hadi/test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "/"

Browse Source
This commit is contained in:
hadi 2025-04-16 07:05:45 +00:00
parent 733a80e9fc
commit 26fe53bfeb
1 changed files with 332 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

332
OpenVPN3Linux – OpenVPN Community.html Normal file
View File

@ -0,0 +1,332 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- saved from url=(0056)https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux -->
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
OpenVPN3Linux OpenVPN Community
</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!--[if IE]><script type="text/javascript">
if (/^#__msie303:/.test(window.location.hash))
window.location.replace(window.location.hash.replace(/^#__msie303:/, '#'));
</script><![endif]-->
<link rel="search" href="https://community.openvpn.net/openvpn/search">
<link rel="help" href="https://community.openvpn.net/openvpn/wiki/TracGuide">
<link rel="alternate" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?format=txt" type="text/x-trac-wiki" title="Plain Text">
<link rel="start" href="https://community.openvpn.net/openvpn/wiki">
<link rel="stylesheet" href="./OpenVPN3Linux OpenVPN Community_files/trac.css" type="text/css">
<link rel="stylesheet" href="./OpenVPN3Linux OpenVPN Community_files/wiki.css" type="text/css">
<link rel="icon" href="https://community.openvpn.net/openvpn/chrome/site/favicon.ico" type="image/x-icon">
<link type="application/opensearchdescription+xml" rel="search" href="https://community.openvpn.net/openvpn/search/opensearch" title="Search OpenVPN Community">
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/jquery.js.download"></script>
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/babel.js.download"></script>
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/trac.js.download"></script>
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/search.js.download"></script>
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/folding.js.download"></script>
<script type="text/javascript" charset="utf-8" src="./OpenVPN3Linux OpenVPN Community_files/navadd.js.download"></script>
<script type="text/javascript">
jQuery("#trac-noscript").remove();
jQuery(document).ready(function($) {
$(".trac-autofocus").focus();
$(".trac-target-new").attr("target", "_blank");
if ($.ui) { /* is jquery-ui added? */
$(".trac-datepicker:not([readonly])").prop("autocomplete", "off").datepicker();
$(".trac-datetimepicker:not([readonly])").prop("autocomplete", "off").datetimepicker();
$("#main").addClass("trac-nodatetimehint");
}
$(".trac-disable").disableSubmit(".trac-disable-determinant");
setTimeout(function() { $(".trac-scroll").scrollToTop() }, 1);
$(".trac-disable-on-submit").disableOnSubmit();
});
</script>
<script type="text/javascript">
jQuery(document).ready(function($) {
$("#content").find("h1,h2,h3,h4,h5,h6").addAnchor(_("Link to this section"));
$("#content").find(".wikianchor").each(function() {
$(this).addAnchor(babel.format(_("Link to #%(id)s"), {id: $(this).attr('id')}));
});
$(".foldable").enableFolding(true, true);
});
</script>
<link rel="stylesheet" type="text/css" href="./OpenVPN3Linux OpenVPN Community_files/openvpn.css">
</head>
<body>
<div id="banner">
<div id="header">
<a id="logo" href="https://openvpn.net/"><img src="./OpenVPN3Linux OpenVPN Community_files/ovpnlogo-com.png" alt="OpenVPN logo" height="54" width="450"></a>
</div>
<form id="search" action="https://community.openvpn.net/openvpn/search" method="get">
<div>
<label for="proj-search">Search:</label>
<input type="text" id="proj-search" name="q" size="18" value="">
<input type="submit" value="Search">
</div>
</form>
<div id="metanav" class="nav">
<ul>
<li class="first"><a href="https://community.openvpn.net/openvpn/login">Login</a></li><li><a href="https://community.openvpn.net/account">Account</a></li><li><a href="https://community.openvpn.net/register">Register</a></li><li><a href="https://community.openvpn.net/openvpn/prefs">Preferences</a></li><li><a href="https://openvpn.net/legal/">Terms of use</a></li><li class="last"><a href="https://openvpn.net/privacy-policy/">Privacy policy</a></li>
</ul>
</div>
</div>
<div id="mainnav" class="nav">
<ul>
<li class="first"><a href="https://openvpn.net/">Commercial Products</a></li><li class="active"><a href="https://community.openvpn.net/openvpn/wiki">Wiki</a></li><li><a href="https://forums.openvpn.net/">Forums</a></li><li><a href="https://github.com/OpenVPN">Source</a></li><li><a href="https://community.openvpn.net/openvpn/report">Old Bugs</a></li><li><a href="https://github.com/OpenVPN/openvpn/issues">New Bugs</a></li><li><a href="https://community.openvpn.net/openvpn/search">Search</a></li><li class="last"><a href="https://community.openvpn.net/openvpn/wiki/Downloads">Downloads</a></li>
