back and rather tries to fix issues ASAP and move forward.
This update has been pushed to stable.
Not sure if this is the correct place to add this feedback, but the Update from 2.3 to 2.4 broke OpenVPN completely for me. I rely on a config with a static
tls-auth
file and OpenVPN 2.4 just refuses to read the key from that file with:Manually downgrading OpenVPN to 2.3.14-1.fc25 fixes the problem.
I'm posting this here, as it might help someone else later. ;-)
@anonymous, This sounds like an invalid tls-auth key file. Earlier versions could somehow try to make some sense out of it. But most commonly that would result in a weaker security compared to using a proper key file. The reason I believe this is due to the last part of the line "(0/128/256 bytes found/min/max)". It means it didn't find any keying material at all, and it expects at least 128 bits.
Users experiencing these issues must update their keys ASAP, regardless of OpenVPN version. The recommended way is to let OpenVPN generate the key:
$ openvpn --secret tls-auth.key --genkey