Debian Bug report logs - #904044
ITP: openvpn3-client -- Next generation OpenVPN client for Linux

Reply or subscribe to this bug.

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: David Sommerseth <davids@openvpn.net>

To: submit@bugs.debian.org

Subject: RFP: openvpn3 -- Next generation OpenVPN client for Linux

Date: Wed, 18 Jul 2018 22:05:49 +0200

[Message part 1 (text/plain, inline)]

Package: openvpn3
Version: N/A
Severity: wishlist

* Package name: openvpn3
Upstream Author: David Sommerseth <davids@openvpn.net>
* URL: https://github.com/OpenVPN/openvpn3-linux
* License: AGPLv3
Description: OpenVPN 3 Linux Client


I'm working on a brand new OpenVPN client on Linux.  This is a complete
rewrite of OpenVPN (in C++) but maintains backwards compatibility with most of
the OpenVPN 2.x servers which are widely adopted.

This new client uses also a very different approach than the classic OpenVPN
2.x.  It is fully based on D-Bus, which gives the possibility of proper
privilege separation out-of-the-box (no more sudo from the command line).  And
it provides a Python 3 module to easily implement your own front-end
interfaces towards the backend services.

There is still some work needed to be done on this client, it isn't 100%
production ready.  But we're getting closer to a beta release.  The current
state now is that it generally runs fine and stable, even over many days and
weeks.

More information can be found on GitHub (or GitLab, if you prefer that)

I have also provided a functional openvpn3 Copr package (for early testers on
Fedora/RHEL/CentOS) which can be found here:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3/>

I would appreciate help in getting this packaged for Debian (and implicitly
Ubuntu) - especially since I have no Debian packaging experience and my hands
are full on reaching a complete release.

Feel free to reach out for more information.  I'm also hanging out on FreeNode
(nick: dazo) and is definitely available on #openvpn and #openvpn-devel.


-- 
kind regards,

David Sommerseth
OpenVPN Inc

[signature.asc (application/pgp-signature, attachment)]

Message #12 received at 904044@bugs.debian.org (full text, mbox, reply):

From: David Sommerseth <davids@openvpn.net>

To: 904044@bugs.debian.org

Subject: Re: Bug#904044: Acknowledgement (RFP: openvpn3 -- Next generation OpenVPN client for Linux)

Date: Thu, 30 May 2019 00:38:30 +0200

[Message part 1 (text/plain, inline)]

We have now provided our own Debian and Ubuntu repositories for the time
being, to have a chance to more easily provide packages to these users.  This
packaging can most likely be improved a lot, which we are aware of.  But it is
at least packages which works and can act as a starting point.

More information can be seen in the announcement sent earlier today:
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18480.html>

If someone would be willing to bring the OpenVPN 3 package into the official
repositories, it would be highly appreciated.


-- 
kind regards,

David Sommerseth
OpenVPN Inc

[signature.asc (application/pgp-signature, attachment)]

Message #17 received at 904044@bugs.debian.org (full text, mbox, reply):

From: Marc Leeman <marc.leeman@gmail.com>

To: 904044@bugs.debian.org

Subject: Fwd: OpenVPN3

Date: Mon, 18 Sep 2023 13:35:57 +0200

[Message part 1 (text/plain, inline)]

---------- Forwarded message ---------
From: Marc Leeman
Date: Mon, 18 Sept 2023 at 13:34
Subject: OpenVPN3
To: OpenVPN maintainer

Hi,

Because our company decided "there will be no impact" to use multifactor
authentication, I was forced to package openvpn3.

I don't know if you were planning anything in that direction, but my
current work can be found here:

https://salsa.debian.org/televic-team/openvpn3

It's rough, I need to go through the finer details.