</ul>
</div>
<div id="main">
<div id="pagepath" class="noprint">
<a class="pathentry first" title="View WikiStart" href="https://community.openvpn.net/openvpn/wiki">wiki:</a><a class="pathentry" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux" title="View OpenVPN3Linux">OpenVPN3Linux</a>
</div>
<div id="ctxtnav" class="nav">
<h2>Context Navigation</h2>
<ul>
<li class="first"><a href="https://community.openvpn.net/openvpn/wiki/WikiStart">Start Page</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/TitleIndex">Index</a></li><li class="last"><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?action=history">History</a></li>
</ul>
<hr>
</div>
<div id="content" class="wiki">
<div class="wikipage searchable">
<div id="wikipage" class="trac-content"><h1 id="OpenVPN3Linux">OpenVPN 3 Linux<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#OpenVPN3Linux" title="Link to this section"></a></h1>
<p>
</p><div class="wiki-toc"><h4>Table of Contents</h4><ol><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Pre-builtpackages">Pre-built packages</a><ol><li><ol><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Footnotes">Footnotes</a></li></ol></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Stablerepository-DebianUbuntu"><span class="underline">Stable repository</span> - Debian / Ubuntu</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Stablerepository-RedHatEnterpriseLinux"><span class="underline">Stable repository</span> - Red Hat Enterprise Linux</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Developmentbetarepository-DebianUbuntu"><span class="underline">Development/beta repository</span> - Debian / Ubuntu</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#FedoraCoprrepository-FedoraRedHatEnterpriseLinux"><span class="underline">Fedora Copr repository</span> - Fedora / Red Hat Enterprise Linux</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#TheoldOpenVPN3Linuxrepository"><span class="underline">The old OpenVPN 3 Linux repository </span></a></li></ol></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#OpenVPNDataChannelOffload">OpenVPN Data Channel Offload</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Quickstart-howtouseOpenVPN3Linux"><span class="underline">Quick start - how to use OpenVPN 3 Linux</span></a><ol><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Usingopenvpn2">Using <code>openvpn2</code></a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Usingopenvpn3">Using <code>openvpn3</code></a><ol><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Startingaone-shotconfigurationprofile">Starting a one-shot configuration profile</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Importingaconfigurationfileforre-useandstartingaVPNsession">Importing a configuration file for re-use and starting a VPN session</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#StartinganewVPNsessionfromanimportedconfigurationprofile">Starting a new VPN session from an imported configuration profile</a></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#ManagingarunningVPNsession">Managing a running VPN session</a></li></ol></li></ol></li><li><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Furtherinformation">Further information</a></li></ol></div><p>
The <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/"><span class="icon"></span>OpenVPN 3 Linux project</a> is a new client built on top of the <a class="ext-link" href="https://github.com/OpenVPN/openvpn3/"><span class="icon"></span>OpenVPN 3 Core Library</a>, which is also used in the various OpenVPN Connect clients and OpenVPN for Android (need to be enabled via the settings page in the app).
</p>
<p>
This client is built around a completely different architecture in regards to usage. It focuses more on allowing ordinary, unprivileged users on a system to start and manage their own VPN sessions. This is possible by building on features available in modern Linux distrubtions. OpenVPN 3 Linux builds on the D-Bus infrastructure, which enables a better privilege separation between various components. In the end this results in OpenVPN 3 Linux requiring very little privileges to run, and only an isolated service responsible for configuring network settings runs with just the few needed elevated privileges to achieve its job. The rest of the OpenVPN 3 Linux runs with no extra privileges.
