[Bug 1202792] New: OpenVPN in Leap 15.4 seems to be built without --enable-iproute2
https://bugzilla.suse.com/show_bug.cgi?id=1202792 Bug ID: 1202792 Summary: OpenVPN in Leap 15.4 seems to be built without --enable-iproute2 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: screening-team-bugs@suse.de Reporter: georg.jansing@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I am using OpenVPN for several years on openSUSE (42.2 or so?) and always used a setup with a non-root user as advertized in https://openvpn.net/community-resources/how-to/#security (Unprivileged mode) This requires "--enable-iproute2" to be passed to configure at build time (at least as per current documentation). Either this was not the case in the Leap 15.3 version (2.4.x) or it was disabled in the 15.4 version for some reason. Could this flag be enabled (again) for the 15.4 package or is there a strong reason against it? From a -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c1 Reinhard Max <max@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |dmueller@suse.com Flags| |needinfo?(dmueller@suse.com | |) --- Comment #1 from Reinhard Max <max@suse.com> --- We've had that switch on for ages, but it got removed from the Factory package nearly a year ago, and that was later submitted to SLE15-SP4 and made its way into Leap 15.4 from there. Dirk, do you remember why you removed iproute2 support along with the upgrade from 2.5.3 to 2.5.4? https://build.opensuse.org/package/rdiff/network:vpn/openvpn?linkrev=base&rev=168 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c2 Dirk Mueller <dmueller@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(dmueller@suse.com | |) | --- Comment #2 from Dirk Mueller <dmueller@suse.com> --- that was as part of https://build.opensuse.org/request/show/928265 and not mentioned in the changelog. if I remember correctly it it was done because of the new way of doing route changes via netlink, which however requires root indeed. I'll submit a revert. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c3 --- Comment #3 from Reinhard Max <max@suse.com> --- OK, I think now I get it. OpenVPN can be compile-time configured to either use netlink (default) or iproute2, but only the latter allows entirely unprivilegd setups. But does switching back from netlink to iproute2 have any negative effects on performance or functionality for setups that start openvpn as root? I wonder how widely used entirely unprivileged setups are, given that it took almost a year until we got a complaint that we don't support them anymore. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c4 --- Comment #4 from Reinhard Max <max@suse.com> --- Reminder to self: fix still need to be ported to SLE-15-SP4. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c5 Reinhard Max <max@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |max@suse.com Assignee|max@suse.com |mohd.saquib@suse.com --- Comment #5 from Reinhard Max <max@suse.com> --- Assigning to new maintainer. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c7 Mohd Saquib <mohd.saquib@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #7 from Mohd Saquib <mohd.saquib@suse.com> --- Fix has been applied.. Closing the bug -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1202792 https://bugzilla.suse.com/show_bug.cgi?id=1202792#c8 --- Comment #8 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-RU-2023:1725-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1202792 Sources used: openSUSE Leap 15.4 (src): openvpn-2.5.6-150400.3.6.1 Basesystem Module 15-SP4 (src): openvpn-2.5.6-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com