[SOLVED] openvpn 2.7.1 and excalibur

grunchy · 2026-04-18 21:43:19

openvpn 2.7.1 is now available in ceres repo. i want to try out this new version on my excalibur desktop, but am unsure how to go about this.

first question: once version 2.7 makes it to freia will it ever be back-ported?

relatedly, is there a way to check which packages are in the process of being back-ported?

second question: is there a best-practice for adding a single package from testing to stable?

my initial thought is to download the .deb and install via dpkg -i, overwriting the installed openvpn files. i would prefer to keep the existing version, 2.6.14-1+deb13u1devuan, and have the version 2.7 openvpn as a second option. is that doable?

abower · 2026-04-18 22:07:48

The Freia version of openvpn is already backported to Excalibur-backports:

https://backports.debian.org/trixie-backports/overview/

To add the backports repository:

https://www.devuan.org/os/packages#add- … default-no

And to install the package:

https://dev1galaxy.org/viewtopic.php?pid=27079#p27079

ralph.ronnquist · 2026-04-18 22:30:51

You can setup your system to allow hand-picked packages from ceres, by a) pinning ceres packages to something less than 100 and then merely include ceres in your sources.

The pinning would be a file named, say, reluctant-ceres in /etc/apt/preferences.d/ with perhaps the foolwing content:

Package: *
Pin: release n=ceres
Pin-Priority: 90

Adding to sources could be, say, two lines in the file /etc/apt/sources.list with something like the following in it:

deb http://deb.devuan.org/merged ceres main
deb-src http://deb.devuan.org/merged ceres main

Following that preparation, you would first apt-get update and then selectively install by including the desired ceres version code, for example, for that openvpn, you may have:

apt-get install openvpn=2.7.1-1devuan1

The pinning will make it remain so that nothing gets installed from ceres "automatically", ever; including even updates of installed ceres packages. It must all be by hand. If the desired package requires a ceres version of something else, then apt will tell that and refuse installation.

Further, if you want to roll back a ceres package, you again install the package with the desired version code. Doing so will downgrade that package to the indicated version code. Always use apt-cache policy openvpn (or whichever package is concerned) to see which versions you, with your sources, have available for installation (or upgrade or downgrade).

hth, Ralph.

abower · 2026-04-19 06:19:29

But you should use backports rather than doing this. That said... the backport has NOT made it to Devuan:

https://pkginfo.devuan.org/cgi-bin/poli … n&x=submit

This is because it is a forked package - so some manual action is needed by a Devuan developer to fork the backport.

But to be honest I don't see why it needs to be forked. I think we should try building the unforked version and consider unforking it.

Edit: https://bugs.devuan.org/955

Last edited by abower (2026-04-19 09:29:47)

grunchy · 2026-04-19 18:29:30

thanks for the replies! will try both recommendations. marking as solved.

abower · 2026-04-20 05:27:11

Sorry, no need to try mine - I was wrong because forked package means the backport is not available in Devuan ywt.

grunchy · Yesterday 20:28:47

posting a follow-up for completeness.

i did not try installing from ceres as more than one package would be involved.

i was able to install the trixie-backports version, which worked! not sure why the devuan fork is needed.
note that i am using openvpn as a client NOT as a server, so maybe the result would be different when running as a server.

here are the details:

with the ceres version, apt wants to install 2 companion packages

/home/xyz> apt-get -s install openvpn=2.7.2-1devuan1                                               
NOTE: This is only a simulation!
      apt-get needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Solving dependencies... Error!
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 openvpn : Depends: libnl-3-200 (>= 3.11.0) but 3.7.0-2 is to be installed
           Depends: libnl-genl-3-200 (>= 3.11.0) but 3.7.0-2 is to be installed
E: Unable to correct problems, you have held broken packages.
E: The following information from --solver 3.0 may provide additional context:
   Unable to satisfy dependencies. Reached two conflicting decisions:
   1. libnl-3-200:amd64=3.12.0-2 is not selected for install
   2. libnl-3-200:amd64=3.12.0-2 is selected as an upgrade because:
      1. openvpn:amd64=2.7.2-1devuan1 is selected as an upgrade
      2. openvpn:amd64=2.7.2-1devuan1 Depends libnl-3-200 (>= 3.11.0)

adding those two packages would work, but i do not want to deal with more than one package

