Public TODO list (7 matches)


Show under each result:

Status: accepted (1 match)

Ticket Priority Owner Created Summary Modified
#23 minor samuli 6 years Integrate code security analysis tools into Buildbot 2 months

In the IRC meeting on 22nd Apr 2010 it was agreed that all patches should be checked with (security) auditing tools such as Valgrind and Coverity. These tools need to be integrated into our Continuous integration server app, Buildbot.

Status: assigned (3 matches)

Ticket Priority Owner Created Summary Modified
#269 major cron2 4 years Port SVN r8219 ("Minor fix to process_ipv4_header") to Git master 17 months
#611 major samuli 13 months VyprVPN violates GPL 9 months

VyprVPN client bundle provides modified OpenVPN binary based on 2.3.4 version and modified TAP adapter driver based on NDIS5 version. There are no source codes on their website and support answered for the question where can I get source code that "Support does not have that information to provide". Here is client bundle for Windows. After installation, you'll get TAP adapter called "TAP-VyprVPN Adapter V9". OpenVPN is modified to work with this custom adapter version.

#22 minor ecrist 6 years Establish a developer bounty system 17 months

Many OSS projects have a developer bounty system and we should have one, too. More details are available on the Bounty wiki page.

Status: new (3 matches)

Ticket Priority Owner Created Summary Modified
#615 major 13 months Test IPv6 over IPv6 13 months

This is a testing task for those who might be interested in helping out. The description below is taken from Gert's email.

On Fri, Sep 25, 2015 at 03:01:01PM +0300, Samuli Seppänen wrote:
> We'd need some help build-testing a patched[*] OpenVPN version with 
> Cygwin and Visual Studio:
> <>
> This tree already builds fine on mingw_w64 which is enough for doing the 
> official builds.

Heiko tested on Cygwin, Lev made it work on MSVC2013 (and the necessary
changes for that have been merged).

So, now this needs people to actually run IPv6-over-IPv6 to *use* the
functionality and report whether it breaks in their setup.

What you need: IPv6 connectivity between OpenVPN client and server, and
IPv6 routing *into* the tunnel, with a route that overlaps the IPv6 address
of the server - either using "redirect-gateway ipv6", or pushing things
like "route-ipv6 2000::/3" with a server inside 2000::/3...  if you do
this, you should see something like this in the log:

Tue Oct  6 13:28:57 2015 GDG6: remote_host_ipv6=2607:fc50:1001:5200::4
Tue Oct  6 13:28:57 2015 ROUTE6_GATEWAY 2001:608:4::1 IFACE=eth0
Tue Oct  6 13:28:57 2015 ROUTE6: 2607:fc50:1001::/48 overlaps IPv6 remote
 2607:fc50:1001:5200::4, adding host route to VPN endpoint
Tue Oct  6 13:28:57 2015 add_route_ipv6(2607:fc50:1001:5200::4/128 -> 2001:608:4::1
 metric 1) dev eth0
Tue Oct  6 13:28:57 2015 /bin/route -A inet6 add 2607:fc50:1001:5200::4/128 dev eth0 gw 
2001:608:4::1 metric 1

the first line is "this is the IPv6 address of the VPN server", the
"ROUTE6_GATEWAY" line is "this is the gateway and interface we have
discovered!".  The "overlap" notice means the feature will actually
kick in - it won't, if you have no overlapping routes into the tunnel,
or connect over IPv4 - and the last two lines are the installing of
the /128 host route, which better should work as well 

I tested this for 6 scenarios on 9 (!) platforms, so I'm reasonably sure
it works for the common case - but there will be unexpected cases...

#636 major 11 months Add IPv6 Support to packet filter (please) 11 months

Note: Using packet filter plugin from

Adding IPv6 networks to a working OpenVPN IPv6(data) server client packet filter file:


Causes this error when reading the client packet filter file:

Mon Dec  7 20:56:18 2015 us=370154 client1/ PF: server/temp/openvpn_pf_624c22373430d537c902b6dc0c8ecc87.tmp/4: bad '/n' subnet specifier: must be between 0 and 32: '64'
Mon Dec  7 20:56:18 2015 us=370207 client/ PF: server/temp/openvpn_pf_624c22373430d537c902b6dc0c8ecc87.tmp rejected due to 1 error(s)

My extremely limited knowledge of C has bought me to this (pf.c - line 107):

msg (D_PF_INFO, "PF: %s/%d: bad '/n' subnet specifier: must be between 0 and 32: '%s'", prefix, line_num, div);


#25 minor reg9009 6 years Check if state/instance synchronization between OpenVPN instances is doable in 2.x series 17 months

As discussed in IRC meeting on 3rd June 2010 having state/instance synchronization between OpenVPN instances should be doable. This would enable transparent failover configuration, similar to what OpenBSD has with IPSec.

However, more research is needed to determine whether 2.x series is up for the job, or if we should postpone implementation to OpenVPN 3.0.

Note: See TracQuery for help on using queries.