Support for OpenVPN 3

This adds optional support for using OpenVPN3 client
as an alternative to openvpn2.

Just replacing one client with another will not work:

 - OpenVPN3 doesn't use interactive service, it uses
"agent" service with completely different protocol. OpenVPN GUI
needs to talk to agent using HTTP and JSON.

 - OpenVPN3 management interface realtime notifications must be
explicitly turned on in order for GUI to work.

To enable using openvpn3:

 - use any of *-ovpn3 presets (cmake build system)

 - ./configure --enable-ovpn3 (mingw)

To switch betweet openvpn2 and openvpn3, see "OpenVPN Engine"
radiobutton group in Settings -> Advanced dialog.

Management interface - enabled OpenVPN3 client will be added soon
to openvpn3 repo (along with existing "cli" test client). Also agent
service will be opensourced in near future.

Co-authored-by: Christopher Ng <[email protected]>
Signed-off-by: Christopher Ng <[email protected]>
Signed-off-by: Lev Stipakov <[email protected]>

.github/workflows/msbuild.yml

@@ -8,12 +8,19 @@ jobs:
       matrix:
         arch: [x86, x64, arm64]
         ossl: [ossl1.1.1, ossl3]
+        ovpn3:
+          - preset: ""
+            name: ""
+            upload_name: ""
+          - preset: -ovpn3
+            name: " - ovpn3"
+            upload_name: "_ovpn3"
 
     env:
       # Indicates the location of the vcpkg as a Git submodule of the project repository.
       VCPKG_ROOT: ${{ github.workspace }}/vcpkg
 
-    name: 'msvc - ${{matrix.arch}} - ${{ matrix.ossl }}'
+    name: 'msvc - ${{matrix.arch}} - ${{ matrix.ossl }}${{ matrix.ovpn3.name }}'
     runs-on: windows-2019
     steps:
     - uses: actions/checkout@v2
@@ -28,15 +35,15 @@ jobs:
     - name: Run CMake consuming CMakePreset.json and vcpkg.json by mean of vcpkg.
       uses: lukka/run-cmake@v10
       with:
-        configurePreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}'
-        buildPreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}'
+        configurePreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}'
+        buildPreset: '${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}'
 
     - uses: actions/upload-artifact@v3
       with:
-        name: openvpn-gui_${{ matrix.arch }}_${{ matrix.ossl }}
+        name: openvpn-gui_${{ matrix.arch }}_${{ matrix.ossl }}${{ matrix.ovpn3.upload_name }}
         path: |
-          out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}/*.dll
-          out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}/*.exe
+          out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}/*.dll
+          out/build/${{ matrix.arch }}-release-${{ matrix.ossl }}${{ matrix.ovpn3.preset }}/*.exe
 
   mingw:
     strategy:

CMakeLists.txt

@@ -1,3 +1,5 @@
+option(CLI_OVPN3 "Build ${PROJECT_NAME} with OpenVPN3 support" OFF)
+
 cmake_minimum_required(VERSION 3.10)
 
 if(NOT VCPKG_MANIFEST_DIR)
@@ -32,7 +34,7 @@ find_package(OpenSSL REQUIRED)
 
 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -DDEBUG")
 
-target_link_libraries(${PROJECT_NAME}
+target_link_libraries(${PROJECT_NAME} PRIVATE
     OpenSSL::SSL
     Wtsapi32.lib
     Netapi32.lib
@@ -71,6 +73,16 @@ target_compile_definitions(${PROJECT_NAME} PRIVATE
     WIN32_LEAN_AND_MEAN
     HAVE_CONFIG_H)
 
+if (${CLI_OVPN3})
+    find_package(json-c REQUIRED)
+
+    target_link_libraries(${PROJECT_NAME} PRIVATE
+        json-c::json-c)
+
+    target_compile_definitions(${PROJECT_NAME} PRIVATE
+        ENABLE_OVPN3)
+endif ()
+
 if(MSVC)
     # work around msvc generator Debug/Release directory ugliness, doesn't apply for Ninja
     set_target_properties(${PROJECT_NAME} PROPERTIES