/home/xyz> apt-get -s install openvpn=2.7.2-1devuan1 libnl-3-200=3.12.0-2 libnl-genl-3-200=3.12.0-2
NOTE: This is only a simulation!
      apt-get needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  libnl-route-3-200 wpasupplicant
The following packages will be upgraded:
  libnl-3-200 libnl-genl-3-200 openvpn
3 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
Remv wpasupplicant [2:2.10-24]
Remv libnl-route-3-200 [3.7.0-2]
Inst libnl-genl-3-200 [3.7.0-2] (3.12.0-2 Devuan:1.0.0/unstable [amd64]) []
Inst libnl-3-200 [3.7.0-2] (3.12.0-2 Devuan:1.0.0/unstable [amd64])
Inst openvpn [2.7.1-1~bpo13+1] (2.7.2-1devuan1 Devuan:1.0.0/unstable [amd64])
Conf libnl-genl-3-200 (3.12.0-2 Devuan:1.0.0/unstable [amd64])
Conf libnl-3-200 (3.12.0-2 Devuan:1.0.0/unstable [amd64])
Conf openvpn (2.7.2-1devuan1 Devuan:1.0.0/unstable [amd64])

for the excalibur default, openvpn 2.6.14, ldd says this

/home/xyz> ldd /usr/sbin/openvpn
        linux-vdso.so.1 (0x00007884d4b96000)
        liblzo2.so.2 => /lib/x86_64-linux-gnu/liblzo2.so.2 (0x00007884d4a67000)
        liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007884d4a40000)
        libpkcs11-helper.so.1 => /lib/x86_64-linux-gnu/libpkcs11-helper.so.1 (0x00007884d4a1f000)
        libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007884d4911000)
        libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007884d42d6000)
        libnl-genl-3.so.200 => /lib/x86_64-linux-gnu/libnl-genl-3.so.200 (0x00007884d42cf000)
        libnl-3.so.200 => /lib/x86_64-linux-gnu/libnl-3.so.200 (0x00007884d42ac000)
        libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0 (0x00007884d42a4000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007884d40b0000)
        libxxhash.so.0 => /lib/x86_64-linux-gnu/libxxhash.so.0 (0x00007884d409d000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007884d407b000)
        libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007884d3fb1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007884d4b98000)

for trixie-backports, openvpn 2.7.1, ldd says this

/home/xyz> ldd /usr/sbin/openvpn
        linux-vdso.so.1 (0x00007654370a3000)
        libgtk3-nocsd.so.0 => /lib/x86_64-linux-gnu/libgtk3-nocsd.so.0 (0x0000765436f82000)
        libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0 (0x0000765436f7a000)
        libnl-genl-3.so.200 => /lib/x86_64-linux-gnu/libnl-genl-3.so.200 (0x0000765436f73000)
        libnl-3.so.200 => /lib/x86_64-linux-gnu/libnl-3.so.200 (0x0000765436f50000)
        liblzo2.so.2 => /lib/x86_64-linux-gnu/liblzo2.so.2 (0x0000765436f2a000)
        liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x0000765436f03000)
        libpkcs11-helper.so.1 => /lib/x86_64-linux-gnu/libpkcs11-helper.so.1 (0x0000765436ee2000)
        libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x0000765436dd4000)
        libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x000076543679b000)
        libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007654366d8000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007654364e2000)
        /lib64/ld-linux-x86-64.so.2 (0x00007654370a5000)
        libxxhash.so.0 => /lib/x86_64-linux-gnu/libxxhash.so.0 (0x00007654364cf000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007654364af000)
        libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007654363e5000)
        libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007654363d9000)

the extra libraries in the trixie-backports version are libcap.so.2, libgtk3-nocsd.so.0 and libsystemd.so.0.
i do not think the first two libs are what requires the devuan fork, but perhaps i am mistaken.
the reference to libsystemd does seem like it would be the reason for a devuan fork. however, on the
excalibur machine i'm using libsystemd IS present