If you are nog planning anything, I can open an ITP.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904044

-- 
g. Marc


-- 
g. Marc

[Message part 2 (text/html, inline)]

Message #22 received at 904044@bugs.debian.org (full text, mbox, reply):

From: Bernhard Schmidt <berni@debian.org>

To: Marc Leeman <marc.leeman@gmail.com>, Uploaders: Jörg Frings-Fürst <debian@jff.email>

Cc: 904044@bugs.debian.org

Subject: Re: OpenVPN3

Date: Tue, 19 Sep 2023 22:27:58 +0200

Hi Marc,

> Because our company decided "there will be no impact" to use multifactor 
> authentication, I was forced to package openvpn3.
> 
> I don't know if you were planning anything in that direction, but my 
> current work can be found here:
> 
> https://salsa.debian.org/televic-team/openvpn3 
> <https://salsa.debian.org/televic-team/openvpn3>
> 
> It's rough, I need to go through the finer details.
> 
> If you are nog planning anything, I can open an ITP.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904044 
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904044>

Thanks for letting us know. I haven't taken a deep look at it, but it 
looks pretty sane and I'm not aware of any work other than the upstream 
repository. You are certainly welcome to package it.

I can review and sponsor the first uploads if noone beats me to it 
(anyone: feel free to do so, there is no need of the OpenVPN2 
maintainers to specifically review anything in OpenVPN3, and they will 
continue to be used in parallel for years to come).

I've seen you have applied for DM, so I would be happy to give you 
uploader rights when things have settled.

Bernhard

Message #27 received at 904044@bugs.debian.org (full text, mbox, reply):

From: Marc Leeman <marc.leeman@gmail.com>

To: Bernhard Schmidt <berni@debian.org>

Cc: Uploaders: Jörg Frings-Fürst <debian@jff.email>, 904044@bugs.debian.org

Subject: Re: OpenVPN3

Date: Wed, 20 Sep 2023 11:01:15 +0200

[Message part 1 (text/plain, inline)]

OK, I'll pick it up.

There are two repositories, one is the core libraries; the other is the
linux client. The client is compiled by using a git external.

Because of this (git external), I decided package the two repositories
separately: one as a library (lib/dev combo), to use the dev package for
the headers and linking the openvpn3-core statically [1]

The (source) packages are reflecting the upstream git repositories:

1. openvpn3 (library)
2. openvpn3-linux (client)

I need to do some restructuring (from your answer I understand that
/usr/include/openvpn/ as the include path should ot be used).

We're testing it with our company VPN, and it seems to work just fine
(including the 2FA over a web page), the only thing we need to do is to
remove this line from the ovpn files that are generated/provided (error
feedback is not optimal ;-) ).

# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN, Inc.

[1] I'd like to get the packages without too much of a patch on the code
and there are some questionable practices like including cpp files.


On Tue, 19 Sept 2023 at 22:28, Bernhard Schmidt <berni@debian.org> wrote:

> Hi Marc,
>
> > Because our company decided "there will be no impact" to use multifactor
> > authentication, I was forced to package openvpn3.
> >
> > I don't know if you were planning anything in that direction, but my
> > current work can be found here:
> >
> > https://salsa.debian.org/televic-team/openvpn3
> > <https://salsa.debian.org/televic-team/openvpn3>
> >
> > It's rough, I need to go through the finer details.
> >
> > If you are nog planning anything, I can open an ITP.
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904044
> > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904044>
>
> Thanks for letting us know. I haven't taken a deep look at it, but it
> looks pretty sane and I'm not aware of any work other than the upstream
> repository. You are certainly welcome to package it.
>
> I can review and sponsor the first uploads if noone beats me to it
> (anyone: feel free to do so, there is no need of the OpenVPN2
> maintainers to specifically review anything in OpenVPN3, and they will
> continue to be used in parallel for years to come).
>
> I've seen you have applied for DM, so I would be happy to give you
> uploader rights when things have settled.
>
> Bernhard
>


-- 
g. Marc

[Message part 2 (text/html, inline)]

Message #36 received at 904044@bugs.debian.org (full text, mbox, reply):

From: Marc Leeman <marc.leeman@gmail.com>

To: 904044@bugs.debian.org

Subject: Packaging discussion

Date: Wed, 27 Sep 2023 14:13:18 +0200

The packaging discussion can be found on the OpenVPN3 board:
https://github.com/OpenVPN/openvpn3-linux/issues/193