CMakePresets.json

@@ -63,6 +63,13 @@
                 "CMAKE_BUILD_TYPE": "Release"
             }
         },
+        {
+            "name": "ovpn3",
+            "hidden": true,
+            "cacheVariables": {
+                "CLI_OVPN3": "ON"
+            }
+        },
         {
             "name": "x64-debug-ossl3",
             "inherits": [ "base", "ossl3", "x64", "debug" ]
@@ -110,6 +117,54 @@
         {
             "name": "x86-release-ossl1.1.1",
             "inherits": [ "base", "ossl1.1.1", "x86", "release" ]
+        },
+        {
+            "name": "x64-debug-ossl3-ovpn3",
+            "inherits": [ "x64-debug-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "x64-debug-ossl1.1.1-ovpn3",
+            "inherits": [ "x64-debug-ossl1.1.1", "ovpn3" ]
+        },
+        {
+            "name": "arm64-debug-ossl3-ovpn3",
+            "inherits": [ "arm64-debug-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "arm64-debug-ossl1.1.1-ovpn3",
+            "inherits": [ "arm64-debug-ossl1.1.1", "ovpn3" ]
+        },
+        {
+            "name": "x86-debug-ossl3-ovpn3",
+            "inherits": [ "x86-debug-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "x86-debug-ossl1.1.1-ovpn3",
+            "inherits": [ "x86-debug-ossl1.1.1", "ovpn3" ]
+        },
+        {
+            "name": "x64-release-ossl3-ovpn3",
+            "inherits": [ "x64-release-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "x64-release-ossl1.1.1-ovpn3",
+            "inherits": [ "x64-release-ossl1.1.1", "ovpn3" ]
+        },
+        {
+            "name": "arm64-release-ossl3-ovpn3",
+            "inherits": [ "arm64-release-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "arm64-release-ossl1.1.1-ovpn3",
+            "inherits": [ "arm64-release-ossl1.1.1", "ovpn3" ]
+        },
+        {
+            "name": "x86-release-ossl3-ovpn3",
+            "inherits": [ "x86-release-ossl3", "ovpn3" ]
+        },
+        {
+            "name": "x86-release-ossl1.1.1-ovpn3",
+            "inherits": [ "x86-release-ossl1.1.1", "ovpn3" ]
         }
     ],
     "buildPresets": [
@@ -172,6 +227,67 @@
             "name": "arm64-debug-ossl1.1.1",
             "configurePreset": "arm64-debug-ossl1.1.1",
             "configuration": "Debug"
+        },
+
+        {
+            "name": "x64-release-ossl3-ovpn3",
+            "configurePreset": "x64-release-ossl3-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "x64-release-ossl1.1.1-ovpn3",
+            "configurePreset": "x64-release-ossl1.1.1-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "x86-release-ossl3-ovpn3",
+            "configurePreset": "x86-release-ossl3-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "x86-release-ossl1.1.1-ovpn3",
+            "configurePreset": "x86-release-ossl1.1.1-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "arm64-release-ossl3-ovpn3",
+            "configurePreset": "arm64-release-ossl3-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "arm64-release-ossl1.1.1-ovpn3",
+            "configurePreset": "arm64-release-ossl1.1.1-ovpn3",
+            "configuration": "Release"
+        },
+        {
+            "name": "x64-debug-ossl3-ovpn3",
+            "configurePreset": "x64-debug-ossl3-ovpn3",
+            "configuration": "Debug"
+        },
+        {
+            "name": "x64-debug-ossl1.1.1-ovpn3",
+            "configurePreset": "x64-debug-ossl1.1.1-ovpn3",
+            "configuration": "Debug"
+        },
+        {
+            "name": "x86-debug-ossl3-ovpn3",
+            "configurePreset": "x86-debug-ossl3-ovpn3",
+            "configuration": "Debug"
+        },
+        {
+            "name": "x86-debug-ossl1.1.1-ovpn3",
+            "configurePreset": "x86-debug-ossl1.1.1-ovpn3",
+            "configuration": "Debug"
+        },
+        {
+            "name": "arm64-debug-ossl3-ovpn3",
+            "configurePreset": "arm64-debug-ossl3-ovpn3",
+            "configuration": "Debug"
+        },
+        {
+            "name": "arm64-debug-ossl1.1.1-ovpn3",
+            "configurePreset": "arm64-debug-ossl1.1.1-ovpn3",
+            "configuration": "Debug"
         }
     ]
 }

Makefile.am

@@ -38,7 +38,7 @@ dist_doc_DATA = \
 	COPYRIGHT.GPL \
 	COPYING
 
-AM_CPPFLAGS = $(OPENSSL_CRYPTO_CFLAGS) -D_UNICODE
+AM_CPPFLAGS = $(OPENSSL_CRYPTO_CFLAGS) -D_UNICODE $(JSON_CFLAGS)
 AM_CFLAGS = -municode
 
 openvpn_gui_RESOURCES = \
@@ -110,7 +110,8 @@ openvpn_gui_LDADD = \
 	-lole32 \
 	-lshlwapi \
 	-lsecur32 \
-	-lwininet
+	-lwininet \
+	$(JSON_LIBS)
 
 openvpn-gui-res.o: $(openvpn_gui_RESOURCES) $(srcdir)/openvpn-gui-res.h
 	$(RCCOMPILE) -i $< -o $@

configure.ac

@@ -49,6 +49,15 @@ AC_ARG_ENABLE(
 	[enable_password_change="yes"]
 )
 
+AC_ARG_ENABLE(
+	[ovpn3],
+	[AS_HELP_STRING([--enable-ovpn3], [enable openvpn3 agent and client @<:@default=no@:>@])],
+	[
+		AC_DEFINE([ENABLE_OVPN3], 1, [Use openvpn3 agent instead of interactive service])
+		PKG_CHECK_MODULES([JSON], [json-c])
+	]
+)
+
 case "$host" in
 	*-mingw*)
 		CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"

manage.c

@@ -271,6 +271,13 @@ OnManagement(SOCKET sk, LPARAM lParam)
             {
                 ManagementCommand(c, c->manage.password, NULL, regular);
                 *c->manage.password = '\0';
+
+                if (o.ovpn_engine == OPENVPN_ENGINE_OVPN3)
+                {
+                    ManagementCommand(c, "log on all", NULL, regular);
+                    ManagementCommand(c, "state on all", NULL, regular);
+                }
+
                 continue;
             }
 

openvpn-gui-res.h

@@ -137,6 +137,9 @@
 #define ID_EDT_MGMT_PORT                 285
 #define ID_TXT_FOLDER1                   286
 #define ID_EDT_POPUP_MUTE                287
+#define ID_RB_ENGINE_SELECTION           288
+#define ID_RB_ENGINE_OVPN2               289
+#define ID_RB_ENGINE_OVPN3               290
 
 /* Connections dialog */
 #define ID_DLG_CONNECTIONS               290