openvpn3 config-import --persistent doesn't persist over reboot

[p-wieser]

Hello,
I just installed a RockyLinux 9 openvpn3 client, and have followed the tutorial here : https://openvpn.net/cloud-docs/owner/connectors/connector-user-guides/openvpn-3-client-for-linux.html
It happens that the configuration is not persisted in /var/lib/openvpn3/configs, and so doesn't survive the reboot.
Configuration itself seems fine : I mean that all works well while I do not reboot the server.
How can I fix that ?

[root@rl9-2 ~] # openvpn3-admin version --services
OpenVPN 3 D-Bus services:

  - Client backend starter service
     openvpn3-service-backendstart: v21

  - Configuration Service
     openvpn3-service-configmgr:    v21

  - Log Service
     openvpn3-service-logger:       v21

  - Network Configuration Service
     openvpn3-service-netcfg:       v21

  - Session Manager Service
     openvpn3-service-sessionmgr:   v21

[root@rl9-2 ~] # openvpn3 version
OpenVPN3/Linux v21 (openvpn3)
OpenVPN core v3.8.2 linux x86_64 64-bit
Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.

[dsommers]

Can you try to run as root: openvpn3-admin init-config. You can also compare that with the log from the package install step, located here: /var/lib/openvpn3/openvpn3-init-config.log.

During the configuration import, it's also important to add the --persistent or -p option.

 $ openvpn3 config-import -p --name PROFILE_NAME --config CONFIG_FILE

[p-wieser]

# openvpn3-admin init-config
- Detected settings will be saved to disk? No

* Checking for OpenVPN user and group accounts
    Found:  openvpn user - uid 983
    Found:  openvpn group - gid 982

* Checking OpenVPN 3 Linux state/configuration directory
    Using directory: /var/lib/openvpn3
    Directory found

* Logger Configuration
    Configuration file: /var/lib/openvpn3/log-service.json
    systemd-journald active state: active
    :: Result ::  Will use systemd journald for logging
    !! Configuration UNCHANGED

* Network Configuration
    Configuration file: /var/lib/openvpn3/netcfg.json
    !! Could not access systemd-resolved
    Found accessible /etc/resolv.conf
    :: Result :: Will use /etc/resolv.conf
    !! Configuration UNCHANGED

* Ensuring SELinux file labels are correct
    - SELinux status: Not enabled; skipping

Also, yes, I use the --persistent flag.
The exact commands I use are:

(myuser) $ openvpn3 config-import --config myconfig.ovpn --name MyConfig –-persistent
(myuser) $ openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
(root) # systemctl enable openvpn3-session@MyConfig
(root) # systemctl start openvpn3-session@MyConfig

[dsommers]

Hmm ... this all looks as expected .... do you have any files present under /var/lib/openvpn3/configs ?

[p-wieser]

No, I don't :(
I've checked that the directory exists, and is owned by openvpn. I do not understand what happens...

[dsommers]

Hmmm .... Is the openvpn3-service-configmgr process running with the --state-dir /var/lib/openvpn3/configs argument?

[p-wieser]

Yes:

# ps -ef | grep vpn
openvpn     1260       1  0 07:24 ?        00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --state-dir /var/lib/openvpn3/configs
openvpn     1628       1  0 07:24 ?        00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-logger --service --state-dir /var/lib/openvpn3 --log-level 4 --journald
openvpn     1656       1  0 07:24 ?        00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-sessionmgr
root        2472    2424  0 07:26 pts/5    00:00:00 grep --color=auto vpn

What I have tried too is to config-dump --json into /var/lib/openvpn3/configs, hoping that this would help, but no luck :(

[p-wieser]

Below a full copy of a new morning session, after a fresh reboot, and made sure system is up to date..:

$ openvpn3 config-import --config ns3197235.ovpn --name MyConfig –-persistent
Configuration imported.  Configuration path: /net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9
[myuser@rl9-2 OVPN] $ openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
Granted access to root (uid 0)
Configuration has been locked down
    Configuration name: MyConfig
                 Owner: (1001)  myuser
             Read-only: no
           Locked down: yes
    Ownership transfer: no
         Public access: no
  Users granted access: 1 user
                        - (0)  root
[myuser@rl9-2 OVPN]

Corresponding journalctl :