</p>
<p>
Even though the project name carries "Linux", it doesn't mean it is restricted to Linux only. Any platform which has D-Bus available should be capable of running this client in theory. But since D-Bus is most commonly used in Linux environments, this will naturally be the primary focus for the project.
</p>
<p>
The release notes are stored in git tags in the project git repository. They can also be viewed here: <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/tags"><span class="icon"></span>https://codeberg.org/OpenVPN/openvpn3-linux/tags</a>
</p>
<h2 id="Pre-builtpackages">Pre-built packages<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Pre-builtpackages" title="Link to this section"></a></h2>
<p>
Since the release of OpenVPN 3 Linux v21, we will provide packages via different software repositories. Users requiring production stable version should only use the software repositories for stable releases. All the distributions targeting the Enterprise Linux or Long-Term Stable releases will be available through this channel. Other distributions may need to use the repositories for development/beta releases. The stable versions will not have as frequent releases as the development/beta releases.
</p>
<p>
Supported distributions:
</p>
<table class="wiki">
<tbody><tr><th> <strong>Distribution Vendor</strong> </th><th> <strong>Release</strong> </th><th> <strong>Release name</strong> (<code>DISTRIBUTION</code>) </th><th> <strong>Architecture</strong> </th><th><strong>DCO support</strong></th><th> <strong>Repositories</strong>
</th></tr><tr><td> Debian </td><td> 12 </td><td style="text-align: center"> bookworm </td><td> amd64, arm64 (*0) </td><td style="text-align: center"> yes </td><td> Stable
</td></tr><tr><td> Fedora </td><td> 40, 41, Rawhide (*1) </td><td style="text-align: center"> - </td><td> aarch64 (*0), ppc64le, s390x, x86_64 </td><td style="text-align: center"> yes </td><td> Fedora Copr
</td></tr><tr><td> Red Hat Enterprise Linux </td><td> 8 </td><td style="text-align: center"> - </td><td> aarch64 (*0), ppc64le (*2), s390x (*2), x86_64 </td><td style="text-align: center"> yes </td><td> Stable, Fedora Copr
</td></tr><tr><td> Red Hat Enterprise Linux </td><td> 9 </td><td style="text-align: center"> - </td><td> aarch64 (*0), ppc64le (*2), s390x (*2), x86_64 </td><td style="text-align: center"> yes </td><td> Stable, Fedora Copr
</td></tr><tr><td> Red Hat Enterprise Linux </td><td> 10 Beta (tech-preview) </td><td style="text-align: center"> - </td><td> aarch64 (*0), ppc64le (*2), s390x (*2), x86_64 </td><td style="text-align: center"> yes </td><td> Fedora Copr
</td></tr><tr><td> Ubuntu (LTS) </td><td> 20.04 </td><td style="text-align: center"> focal </td><td> amd64, arm64 (*0) </td><td style="text-align: center"> yes </td><td> Stable
</td></tr><tr><td> Ubuntu (LTS) </td><td> 22.04 </td><td style="text-align: center"> jammy </td><td> amd64, arm64 (*0) </td><td style="text-align: center"> yes </td><td> Stable
</td></tr><tr><td> Ubuntu (LTS) </td><td> 24.04 </td><td style="text-align: center"> noble </td><td> amd64, arm64 (*0) </td><td style="text-align: center"> yes </td><td> Stable
</td></tr></tbody></table>
<p>
In many cases, the Red Hat Enterprise Linux packages will also work on Alma Linux and Rocky Linux.
</p>
<h4 id="Footnotes">Footnotes<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Footnotes" title="Link to this section"></a></h4>
<ol start="0"><li>ARM64/aarch64 architectures are in tech-preview; please report back your experiences if you use OpenVPN 3 LInux on this platform - good or bad
</li><li>Fedora Rawhide is a moving target and there will be periods where there will not be updates available until we sort out the required changes to the build environment.
</li><li>The ppc64le and s390x are not fully supported and only available via the Fedora Copr repositories. Consider these platforms tech-preview.
