Public TODO list (11 matches)


Show under each result:

Status: accepted (1 match)

Ticket Priority Owner Created Summary Modified
#23 minor samuli 6 years Integrate code security analysis tools into Buildbot 9 months

In the IRC meeting on 22nd Apr 2010 it was agreed that all patches should be checked with (security) auditing tools such as Valgrind and Coverity. These tools need to be integrated into our Continuous integration server app, Buildbot.

Status: assigned (4 matches)

Ticket Priority Owner Created Summary Modified
#269 major cron2 3 years Port SVN r8219 ("Minor fix to process_ipv4_header") to Git master 9 months
#272 major cron2 3 years Port SVN r8126 ("Added remote-override option") to Git master 9 months
#611 major samuli 5 months VyprVPN violates GPL 4 weeks

VyprVPN client bundle provides modified OpenVPN binary based on 2.3.4 version and modified TAP adapter driver based on NDIS5 version. There are no source codes on their website and support answered for the question where can I get source code that "Support does not have that information to provide". Here is client bundle for Windows. After installation, you'll get TAP adapter called "TAP-VyprVPN Adapter V9". OpenVPN is modified to work with this custom adapter version.

#22 minor ecrist 6 years Establish a developer bounty system 9 months

Many OSS projects have a developer bounty system and we should have one, too. More details are available on the Bounty wiki page.

Status: new (6 matches)

Ticket Priority Owner Created Summary Modified
#597 critical samuli 6 months Integrate NSSM into OpenVPN 3 months

The OpenVPN service wrapper for Windows (openvpnserv.exe) is rapidly disintegrating as new Windows versions are released. On Windows 7 it works adequately, but on Windows 8.x and 10 it seems to be broken. There are currently several bug reports related to openvpnserv.exe (e.g. #110, #129, #591, #71).

Instead of improving and fixing openvpnserv.exe we've decided to replace it with a more robust service manager, NSSM. It is already possible to use NSSM with OpenVPN, but the manual configuration steps are too difficult for most "normal" users. Although NSSM has a configuration GUI, it is too generic and thus too complex for our simple use-case of "enabling and disabling OpenVPN connections", where almost all configuration parameter can be deduced and/or hardcoded.

This task consists of two parts:

  1. Write a simplified NSSM configuration GUI tailored for OpenVPN
  2. Integrate the configuration GUI with OpenVPN installers (in openvpn-gui project)

The configuration GUI has some constraints:

  1. Must not increase OpenVPN installer size significantly
    • Rules out most external frameworks/languages such as Python, Perl and Qt.
  2. Must be reasonably fast
    • Rules out PowerShell ShowUI, as importing the ShowUI module takes ages. Documentation on this framework is also very poor, and knowledge of WPF is assumed.
  3. Must have permissions to modify the system
    • Rules out local web applications that don't use ActiveX controls.
  4. All components must bev redistributable
    • Rules out (commercial) frameworks which are not under an open source / public domain license.

In practice C# + WPF seems to be the only reasonable way forward. As most of the GUI is generated programmatically there's no need for a separate GUI definition (XAML) file.

The code for the NSSM configuration GUI for OpenVPN will be hosted here.

#615 major 4 months Test IPv6 over IPv6 4 months

This is a testing task for those who might be interested in helping out. The description below is taken from Gert's email.

On Fri, Sep 25, 2015 at 03:01:01PM +0300, Samuli Seppänen wrote:
> We'd need some help build-testing a patched[*] OpenVPN version with 
> Cygwin and Visual Studio:
> <>
> This tree already builds fine on mingw_w64 which is enough for doing the 
> official builds.

Heiko tested on Cygwin, Lev made it work on MSVC2013 (and the necessary
changes for that have been merged).

So, now this needs people to actually run IPv6-over-IPv6 to *use* the
functionality and report whether it breaks in their setup.

What you need: IPv6 connectivity between OpenVPN client and server, and
IPv6 routing *into* the tunnel, with a route that overlaps the IPv6 address
of the server - either using "redirect-gateway ipv6", or pushing things
like "route-ipv6 2000::/3" with a server inside 2000::/3...  if you do
this, you should see something like this in the log:

Tue Oct  6 13:28:57 2015 GDG6: remote_host_ipv6=2607:fc50:1001:5200::4
Tue Oct  6 13:28:57 2015 ROUTE6_GATEWAY 2001:608:4::1 IFACE=eth0
Tue Oct  6 13:28:57 2015 ROUTE6: 2607:fc50:1001::/48 overlaps IPv6 remote
 2607:fc50:1001:5200::4, adding host route to VPN endpoint
Tue Oct  6 13:28:57 2015 add_route_ipv6(2607:fc50:1001:5200::4/128 -> 2001:608:4::1
 metric 1) dev eth0
Tue Oct  6 13:28:57 2015 /bin/route -A inet6 add 2607:fc50:1001:5200::4/128 dev eth0 gw 
2001:608:4::1 metric 1

the first line is "this is the IPv6 address of the VPN server", the
"ROUTE6_GATEWAY" line is "this is the gateway and interface we have
discovered!".  The "overlap" notice means the feature will actually
kick in - it won't, if you have no overlapping routes into the tunnel,
or connect over IPv4 - and the last two lines are the installing of
the /128 host route, which better should work as well 

I tested this for 6 scenarios on 9 (!) platforms, so I'm reasonably sure
it works for the common case - but there will be unexpected cases...

#636 major 2 months Add IPv6 Support to packet filter (please) 2 months

Note: Using packet filter plugin from

Adding IPv6 networks to a working OpenVPN IPv6(data) server client packet filter file:


Causes this error when reading the client packet filter file:

Mon Dec  7 20:56:18 2015 us=370154 client1/ PF: server/temp/openvpn_pf_624c22373430d537c902b6dc0c8ecc87.tmp/4: bad '/n' subnet specifier: must be between 0 and 32: '64'
Mon Dec  7 20:56:18 2015 us=370207 client/ PF: server/temp/openvpn_pf_624c22373430d537c902b6dc0c8ecc87.tmp rejected due to 1 error(s)

My extremely limited knowledge of C has bought me to this (pf.c - line 107):

msg (D_PF_INFO, "PF: %s/%d: bad '/n' subnet specifier: must be between 0 and 32: '%s'", prefix, line_num, div);


#2 minor 6 years Improve TCP-over-TCP performance 2 years

Tunneling TCP over TCP without performance penalty is difficult. However, nothing is stopping us from trying.

#25 minor reg9009 6 years Check if state/instance synchronization between OpenVPN instances is doable in 2.x series 9 months

As discussed in IRC meeting on 3rd June 2010 having state/instance synchronization between OpenVPN instances should be doable. This would enable transparent failover configuration, similar to what OpenBSD has with IPSec.

However, more research is needed to determine whether 2.x series is up for the job, or if we should postpone implementation to OpenVPN 3.0.

#559 trivial 8 months Docs/external-links: dead link 8 months

This page:

This link Installing and Securing VoIP with Linux by Champ Clark III & Bruce M. Wink

Website and link is no longer available.

Note: See TracQuery for help on using queries.