# journalctl -f | grep openvpn
May 21 07:47:37 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Parsed configuration 'MyConfig', owner: myuser
May 21 07:47:59 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Access granted to UID 0 by UID 1001
May 21 07:47:59 rl9-2 openvpn3-service-logger[1647]: {tag:11340768796524297432} Configuration lock-down flag set to true by UID 10

And as root :
# systemctl start openvpn3-session@MyConfig
And the relevant journalctl :

May 21 07:48:20 rl9-2 openvpn3-systemd[2566]: Loaded configuration profile MyConfig (path: /net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9)
May 21 07:48:20 rl9-2 systemd[1]: Created slice Slice /system/dbus-:1.0-net.openvpn.v3.backends.
May 21 07:48:20 rl9-2 systemd[1]: Started dbus-:1.0-net.openvpn.v3.backends@0.service.
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: OpenVPN3/Linux v21 (openvpn3-service-backendstart)
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2567]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:3907885248702202842}  [:1.29/net.openvpn.v3.backends], pid 2567
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2571]: Re-initiated process from pid 2571 to backend process pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: OpenVPN3/Linux v21 (openvpn3-service-client)
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:20 rl9-2 openvpn3-service-backendstart[2572]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:5069780414131606635}  [:1.30/net.openvpn.v3.backends], pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:15451295260794154855}  [:1.30/net.openvpn.v3.sessions], pid 2572
May 21 07:48:20 rl9-2 openvpn3-service-logger[1647]: Assigned session /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8 to {tag:5069780414131606635}
May 21 07:48:21 rl9-2 systemd[1]: Created slice Slice /system/dbus-:1.0-net.openvpn.v3.netcfg.
May 21 07:48:21 rl9-2 systemd[1]: Started dbus-:1.0-net.openvpn.v3.netcfg@0.service.
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: Loading configuration file: /var/lib/openvpn3/netcfg.json
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:11438381200322716884}  [:1.32/net.openvpn.v3.netcfg], pid 2576
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: Attached: {tag:12474136228574105405}  [:1.32/net.openvpn.v3.netcfg.core], pid 2576
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: OpenVPN3/Linux v21 (openvpn3-service-netcfg)
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 21 07:48:21 rl9-2 openvpn3-service-netcfg[2576]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 21 07:48:21 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Redirect method: host-route
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: [Logger] Log forward added for :1.28
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: Added new log proxy by :1.14 - session: /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8, target: :1.28, tag: 5069780414131606635
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:8445300873117634211} Added log forwarding to :1.28
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Session initiated: /net/openvpn/v3/sessions/fd13451fsdac6s44d3sbcafs84fe52b883d8
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Starting session connection
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Cleaning up resources for PID 2572.
May 21 07:48:22 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Starting connection
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: Session started successfully
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997624 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CFG_OK) config_path=/net/openvpn/v3/configuration/996688b2x940ax48b6xa1e7xdf60377fe6b9
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997717 Starting connection
May 21 07:48:22 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:22.997740 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTING)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Waiting for server response
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.022628 Waiting for server response
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Socket protect called for socket 8, remote: '51.91.25.164', tun: '', ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Connecting
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.050359 Connecting
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.050420 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTING)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Virtual device '118842a1t7f10t4ffftb395t506bc9638e7c' registered on /net/openvpn/v3/netcfg/2572_118842a1t7f10t4ffftb395t506bc9638e7c (owner uid 983, owner pid 2572)
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding IP Address 10.8.0.7/24 gw 10.8.0.1 ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Setting remote IP address to 51.91.25.164 ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.122.1.0/26' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.9.1.30/32' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:11438381200322716884} Adding network '10.9.1.61/32' excl: no ipv6: no
May 21 07:48:23 rl9-2 openvpn3-service-logger[1647]: {tag:5069780414131606635} Connected: ns3153065.ovh.net:1194 (51.91.25.164) via /TCP on tun/10.8.0.7/ gw=[10.8.0.1/] mtu=(default)
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.165628 Connected: ns3153065.ovh.net:1194 (51.91.25.164) via /TCP on tun/10.8.0.7/ gw=[10.8.0.1/] mtu=(default)
May 21 07:48:23 rl9-2 openvpn3-systemd[2566]: 2024-05-21 07:48:23.165676 [STATUS] (StatusMajor.CONNECTION, StatusMinor.CONN_CONNECTED)
May 21 07:48:26 rl9-2 openvpn3-service-logger[1647]: Detached: {tag:3907885248702202842}  [:1.29/net.openvpn.v3.backends], pid 2567
May 21 07:48:26 rl9-2 systemd[1]: dbus-:1.0-net.openvpn.v3.backends@0.service: Deactivated successfully.
May 21 07:48:26 rl9-2 systemd[1]: dbus-:1.0-net.openvpn.v3.backends@0.service: Unit process 2572 (openvpn3-servic) remains running after unit stopped.