</li></ol><h3 id="Stablerepository-DebianUbuntu"><span class="underline">Stable repository</span> - Debian / Ubuntu<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Stablerepository-DebianUbuntu" title="Link to this section"></a></h3>
<p>
Ensure you have the needed support packages already installed:
</p>
<pre class="wiki"># apt install apt-transport-https curl
</pre><p>
Retrieve the OpenVPN Inc package signing key:
</p>
<pre class="wiki"># mkdir -p /etc/apt/keyrings ### This might not exist in all distributions
# curl -sSfL https://packages.openvpn.net/packages-repo.gpg &gt;/etc/apt/keyrings/openvpn.asc
</pre><p>
Replace the <code>DISTRIBUTION</code> part in the command below using the release name from the table above to set up the apt source listing:
</p>
<pre class="wiki"># echo "deb [signed-by=/etc/apt/keyrings/openvpn.asc] https://packages.openvpn.net/openvpn3/debian DISTRIBUTION main" &gt;&gt;/etc/apt/sources.list.d/openvpn3.list
</pre><p>
Example for Debian 12:
</p>
<pre class="wiki"># echo "deb [signed-by=/etc/apt/keyrings/openvpn.asc] https://packages.openvpn.net/openvpn3/debian bookworm main" &gt;&gt;/etc/apt/sources.list.d/openvpn3.list
</pre><p>
To install OpenVPN 3 Linux, run these commands:
</p>
<pre class="wiki"># apt update
# apt install openvpn3
</pre><h3 id="Stablerepository-RedHatEnterpriseLinux"><span class="underline">Stable repository</span> - Red Hat Enterprise Linux<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Stablerepository-RedHatEnterpriseLinux" title="Link to this section"></a></h3>
<p>
Red Hat Enterprise Linux 8 and 9 need to install this package:
</p>
<pre class="wiki"># dnf install https://packages.openvpn.net/openvpn-openvpn3-epel-repo-1-1.noarch.rpm
</pre><p>
In addition, the <a class="ext-link" href="https://docs.fedoraproject.org/en-US/epel/"><span class="icon"></span>Fedora EPEL</a> package and the corresponding Code Ready Builder (or <a class="missing wiki">PowerTools?</a> on CentOS) must be installed.
</p>
<p>
To install OpenVPN 3 Linux, run this command:
</p>
<pre class="wiki"># dnf install openvpn3-client
</pre><h3 id="Developmentbetarepository-DebianUbuntu"><span class="underline">Development/beta repository</span> - Debian / Ubuntu<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Developmentbetarepository-DebianUbuntu" title="Link to this section"></a></h3>
<p>
(TBD)
</p>
<h3 id="FedoraCoprrepository-FedoraRedHatEnterpriseLinux"><span class="underline">Fedora Copr repository</span> - Fedora / Red Hat Enterprise Linux<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#FedoraCoprrepository-FedoraRedHatEnterpriseLinux" title="Link to this section"></a></h3>
<p>
This repository will have more frequent releases than the stable repository, but packages from this repository will not have been through the same level of QA testing before releases.
</p>
<p>
Ensure the <code>dnf copr</code> functionality is installed and ready. Then enable the Fedora Copr repository for OpenVPN 3 Linux:
</p>
<pre class="wiki"># dnf copr enable dsommers/openvpn3
</pre><p>
Then OpenVPN 3 Linux can be installed:
</p>
<pre class="wiki"># dnf install openvpn3-client
</pre><h3 id="TheoldOpenVPN3Linuxrepository"><span class="underline">The old OpenVPN 3 Linux repository </span><a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#TheoldOpenVPN3Linuxrepository" title="Link to this section"></a></h3>
<p>
Information about the old .deb package repository can be found here, where OpenVPN 3 Linux v20 and older can be found: <a class="ext-link" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?version=28"><span class="icon"></span>https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?version=28</a>
</p>
<h2 id="OpenVPNDataChannelOffload">OpenVPN Data Channel Offload<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#OpenVPNDataChannelOffload" title="Link to this section"></a></h2>
<p>
The OpenVPN Data Channel Offload (OpenVPN DCO) is a kernel module which can accellerate the OpenVPN traffic throughput. OpenVPN 3 Linux uses the same kernel module as OpenVPN 2.6.
