Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: IV_PLAT_VER on macOS #637

Closed
gordon-shumway-net opened this issue Nov 3, 2024 · 3 comments
Closed

Feature request: IV_PLAT_VER on macOS #637

gordon-shumway-net opened this issue Nov 3, 2024 · 3 comments

Comments

@gordon-shumway-net
Copy link

Describe the bug
OpenVPN 2.6.12 running on macOS 12 not sending IV_PLAT_VER if push-peer-info is set.
Neither Tunnelblick 4.0.1 stable nor the almost latest beta 6.0beta08 is doing that.
Windows seems to be the only platform sending this.

peer info on Server site:
Tunnelblick with push-peer-info:

Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_VER=2.6.12
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_PLAT=mac
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_TCPNL=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_MTU=1600
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_NCP=2
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_PROTO=990
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_LZ4=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_LZ4v2=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_LZO=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_COMP_STUB=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_COMP_STUBv2=1
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_HWADDR=
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_SSL=OpenSSL_3.0.14_4_Jun_2024
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_6120_6.0beta08__build_6120)"
Nov 03 13:35:41 ovpn-server[1482]: peer info: IV_SSO=webauth

Tunnelblick without push-peer-info:

Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_VER=2.6.12
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_PLAT=mac
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_TCPNL=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_MTU=1600
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_NCP=2
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_PROTO=990
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_LZ4=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_LZ4v2=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_LZO=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_COMP_STUB=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_COMP_STUBv2=1
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_6120_6.0beta08__build_6120)"
Nov 03 13:48:18 ovpn-server[1482]: peer info: IV_SSO=webauth

Windows with push-peer-info:

Nov 03 14:10:21 ovpn-server[1335]: peer info: iV_VER=2.6.12
Nov 03 14:10:21 ovpn-server[1335]: peer info: iV_PLAT=win
Nov 03 14:10:21 ovpn-server[1335]: peer info: iV_TCPNL=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: iV_MTU=1600
Nov 03 14:10:21 ovpn-server[1335]: peer info: iV_NCP=2
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_PROTO=990
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_LZ4=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_LZ4v2=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_LZO=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_COMP_STUB=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_COMP_STUBv2=1
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_HWADDR=
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_SSL=OpenSSL_3.3.1_4_Jun_2024
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_PLAT_VER=10.0,_amd64_executable
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_GUI_VER=OpenVPN_GUI_11.50.0.0
Nov 03 14:10:21 ovpn-server[1335]: peer info: IV_SSO=openurl,webauth,crtext

To Reproduce
Set "push-peer-info" in a .ovpn client config with Tunnelblick on macOS.

Expected behavior
Also sending IV_PLAT_VER, maybe with kernel version or in the best case directly with the macOS version.

Version information (please complete the following information):

  • OS: macOS 12
  • OpenVPN version: 2.6.12

Additional context
Since commit 960524a it seems that it should be possible for other platforms than windows to send this since 2016:

In the reference manual its written that[0]:

The version of the operating system, e.g. 6.1 for Windows 7. This may be set by the client UI/GUI using --setenv. On Windows systems it is automatically determined by openvpn itself

[0]https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/
@cron2
Copy link
Contributor

cron2 commented Nov 3, 2024

Can you test the patch in http://gerrit.openvpn.net/c/openvpn/+/793 and see if this is useful for you? It sends uname().release which is (mostly) the kernel version - uname().version is a very long blurb on macOS, which we try to avoid in IV_ variables.

cron2 added a commit that referenced this issue Nov 6, 2024
@cron2
send uname() release as IV_PLAT_VER= on non-windows versions
f104d00 
This is highly system specific, as the content of the uname()
structure elements is not specified very well - uname(3) says:

      release       Release level of the operating system

which translates to "IV_PLAT_VER=13.3-RELEASE-p6" (FreeBSD) or
"IV_PLAT_VER=22.6.0" (macOS) - the latter being the "Mach Kernel
version", not what Apple calls the OS.

It's still useful if a server operator needs to keep track of
client versions (and the GUI does not set the corresponding
environment variable, which neither Tunnelblick nor NM do).

v2: manpage amendments
v3: whitespace
v4: reword manpage

Github: #637

Change-Id: Id2b0c5a517f02e5c219fea2ae3ef2bdef7690169
Signed-off-by: Gert Doering <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg29699.html
Signed-off-by: Gert Doering <[email protected]>
(cherry picked from commit d5b4713)
cron2 added a commit that referenced this issue Nov 6, 2024
@cron2
send uname() release as IV_PLAT_VER= on non-windows versions
d5b4713 
This is highly system specific, as the content of the uname()
structure elements is not specified very well - uname(3) says:

      release       Release level of the operating system

which translates to "IV_PLAT_VER=13.3-RELEASE-p6" (FreeBSD) or
"IV_PLAT_VER=22.6.0" (macOS) - the latter being the "Mach Kernel
version", not what Apple calls the OS.

It's still useful if a server operator needs to keep track of
client versions (and the GUI does not set the corresponding
environment variable, which neither Tunnelblick nor NM do).

v2: manpage amendments
v3: whitespace
v4: reword manpage

Github: #637

Change-Id: Id2b0c5a517f02e5c219fea2ae3ef2bdef7690169
Signed-off-by: Gert Doering <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg29699.html
Signed-off-by: Gert Doering <[email protected]>
@gordon-shumway-net
Copy link
Author

Hey,

that works great, thank you for your work.
IV_PLAT_VER=21.6.0 is now visible on server side.

Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_VER=2.6.12
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_PLAT=mac
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_TCPNL=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_MTU=1600
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_NCP=2
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_PROTO=990
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_LZ4=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_LZ4v2=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_LZO=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_COMP_STUB=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_COMP_STUBv2=1
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_HWADDR=
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_SSL=OpenSSL_3.0.14_4_Jun_2024
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_PLAT_VER=21.6.0
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_6130_6.0beta09__build_6130)_Unsigned"
Nov 06 13:18:25 ovpn-server[1482]: peer info: IV_SSO=webauth

I'm gonna test this on Linux as well but for now I think this issue can be closed. (:

@cron2
Copy link
Contributor

cron2 commented Nov 6, 2024

Thanks for testing and confirming that this is useful for you ;-) - as this is a mini-feature I decided to include it in 2.6, so it will be part of 2.6.13 whenever we release that ("upcoming weeks to months, depending on things we find that should be released").

@cron2 cron2 closed this as completed Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cron2 @gordon-shumway-net