Very verbose, sorry, but I do not know where to search for something relevant..
As a workaround, I have setup a config-import and a start as root at startup..

[dsommers]

I would like to see the journalctl logs around the time where you do the config-import ... to see if that reveals why it isn't stored to disk. It would be good to boost the log service to do "debug logging" as well: openvpn3-admin log-service --log-level 6.

The best way is probably to use the query mechanism in journalctl. The best is to identify the PID of both the openvpn3-service-logger and openvpn3-service-configmgr when you try your import operation. Then you grab the log like this:

 # journalctl --since today _PID=3377607 + _PID=599907

In my example above, the first _PID value is the logger and the latter one the config manager.

If this also does not give much clues .... do a simple killall -INT openvpn3-service-configmgr .... and then in a separate terminal run this command:

 # /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --log-level 6 --log-file stdout: --idle-exit 0 --state-dir /var/lib/openvpn3/configs

Then try importing a persistent config once again and see what happens in the terminal window of the command above.

[p-wieser]

Hello,
Thank you for your patience :)
Below the log of the first try :

# date; openvpn3-admin log-service --log-level 6
Thu May 23 09:51:16 CEST 2024
                 Log method: journald
 Attached log subscriptions: 0
             Log timestamps: enabled
     Log tag prefix enabled: enabled
          Log D-Bus details: enabled
          Current log level: 6          (was 0)

$ date; openvpn3 config-import --config myconfig.ovpn --name MyConfig –-persistent
Thu May 23 09:52:45 CEST 2024
Configuration imported.  Configuration path: /net/openvpn/v3/configuration/2f03f616xc1d1x410axaecbxedccaf95f0a5
$ date; openvpn3 config-acl --show --lock-down true --grant root --config MyConfig
Thu May 23 09:53:54 CEST 2024
Granted access to root (uid 0)
Configuration has been locked down
    Configuration name: MyConfig
                 Owner: (1001)  myuser
             Read-only: no
           Locked down: yes
    Ownership transfer: no
         Public access: no
  Users granted access: 1 user
                        - (0)  root
# date; ls -lA /var/lib/openvpn3/configs/
Thu May 23 09:54:02 CEST 2024
total 0
# date; ps -ef  | grep vpn
Thu May 23 09:54:22 CEST 2024
openvpn     2541       1  0 09:51 ?        00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-logger --service --state-dir /var/lib/openvpn3 --log-level 4 --journald
openvpn     2595       1  0 09:52 ?        00:00:00 /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --state-dir /var/lib/openvpn3/configs
root        2639    2461  0 09:54 pts/5    00:00:00 grep --color=auto vpn
# date; journalctl --since today _PID=2541 + _PID=2595
Thu May 23 09:55:02 CEST 2024
May 23 09:51:16 inlingua-rl9-2 openvpn3-service-logger[2541]: OpenVPN3/Linux v21 (openvpn3-service-logger)
                                                              OpenVPN core v3.8.2 linux x86_64 64-bit
                                                              Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log method: journald
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: OpenVPN3/Linux v21 (openvpn3-service-logger)
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log method: journald
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Idle exit set to 10 minutes
May 23 09:51:16 rl9-2 openvpn3-service-logger[2541]: Log level changed to 6
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: OpenVPN3/Linux v21 (openvpn3-service-configmgr)
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: OpenVPN core v3.8.2 linux x86_64 64-bit
May 23 09:52:45 rl9-2 openvpn3-service-configmgr[2595]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
May 23 09:52:45 rl9-2 openvpn3-service-logger[2541]: Attached: {tag:16897353765334379230}  [:1.29/net.openvpn.v3.configuration], pid 2595
May 23 09:52:45 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Parsed configuration 'MyConfig', owner: myuser
May 23 09:53:54 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Access granted to UID 0 by UID 1001
May 23 09:53:54 rl9-2 openvpn3-service-logger[2541]: {tag:16897353765334379230} Configuration lock-down flag set to true by UID 1001
[root@rl9-2 ~] #