For Debian and Ubuntu distributions, install the <code>openvpn-dco-dkms</code> package. Fedora and Red Hat Enterprise Linux distributions need to install the <code>kmod-ovpn-dco</code> package.
</p>
<p>
With this in installed, VPN sessions can be started with the Data Channel Offload enabled. To test it on an existing configuration:
</p>
<pre class="wiki">$ openvpn3 session-start --dco true --config CONFIG_NAME
</pre><p>
To make this persistent each time, use the OpenVPN 3 Configuration Manager:
</p>
<pre class="wiki">$ openvpn3 config-import --persistent --name CONFIG_NAME --config /path/to/configuration/profile.ovpn
$ openvpn3 config-manager --show --name CONFIG_NAME --dco true
</pre><p>
Then each time the VPN configuration is started, either via <code>openvpn3 session-start</code> or the systemd <code>openvpn3-sessions@.service</code> unit file, DCO will be enabled.
Please do verify that the log output does indicate that DCO has truly been enabled, as it might be disabled on-the-fly if your configuration profile is not DCO compliant.
</p>
<p>
A DCO compliant configuration profile cannot use compression features and must use an AEAD based cipher (like AES-GCM or ChaCha20-Poly1305).
</p>
<h2 id="Quickstart-howtouseOpenVPN3Linux"><span class="underline">Quick start - how to use OpenVPN 3 Linux</span><a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Quickstart-howtouseOpenVPN3Linux" title="Link to this section"></a></h2>
<p>
With the openvpn3 packages installed, everything should be ready to be used. By default any user account on the system should be able to start and manage their own VPN sessions.
</p>
<h3 id="Usingopenvpn2">Using <code>openvpn2</code><a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Usingopenvpn2" title="Link to this section"></a></h3>
<p>
For users familiar with the classic OpenVPN 2.x command line, the <code>openvpn2</code> front-end aims to be fairly close to old behaviour.
</p>
<pre class="wiki"> $ openvpn2 --config ${MY_CONFIGURATION_FILE} --verb 6
</pre><p>
Replace ${MY_CONFIGURATION_FILE} with the OpenVPN configuration file you want to use. If this configuration includes the <code>--daemon</code> option, the VPN session will be started in the background and the user is given the command line back again. To further manage this VPN session, the <code>openvpn3 session-manage</code> command line interface must be used. Without <code>--daemon</code> the console will be filled with log data from the VPN session and the session can be disconnected via a simple CTRL-C in the terminal.
</p>
<p>
For more information, see <code>openvpn2 --help</code>, <code>openvpn3 session-manage --help</code> as well as the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn2.1.rst"><span class="icon"></span>openvpn2</a> and <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-session-manage.1.rst"><span class="icon"></span>openvpn3-session-manage</a> man pages.
</p>
<h3 id="Usingopenvpn3">Using <code>openvpn3</code><a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Usingopenvpn3" title="Link to this section"></a></h3>
<p>
For more advanced usage, the <code>openvpn3</code> command line offers a lot more features. Configuration profiles in OpenVPN 3 Linux are managed by a <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-service-configmgr.8.rst"><span class="icon"></span>Configuration Manager</a> before the VPN session is started via the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-service-sessionmgr.8.rst"><span class="icon"></span>Session Manager</a>. The <code>openvpn3</code> utility gives access to the features these manager services provides.
</p>
<h4 id="Startingaone-shotconfigurationprofile">Starting a one-shot configuration profile<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Startingaone-shotconfigurationprofile" title="Link to this section"></a></h4>
<p>
A "one-shot configuration profile" means that the configuration file is parsed, loaded and deleted from the the configuration manage as soon as the VPN session has been attempted started. No configuration file is available for re-use after this approach. This is achieved by giving the configuration file to the <code>openvpn3 session-start</code> command directly.