/home/xyz> ls -l /lib/x86_64-linux-gnu/libsystemd.so.0 
lrwxrwxrwx 1 root root 15 Jan 21  2025 /lib/x86_64-linux-gnu/libsystemd.so.0 -> libelogind.so.0

i am curious to know what happens to this symlink when elogind is replaced by dummy-logind.
just guessing, but that symlink looks to be taking care of whatever openvpn wants from libsystemd.

the install of openvpn 2.7.1 from trixie-backports was successful, with no error reported

/home/xyz> sudo apt install /tmp/openvpn_2.7.1-1~bpo13+1_amd64.deb 

Note, selecting 'openvpn' instead of '/tmp/openvpn_2.7.1-1~bpo13+1_amd64.deb'
Upgrading:
  openvpn

Summary:
  Upgrading: 1, Installing: 0, Removing: 0, Not Upgrading: 0
  Download size: 0 B / 684 kB
  Space needed: 77.8 kB / 26.1 GB available

Get:1 /tmp/openvpn_2.7.1-1~bpo13+1_amd64.deb openvpn amd64 2.7.1-1~bpo13+1 [684 kB]
Reading changelogs... Done  
Preconfiguring packages ...
(Reading database ... 189146 files and directories currently installed.)
Preparing to unpack .../openvpn_2.7.1-1~bpo13+1_amd64.deb ...
Unpacking openvpn (2.7.1-1~bpo13+1) over (2.6.14-1+deb13u1devuan1) ...
Setting up openvpn (2.7.1-1~bpo13+1) ...
Installing new version of config file /etc/init.d/openvpn ...
Installing new version of config file /etc/network/if-down.d/openvpn ...
Installing new version of config file /etc/network/if-up.d/openvpn ...
Processing triggers for man-db (2.13.1-1) ...

and openvpn started-up in client mode without error

2026-04-25 23:52:12 OpenVPN 2.7.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2026-04-25 23:52:12 library versions: OpenSSL 3.5.5 27 Jan 2026, LZO 2.10
2026-04-25 23:52:12 DCO version: 6.19.11+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.19.11-1~bpo13+1 (2026-04-13)
<snip>
2026-04-25 23:52:13 chroot to '/tmp/ovc' and cd to '/' succeeded
2026-04-25 23:52:13 UID set to nobody
2026-04-25 23:52:13 GID set to nogroup
2026-04-25 23:52:13 Capabilities retained: CAP_NET_ADMIN
2026-04-25 23:52:13 Initialization Sequence Completed
2026-04-25 23:52:13 Data Channel: cipher 'AES-256-GCM', peer-id: 1
2026-04-25 23:52:13 Timers: ping 10, ping-restart 60

The officially official Devuan Forum!

#1 2026-04-18 21:43:19

[SOLVED] openvpn 2.7.1 and excalibur

#2 2026-04-18 22:07:48

Re: [SOLVED] openvpn 2.7.1 and excalibur

#3 2026-04-18 22:30:51

Re: [SOLVED] openvpn 2.7.1 and excalibur

#4 2026-04-19 06:19:29

Re: [SOLVED] openvpn 2.7.1 and excalibur

#5 2026-04-19 18:29:30

Re: [SOLVED] openvpn 2.7.1 and excalibur

#6 2026-04-20 05:27:11

Re: [SOLVED] openvpn 2.7.1 and excalibur

#7 Yesterday 20:28:47

Re: [SOLVED] openvpn 2.7.1 and excalibur

Board footer