An initial version can be found on salsa:
https://salsa.debian.org/televic-team/openvpn3-client


-- 
g. Marc

Message #45 received at 904044@bugs.debian.org (full text, mbox, reply):

From: Marc Leeman <marc.leeman@gmail.com>

To: 904044@bugs.debian.org

Subject: Fwd: openvpn3-client_21+dfsg-1_amd64.changes REJECTED

Date: Thu, 20 Jun 2024 14:33:01 +0200

[Message part 1 (text/plain, inline)]

---------- Forwarded message ---------
From: Bastian Blank <ftpmaster@ftp-master.debian.org>
Date: Tue, 9 Apr 2024 at 13:00
Subject: openvpn3-client_21+dfsg-1_amd64.changes REJECTED
To: Marc Leeman <marc.leeman@gmail.com>, <ajqlee@debian.org>



Hi

There are two license inompatibilities:
(A)GPL-3 and BSD-4-Clause-UC are incompatible (yes, I saw the comment,
but this makes the license either a custom one or possibly a
BSD-3-Clause)
GPL-2 and AGPL-3 are incompatible

AGPL is not suitable for non-network code, so at least debian/* should
get something else.

Your lintian overrides don't match what ftp-master still expects, see
all the errors.

The polkit maintainer just asked to reject new packages for shipping
legacy polkit pkla files.  So please remove the stuff from
/var/lib/polkit-1 and convert to the new-style rules.

Please drop all autoconf/automake generated and vendored files.  We've
just seen what this produces as problems.

There is vendored code, but also a dependency on the same library
(libasio-dev).

Some other remarks:
- Please use dh_installtmpfiles (rename debian/openvpn3-client.conf to
  .tmpfiles I think), enabled in debhelper compat 13
- You could use debhelper compat 14 directly and avoid some of the
  overrides in debian/rules, as it calls dh_installsysusers
- Preemptive architecture limits are not the way to go, please remove
  this list
- It contains DSA keys in /etc/openvpn3/awscerts, which a current crypto
  policy should not really accept
- There seems to be two distinct was to start it,
  openvpn3-autoload.service and openvpn3-session@.service, is this
  necessary?
- /var is not really for user config, but for state.
- Is /var/lib/openvpn3 supposed to be in the package or created via
  systemd-tmpfiles?  Currently I see both.



===

Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.



-- 
g. Marc

GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B

[noname (application/pgp-signature, attachment)]

Message #50 received at 904044-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 904044-close@bugs.debian.org

Subject: Bug#904044: fixed in openvpn3-client 24+dfsg-1

Date: Mon, 17 Mar 2025 19:00:13 +0000

[Message part 1 (text/plain, inline)]

Source: openvpn3-client
Source-Version: 24+dfsg-1
Done: Marc Leeman <marc.leeman@gmail.com>