</p>
<pre class="wiki"> $ openvpn3 session-start --config ${MY_CONFIGURATION_FILE}
</pre><h4 id="Importingaconfigurationfileforre-useandstartingaVPNsession">Importing a configuration file for re-use and starting a VPN session<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Importingaconfigurationfileforre-useandstartingaVPNsession" title="Link to this section"></a></h4>
<p>
Using this approach, an imported configuration file can be used several times and access to the configuration file itself is not needed to start VPN tunnels. By default, configuration profiles imported are only available to the user who imported the configuration file. But OpenVPN 3 Linux also provides an Access Control List feature via <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-config-acl.1.rst"><span class="icon"></span>openvpn3 config-acl</a> to grant access to specific or all users on the system.
</p>
<pre class="wiki"> $ openvpn3 config-import --config ${MY_CONFIGURATION_FILE}
</pre><p>
This loads the configuration profile and stores it in memory-only. That means, if the system is rebooted, the configuration profile is not preserved. If the <code>--persistent</code> argument is added to the command line above, the configuration profile will be saved to disk in a directory only accessible by the <code>openvpn</code> user. Whenever the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-service-configmgr.8.rst"><span class="icon"></span>Configuration Manager</a> is started, configuration files imported with <code>--persistent</code> will be automatically loaded as well.
</p>
<p>
To list all available configuration profiles, run this command:
</p>
<pre class="wiki"> $ openvpn3 configs-list
</pre><p>
A configuration file typically contains generic options to be able to connect to a specific server, regardless of the device itself. OpenVPN 3 Linux also supports setting more host-specific settings on a configuration profile as well. This is handled via the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-config-manage.1.rst"><span class="icon"></span>`openvpn3 config-manage`</a> interface. Any settings here will also be preserved across boots if the configuration profile was imported with the <code>--persistent</code> argument.
</p>
<h4 id="StartinganewVPNsessionfromanimportedconfigurationprofile">Starting a new VPN session from an imported configuration profile<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#StartinganewVPNsessionfromanimportedconfigurationprofile" title="Link to this section"></a></h4>
<p>
When a configuration profile is available via <code>openvpn3 configs-list</code>, it can easily be started via <code>openvpn3 session-start</code> using the configuration profile name (typically the filename used during the import)
</p>
<pre class="wiki"> $ openvpn3 session-start --config ${CONFIGURATION_PROFILE_NAME}
</pre><p>
or it is possible to use the D-Bus path to the configuration profile:
</p>
<pre class="wiki"> $ openvpn3 session-start --config-path /net/openvpn/v3/configuration/.........
</pre><p>
In either of these cases is it necessarily to have access to the configuration profile on disk. As long as configuration profiles are available via <code>openvpn3 configs-list</code>, all needed to start a VPN session should be present.
</p>
<h4 id="ManagingarunningVPNsession">Managing a running VPN session<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#ManagingarunningVPNsession" title="Link to this section"></a></h4>
<p>
Once a VPN session has started, it should be seen in <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-sessions-list.1.rst"><span class="icon"></span>`openvpn3 sessions-list`</a>:
</p>
<pre class="wiki"> $ openvpn3 sessions-list
</pre><p>
Using the <code>openvpn3 session-manage</code> there are a few things which can be done, but most typically it is the <code>--disconnect</code> or <code>--restart</code> alternatives which is most commonly used.
</p>
<pre class="wiki"> $ openvpn3 session-manage --config ${CONFIGURATION_PROFILE_NAME} --restart
</pre><p>
This disconnects and re-connects to the server again, re-establishing the connection. The <code>${CONFIGURATION_PROFILE_NAME}</code> is the configuration name as displayed in <code>openvpn3 sessions-list</code>. It is also possible to use the D-Bus path to the session as well:
</p>
<pre class="wiki"> $ openvpn3 session-manage --session-path /net/openvpn/v3/sessions/..... --disconnect
</pre><p>
This command above will disconnect a running session. Once this operation has completed, it will be removed from the <code>openvpn3 sessions-list</code> overview.
</p>
<p>
It is also possible to retrieve real-time tunnel statistics from running sessions:
</p>
<pre class="wiki"> $ openvpn3 session-stats --config ${CONFIGURATION_PROFILE_NAME}
$ openvpn3 session-stats --session-path /net/openvpn/v3/sessions/.....