Doesn't seem to be very verbose :(
So I have run your second proposal (and hit Enter in the console between each command to better distinguish the steps) :

# killall -INT openvpn3-service-configmgr
[root@inlingua-rl9-2 ~] # date; ps -ef  | grep vpn
Thu May 23 09:56:07 CEST 2024
root        2706    2461  0 09:56 pts/5    00:00:00 grep --color=auto vpn
# /usr/libexec/openvpn3-linux/openvpn3-service-configmgr --log-level 6 --log-file stdout: --idle-exit 0 --state-dir /var/lib/openvpn3/configs
[INFO] Dropping root group privileges to openvpn
[INFO] Dropping root user privileges to openvpn
OpenVPN3/Linux v21 (openvpn3-service-configmgr)
OpenVPN core v3.8.2 linux x86_64 64-bit
Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
2024-05-23 09:57:25  Config Manager DEBUG: ConfigManagerObject registered on 'net.openvpn.v3.configuration':/net/openvpn/v3/configuration

2024-05-23 09:57:32  Config Manager INFO: Parsed configuration 'MyConfig', owner: myuser
2024-05-23 09:57:32  Config Manager DEBUG: New configuration object created: /net/openvpn/v3/configuration/aa74782ex4e52x49ffx8f08x400d95dd08b6 (owner uid 1001)

2024-05-23 09:57:48  Config Manager INFO: Access granted to UID 0 by UID 1001
2024-05-23 09:57:48  Config Manager INFO: Configuration lock-down flag set to true by UID 1001

No more luck here..

[p-wieser]

A bit more of context : the machine acts as a client of an OpenVPN server, and as a passive backup of this same OpenVPN server. Which does mean that the openvpn packages are installed, though disabled.
I have tried to remove both openvpn and openvpn3, reboot and re-install just openvpn3. This unfortunately doesn't improve the result.
But the installation log displays:

Running scriptlet: kmod-ovpn-dco-0.2.20231010-1.el9.noarch                                                                                                                                                                                                      81/85 
Loading new ovpn-dco-0.2.20231010.1.el9 DKMS files...
Building for 5.14.0-427.16.1.el9_4.x86_64
Building initial module for 5.14.0-427.16.1.el9_4.x86_64
Error! Bad return status for module build on kernel: 5.14.0-427.16.1.el9_4.x86_64 (x86_64)
Consult /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/make.log for more information.
warning: %post(kmod-ovpn-dco-0.2.20231010-1.el9.noarch) scriptlet failed, exit status 10

Error in POSTIN scriptlet in rpm package kmod-ovpn-dco

And the compilation log is :

