Context Navigation

Basic info

New: openvpn 2.6.10 release
There are some Windows related issues to be resolved in this release.
Tentatively planned for end of next week.

Updated: server-side testing status and next meeting
- mattock has created a PoC of --dev null "does a client connect" check
  - client config has "--dev null" and "ifconfig-noexec"
    - uses an "up" script to stop the parent (openvpn) process gracefully soon after connection initialization
    - the "up" script almost certainly includes some Linux-specifisms
    - example usage:
      - openvpn --config client.conf |grep "Initialization Sequence Completed"
    - integration with "make check", buildbot, etc. is still missing
    - next steps:
      - integrate the PoC with "make check"
      - make the script portable
      - buildbot integration (if required separately)
  We want to continue on this topic once a bit more progress has been made.

Updated: forums topics
A new forum is under construction. But already spammers have found it.
Suggestion is to give openvpn_inc user novaflash and Pippin_ full admin rights so they can help find a solution and help maintain the forums.
To be discussed with ecrist.
Layout and categories look ok?
Access for Mod to delete users that put spam url in profile and never post a message, currently I cannot discover a way to delete those(1)
Related to above, Access for Mod to edit user profiles (asks for AdminCP password)(1)
Mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)
Access for mods to logs so one can see what others did
Email confirmation on register?
Forgot password or user name? and Contact?
Considering some existing platform to do discussions next to forum?
(1) May not be necessary if enough admin available

Updated: website release process
Finally they have come up with a solution that they will run by novaflash this week.

New: breaking DCO changes, how to approach?
This topic appeared but we do not have details on what this entails exactly.
Perhaps ordex can provide details on what this is about, so we can have a meaningful discussion.

Updated: Status of SBOM
There was a discussion between MaxF and djpig and others.
For OpenVPN2 / OpenVPN-NL, there is not much overlap, as OpenVPN2 doesn't ship much in terms of libraries, but OpenVPN-NL does.
The interesting use-case for an SBOM is really the OpenVPN Windows GUI client.

Updated: Debian and Ubuntu snapshot packages and buildbot
- Cloudfront + S3 + aptly PoC is complete and seems to work fine
- Cloudfront caches need to be invalidated when new packages are added or removed, or the apt repository will end up in an inconsistent state almost immediately
- If we use swupdate.openvpn.net to publish the snapshots we will have to deal with cloudfront + cloudflare.
- We can choose to just publish snapshots on build.openvpn.net. This seems the preferred option.
- Alternatively a new S3 bucket + cloudfront can be done. Whatever people like best.
- Buildbot integration is missing, but should be fairly straightforward
- This will probably have to wait until "--dev null" is done

status of trac/wiki
No progress since last meeting.
This will probably have to wait until "--dev null" is done
Should have access controls so only approved members can edit.

Security mailing list procedure can stand improvement
To be discussed in more detail later.

community funding
ordex has an initiative he wants to bring up regarding dev resources to be added to community.
This may tie into the donations topic.
In short ordex convinced OTF (Open Tech Fund) to provide a "test FOSS funding scheme" to OpenVPN.
This would for example allow to pay for allocated hours for mattock and cron2 to work on OpenVPN community tasks.
This is to be worked out more and in collaboration between OpenVPN Community, OpenVPN Inc., and OTF.

Tunnelcrack progress TunnelCrack community wiki article
Current status: when mitigations start appearing we will mention them in meeting notes.

OpenVPN community meetup 2024
Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it, as we want to encourage developers and those interested in contributing to feel welcome.
Where: Karlsruhe, Germany. It is a relatively central location in Europe and is fairly easily reachable by train. A meeting location is yet to be arranged.
When: At the moment tentatively set to 20-22 September 2024.
Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest.
Shirts: There is plenty of time still to prepare a shirt design.

Static-key mini how-to is outdated.
This page is outdated badly: https://openvpn.net/community-resources/static-key-mini-howto/
company will send this to tech writer to redo based on https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/example-fingerprint.rst info
and also retain a link to that github doc.
having a simple guide online will help adoption

OpenVPN 2.6 performance results.
tests should cover: gre, ipsec, userland, dco
linux, freebsd, windows
requires time to be dedicated to doing this, when time available will do it

What's going on with new taskbar icons?
matt provided icons in https://github.com/OpenVPN/openvpn-gui/issues/595
last update: will be picked up by selva when he has time

software code signing topic
company switched EV code signing to cloudhsm, this is same cert type we use for driver signing, is also suitable for binary signing.
in future we could possibly switch community to that same key. saves having to maintain 2 different keys.
depends on how hard/easy it is to access company key signing thingee from community infrastructure.
also no high priority at the moment, we have a working solution now.

Management interface documentation on main website will be updated with info from doc/management-notes.txt
novaflash will pick this up at some point

Last modified 2 months ago Last modified on 03/06/24 15:24:52