</pre><p>
And to retrieve real-time log events as they occur, run the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-log.1.rst"><span class="icon"></span>`openvpn3 log`</a> command line below:
</p>
<pre class="wiki"> $ openvpn3 log --config ${CONFIGURATION_PROFILE_NAME}
</pre><p>
This might be quite silent, as it does not provide any log events from the past. Issue an <code>openvpn3 session-manage --restart</code> from a different terminal, and log events will occur. You may want to boost the log-level with <code>--log-level 6</code>. Valid log levels are from 0 to 6, where 6 is the most verbose.
</p>
<p>
Note that the maximum log level is configured centrally. If you don't get more output with higher log levels increase maximum log level first with <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-admin.8.rst"><span class="icon"></span>`openvpn3-admin`</a> (note that this command needs to be executed as root):
</p>
<pre class="wiki"> # openvpn3-admin log-service --log-level 6
</pre><p>
VPN sessions are also owned by the user which started it. But the <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-service-sessionmgr.8.rst"><span class="icon"></span>Session Manager</a> also provides its own Access Control List feature via <a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-session-acl.1.rst"><span class="icon"></span>`openvpn3 session-acl`</a>.
</p>
<h2 id="Furtherinformation">Further information<a class="anchor" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux#Furtherinformation" title="Link to this section"></a></h2>
<ul><li>man pages:
<ul><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-linux.7.rst.in"><span class="icon"></span>openvpn3-linux</a>(7) - Main overview
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3.1.rst"><span class="icon"></span>openvpn3</a>(1) - <code>openvpn3</code> command line interface
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn2.1.rst"><span class="icon"></span>openvpn2</a>(1) - <code>openvpn2</code> command line interface which is similar to the classic OpenVPN 2.x interface
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man/openvpn3-systemd.8.rst"><span class="icon"></span>openvpn3-systemd</a>(8) - Managing OpenVPN 3 Linux via systemd <code>systemctl</code>
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/man"><span class="icon"></span>More man pages</a>
</li></ul></li></ul><ul><li>Developers / D-Bus API documentation
<ul><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/dbus/dbus-primer.md"><span class="icon"></span>D-Bus Primer</a> - Understanding D-Bus
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/dbus/dbus-overview.md"><span class="icon"></span>OpenVPN 3 D-Bus overview</a> - Overview of all D-Bus services which are provided and used
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/debugging.md"><span class="icon"></span>Debugging</a> - How to debug OpenVPN 3 Linux
</li><li><a class="ext-link" href="https://codeberg.org/OpenVPN/openvpn3-linux/src/branch/master/docs/dbus"><span class="icon"></span>More D-Bus documentation</a>
</li></ul></li></ul></div>
<div class="trac-modifiedby">
<span><a href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?action=diff&amp;version=38" title="Version 38 by David Sommerseth: Update supported distros by v24, replace yum with dnf">Last modified</a> <a class="timeline" href="https://community.openvpn.net/openvpn/timeline?from=2024-12-08T20%3A04%3A07Z&amp;precision=second" title="See timeline at 12/08/24 20:04:07">4 months ago</a></span>
<span class="trac-print">Last modified on 12/08/24 20:04:07</span>
</div>
</div>
</div>
<div id="altlinks">
<h3>Download in other formats:</h3>
<ul>
<li class="last first">
<a rel="nofollow" href="https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux?format=txt">Plain Text</a>
</li>
</ul>
</div>
</div>
<div id="footer" lang="en" xml:lang="en"><hr>
<a id="tracpowered" href="http://trac.edgewall.org/"><img src="./OpenVPN3Linux OpenVPN Community_files/trac_logo_mini.png" height="30" width="107" alt="Trac Powered"></a>
<p class="left">Powered by <a href="https://community.openvpn.net/openvpn/about"><strong>Trac 1.2.3.dev0</strong></a><br>
By <a href="http://www.edgewall.org/">Edgewall Software</a>.</p>
<p class="right">Visit the Trac open source project at<br><a href="http://trac.edgewall.org/">http://trac.edgewall.org/</a></p>
</div>
</body></html>