# cat /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/make.log
DKMS make.log for ovpn-dco-0.2.20231010.1.el9 for kernel 5.14.0-427.16.1.el9_4.x86_64 (x86_64)
Thu May 23 10:23:21 CEST 2024
make: Entering directory '/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build'
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/gen-compat-autoconf.sh /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/compat-autoconf.h
make -C /lib/modules/5.14.0-427.16.1.el9_4.x86_64/build M=/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build PWD=/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build REVISION=copr:0.2.20231010.1.el9 CONFIG_OVPN_DCO_V2=m INSTALL_MOD_DIR=updates/	modules
make[1]: Entering directory '/usr/src/kernels/5.14.0-427.16.1.el9_4.x86_64'
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/main.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/bind.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/crypto.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/peer.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/stats.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/crypto_aead.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/pktid.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/tcp.o
  CC [M]  /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.o
In file included from <command-line>:
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/linux-compat.h:27:24: error: redefinition of ‘struct genl_ops’
   27 | #define genl_split_ops genl_ops
      |                        ^~~~~~~~
./include/net/genetlink.h:248:8: note: in expansion of macro ‘genl_split_ops’
  248 | struct genl_split_ops {
      |        ^~~~~~~~~~~~~~
In file included from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:25:
./include/net/genetlink.h:199:8: note: originally defined here
  199 | struct genl_ops {
      |        ^~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:848:21: error: initialization of ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘int (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
  848 |         .pre_doit = ovpn_pre_doit,
      |                     ^~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:848:21: note: (near initialization for ‘ovpn_netlink_family.pre_doit’)
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:849:22: error: initialization of ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ from incompatible pointer type ‘void (*)(const struct genl_ops *, struct sk_buff *, struct genl_info *)’ [-Werror=incompatible-pointer-types]
  849 |         .post_doit = ovpn_post_doit,
      |                      ^~~~~~~~~~~~~~
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.c:849:22: note: (near initialization for ‘ovpn_netlink_family.post_doit’)
cc1: some warnings being treated as errors
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c: In function ‘ovpn_net_xmit’:
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c:433:28: error: implicit declaration of function ‘skb_gso_segment’; did you mean ‘skb_gso_reset’? [-Werror=implicit-function-declaration]
  433 |                 segments = skb_gso_segment(skb, 0);
      |                            ^~~~~~~~~~~~~~~
      |                            skb_gso_reset
/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.c:433:26: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  433 |                 segments = skb_gso_segment(skb, 0);
      |                          ^
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/netlink.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.c:18:
./include/net/udp.h: In function ‘udp_rcv_segment’:
./include/net/udp.h:493:16: error: implicit declaration of function ‘__skb_gso_segment’; did you mean ‘__udp_gso_segment’? [-Werror=implicit-function-declaration]
  493 |         segs = __skb_gso_segment(skb, features, false);
      |                ^~~~~~~~~~~~~~~~~
      |                __udp_gso_segment
./include/net/udp.h:493:14: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  493 |         segs = __skb_gso_segment(skb, features, false);
      |              ^
In file included from ./include/net/udp_tunnel.h:6,
                 from /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.c:25:
./include/net/udp.h: In function ‘udp_rcv_segment’:
./include/net/udp.h:493:16: error: implicit declaration of function ‘__skb_gso_segment’; did you mean ‘__udp_gso_segment’? [-Werror=implicit-function-declaration]
  493 |         segs = __skb_gso_segment(skb, features, false);
      |                ^~~~~~~~~~~~~~~~~
      |                __udp_gso_segment
./include/net/udp.h:493:14: warning: assignment to ‘struct sk_buff *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  493 |         segs = __skb_gso_segment(skb, features, false);
      |              ^
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/sock.o] Error 1
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/udp.o] Error 1
cc1: some warnings being treated as errors
make[3]: *** [scripts/Makefile.build:299: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco/ovpn.o] Error 1
make[2]: *** [scripts/Makefile.build:585: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build/drivers/net/ovpn-dco] Error 2
make[1]: *** [Makefile:1934: /var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build] Error 2
make[1]: Leaving directory '/usr/src/kernels/5.14.0-427.16.1.el9_4.x86_64'
make: *** [Makefile:59: all] Error 2
make: Leaving directory '/var/lib/dkms/ovpn-dco/0.2.20231010.1.el9/build'

So, this was a very bad idea : now, I just cannot install a working openvn3 client. Snifff..

[dsommers]

The latest RHEL-9.4 will need an updated ovpn-dco; the kernel APIs was slightly changed - backported from newer kernel bases by Red Hat. You can still use OpenVPN 3 Linux and OpenVPN 2.x, but without DCO. On the client side, the tun interface is often capable of getting over 400-500Mbit/s, but for an OpenVPN server the DCO benefit is quite a lot higher.

Your configmgr debug output puzzles me a lot .... it's like it never receives the proper flag for "persistent config" in the Import operation.

I'm soon about to do another Fedora Copr devsnaphot for a coming v22_dev release. I'm wrapping up the pieces now. This will include an overhauled configmgr service and openvpn3 command line. Maybe that will solve your issue.

I'll give you a heads-up when it's ready.

[p-wieser]

Happens that I ommitted (oop's) to install openvpn3-client. I just had openvpn3.
That doesn't fix the initial persistence issue, but at least I am able to start a vpn session without persistence..
So I am not blocked! Fine.

[dsommers]

A new development snapshot was pushed out the other day; if you would be able to test that one, that would be appreciated. Maybe it's easier to understand what goes wrong with the persistent configuration files then.

https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3-devsnapshots/