OpenVPN Hackathon 2016
This year's hackathon is organized by Lev Stipakov (lev).
We will stick to the format of the previous years, which means attendance is in pinciple limited to "active developers that are also regularily contributing to #openvpn-devel or the mailing list". We should have enough space in the meeting room for ~10 devs.
who is coming?
|Lev Stipakov||-||Wed||Sun||Holiday Inn|
|David Sommerseth||query-user, systemd, d-bus, auth-token, fips||Thu Sept 15, 15:40 (Finnair 656)||Mon Sept 19, 12:15 (Finnair 655)||Radisson Blu Seaside Hotel (Ruoholahdenranta 3)|
|Arne Schwabe||MTU problems||Thu Sept 15, 15:10 AY0704||Staying a bit longer to explore Helsinki|
|Steffan Karger||tls-crypt, user-specific tls-auth||Fri 13:20 (KLM1167)||Sun 18:15 (KLM1170)||Holiday Inn|
|Gert Döring||2.4, testing||Fri 12:40 (LH2462)||Sun 19:25 (LH2465)||Holiday Inn|
| ||...|| || || |
|Samuli Seppänen||OpenVPN 3.x||Thu 16:23 (train)||Mon||-|
|James Yonan||Thu||Mon||Holiday Inn|
|Heiko Hund||Thu.||Mon.||Scandic Grand Marina|
The meeting is held at the office of F-Secure: Tammasaarenkatu 7, Helsinki, Finland. You will be given a temporary ID card at the front desk.
Both Holiday Inn hotel and our office are easily reachable by public transport - there is a metro station Ruoholahti a few hundred meters away. From the Helsinki Vantaa Airport you could take a train to Helsinki Central Railway Station (Rautatientori) and from there 2 metro stops to Ruoholahti.
If you have any questions - please contact Lev at +358 40 0453610.
The hackathon will take place from Sep 16 (Friday), 2016 to Sep 18 (Sunday).
So what is the goal of the Hackathon?
- Introduce a IV_PROTO=3 and remove -master only but alwyas there IV_xx? (every compression also as V2 version, IV_RGI6, IV_TCPNL (when implemeted before 2.4))
- meet in person, talk about things
- future development of 2.x and 3.x
- hack on the 2.4 codebase - there's a number of "large" things we could try to tackle
- support for negotiable ciphers and "null-compression"
- support for control channel encryption ('tls-crypt') and user-specific tls-auth ('tls-cookie')
- how to handle servers with v4+v6 addresses and roaming clients (3G/wifi) that roam from between various brokenness variants, like "from v6+NAT64 3G to native v6 Wifi" or "to v4-only Wifi", etc.
quick feedback discussion on D-Bus Proof of Concept FIPS mode - is that something we need to consider? Trac ticket #725
- Go through the list of pending patches and ACK/NACK them or assign person to review them
- work on open trac issues
- lots of things to review and bugs to fix
- OpenVPN 3
Adapt the Developer Certificate of Origin so that the code can be relicensed This is required at least for Apple Appstore, whose terms and conditions conflict with those in OpenVPN 3's AGPLv3 license contributors agreement (CLA) for OpenVPN 3
- Release the tap-windows6 header file additionally under the MIT license
- This originated from Thermi of the Freeswan project
- It was agreed that this is a reasonable request
We're all open for additions here - I think the meetings in Brussels (2011+2012), Munich (2013+2014) and Delft (2015) have shown that "just being able to sit together and hack" is a useful excercise.
Free Wifi is available.
Probably the closest hotel is Holiday Inn Ruoholahti.
- OpenVPN 3
- Released to GitHub (https://github.com/OpenVPN/openvpn3)
- Contributor Agreement. Discussed a draft for a contributor agreement to the OpenVPN 3 code base. It is based on the DCO which is used by the Linux kernel as well as several other projects, but it has an extension to allow OpenVPN Technologies to re-license contributions, but also includes a promise that OpenVPN Technologies, Inc will share any changes to said contributions. Dazo will reach out to some contacts with legal expertise so OpenVPN Technologies can get a proper legal review on this agreement.
- OpenVPN 3 walk through - James did a couple of sessions walking through parts of the OpenVPN 3 code base.
- OpenVPN 2.4
- A semi-automated Windows test script was created. This will give us more confidence in the Windows code before making the alpha1 release.
- Discussed adding server-side support to OpenVPN 3. Even though OpenVPN 3 codebase would be much easier to work with that OpenVPN 2's codebase, adding server support would be a significant effort.
- FIPS mode ... Steffan will look into this and further look at how we also can remove MD5 dependencies all together. Challenge is how to avoid breaking clients not supporting PRF processes not using MD5
- Many Trac tickets were resolved or closed
- Buildbot setup was improved significantly, with the addition of a MacOS X buildslave and general fixes and cleanups. That said, many buildslaves require exceptions in various parts, so further refactoring and cleanup might be in order.
- D-Bus integration in OpenVPN 2.x and 3.x
- cron2: "Resistance is futile".
- This adds interesting possibilities and it makes sense for OpenVPN 3 code base. However, there are concerns about the complexity of adding it to the current OpenVPN 2 code base. There are also some concerns that this will primarily be used on Linux only, as many *BSD installs do not install D-Bus packages.
- Next year hackathon's
- We discussed the location. One option would be Karlruhe in Germany, as Sophos has an office there and Heiko works there. Another option would be to meet in the United States; cost-vise areas near the major airports with direct flights from Europe (Chicago or New York) would be best.