We believe that the bug you reported is fixed in the latest version of
openvpn3-client, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 904044@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Leeman <marc.leeman@gmail.com> (supplier of updated openvpn3-client package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Feb 2025 20:17:22 +0100
Source: openvpn3-client
Binary: openvpn3-client openvpn3-client-dbgsym
Architecture: source amd64
Version: 24+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Marc Leeman <marc.leeman@gmail.com>
Changed-By: Marc Leeman <marc.leeman@gmail.com>
Description:
 openvpn3-client - virtual private network client (version 3)
Closes: 904044
Changes:
 openvpn3-client (24+dfsg-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #904044)
Checksums-Sha1:
 a45935c2d1ccbd7eb204e6ce928aa398f4fe4fb6 2355 openvpn3-client_24+dfsg-1.dsc
 3d74007af4c8e33d07cf0705de88c10c5d289bf9 2569376 openvpn3-client_24+dfsg.orig.tar.xz
 c33c0063fb166f718a2255abfab02cf01e31bd44 22692 openvpn3-client_24+dfsg-1.debian.tar.xz
 bdc8bd31259136b3270ddee79bad32316b5e51b0 49477916 openvpn3-client-dbgsym_24+dfsg-1_amd64.deb
 f43745de46df0cf6c4e05004dc819c88da081001 9547 openvpn3-client_24+dfsg-1_amd64.buildinfo
 dddb76b31049408476000dd1da43802d9f605d61 1926312 openvpn3-client_24+dfsg-1_amd64.deb
Checksums-Sha256:
 f30e9ec1167b5bd2b36916cadc0a6664ef2f33374d5062ad49e0302f1b650892 2355 openvpn3-client_24+dfsg-1.dsc
 c1ac256a0ad5b96085ecd7037f2cb14655490da4705404e8fa99b052b1efb0f0 2569376 openvpn3-client_24+dfsg.orig.tar.xz
 d1af07fcff8f161a257616f28c5b3b05660f6865357911d527e3d8e0c5f72533 22692 openvpn3-client_24+dfsg-1.debian.tar.xz
 331392c67074a799a2e3c96e05ae2bbd0ce29ac50595856814c4b6fbd98a4945 49477916 openvpn3-client-dbgsym_24+dfsg-1_amd64.deb
 35dd5e2a6e5922141b7260992b9f6848197526bfb4195e3971ed827793995e46 9547 openvpn3-client_24+dfsg-1_amd64.buildinfo
 ef0251d9cc1a10d772f23332bbe5cc8c7bad8b9b6214c624877b9317360363d1 1926312 openvpn3-client_24+dfsg-1_amd64.deb
Files:
 475fd4d079d8e1323805693ef6aee750 2355 net optional openvpn3-client_24+dfsg-1.dsc
 576622485c33af52dab9de91b4e46a9f 2569376 net optional openvpn3-client_24+dfsg.orig.tar.xz
 8ef297b8ddbd3137fa482b672839e060 22692 net optional openvpn3-client_24+dfsg-1.debian.tar.xz
 9e6af160d28543fb913a8f82279d3cac 49477916 debug optional openvpn3-client-dbgsym_24+dfsg-1_amd64.deb
 8fee7b9c4a4d1932530903fa1d5378d2 9547 net optional openvpn3-client_24+dfsg-1_amd64.buildinfo
 7dab7e95288f2ce37959fcd61300a7d9 1926312 net optional openvpn3-client_24+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE703UlH90QYpfEyJV58vhUqwX+XMFAmfXI/sACgkQ58vhUqwX
+XO7gRAAvpMBJDGBAUvJiwiTkbT1fM3Iw96+z/H3+tZvlzX8jonT8FktW0m8RiL/
w24cybg3NfVJ9+3bGHOo/ON6HQaBDhWtZPyeRaruPvoRRQxRKjTbm7JI/ACQOTmt
BPoYPIM609O9kjzrWohAip2zNOV6rV+e1xBxapeYMbCJl78bO6ZP31NN0xF9BwPm
57oiz8DGkEFmMv1aSfVTM/fP6LleFcy8d6c2Aa1udF+qclr0ToWqa5nKEjvH3RO9
rNXMqd1bfr3FWNv8qciHcPfggIchIVgV5b7NaB3xgSWrlgBtd1JIZljS4v7kPZd1
HE5t4iOxLlBak7ynjNCz2wGa8hMmQnX08VCFm1RPlN4JSUam+M8qpkgNs4Utspur
25qlOHdHkffdX6WJRDtqJS2PfsQ6c+lYkLiLfhg8x8Q+QKgRqkJKu3xgZkbO/cax
/diuBTIgLP7Sq+gXkbQP0aTloJkc5kmZVw8T9e10vHNbNiXIfLxT7P1EIcqNPQgx
O8wACnA1l0z5q3uMZUyvgXFZdwF4u+Eg9WZPYoXbX106d8/36GyrJQgljmcENW19
B6gSRxZcPRPSvJD9d9/KcSDaq3RvEjeL0jSVT3E2QN2xRwuQU6PWhW9qanhvq0z8
cJX1SOUCsi9KqvuKZNS3+bm/NKKgkEuX8X5F65gLW3KviHa6LFc=
=UEbb
-----END PGP SIGNATURE-----

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.