Version 28 (modified by Gert Döring, 4 years ago) (diff)

2.5 and 2.6 list

OpenVPN Hackathon 2018

This year's hackathon is organized by Andriy Revin and David Sommerseth

We will stick to the format of the previous years, which means attendance is in principle limited to "active developers that are also regularly contributing to #openvpn-devel or the mailing list". We should have enough space in the meeting room for 10-14 devs.

Who is coming?

Name Topics Arrival Departure Hotel
Andriy Revin - @home
David Sommerseth clean-ups, plug-ins, OpenVPN 3 client Thu evening (LO482/LO763) Tue (LO766/LO483) Ibis
Antonio Quartulli remaining IPv6-only work, VLAN patches, netlink, multi-socket/multi-protocol, transport API(?) Fri Tue Ibis
Steffan Karger Performance, clean ups, crypto stuff Thu (OS381, ETA 15:20 @ airport) Sun Ibis
Gert Döring VLAN Patches / Architecture, Challenge / Plugin stuff, Performance (Threading?) Fri (LH2550, ETA 11:30 @airport) Mon (LH2551) Ibis
Samuli Seppänen Packaging (MSI, DEB, RPM), HackerOne tuning Fri late evening Mon early morning  Ibis
James Yonan
Arne Schwabe random stuff Thu (LO410/LO765) Tue (LO766/LO407) Ibis
Johan Draaisma things 3 oct 8 oct somewhere
Lev Stipakov things Fri evening (TK443) Tue Ibis


The meeting is held at the OpenVPN office in Lviv (Ukraine): Shevchenka Ave 5.

Lviv Danylo Halytskyi International Airport is quite close to the city. Best way of public transport is via Uber.

If you have any questions - please contact Andriy Revin (andriy @


The hackathon will take place from Friday October 5th 2018 to Sunday October 7th.


  1. What features do we want in 2.5? Set the timeline accordingly. (See the OpenVPN 2.5 status page).
    • tls-crypt v2, sitnl, vlan patches, ipv6-only, transport plug-in?
    • MSI packaging?
    • EasyRSA 3 for Windows (NSIS/MSI) installers?
  2. Should OpenVPN be a "swiss army knife" or "secure vpn client for dummies"
    • Could the split between OpenVPN 2.x and 3.x reflect these two roles?
  3. Feature changes
    • Do we need --opt-verify? Is this a feature strictly needed these days?
  4. MSI packaging
    • Available for testing for tap-windows6, but not yet for OpenVPN 2




Free wifi network is available at the office


There are many options with hotels and Airbnb alternatives in walking distance from the office (5-10 minutes). Most reasonably priced hotels are fairly small and availability is varying a lot, but double check against,, or similar sites to ensure you get a good price.

Some hotels close by (4-8 minutes walk):

Hotel URL Comments
Ibis Styles Lviv Center Most likely one of the bigger ones, small rooms but decent
Swiss Hotel Reasonable hotel when getting good price offers
ANTARES Apart hotel -
Danylo Inn -


(informal notes on some of the discussions that benefit from writing down)


  • we need to do a 2.4.7 release "soonish", to fix the --opt-verify issue Lev and Johan have encountered with NCP (patch has been merged in master+release/2.4)
  • we want the "asymmetric compression" change from Arne in there as well
  • 2.4.7 will be inintially released with the old TAP6 driver, and then we can do a re-release with the new TAP6 driver after sufficient testing (when our new approach can get all testing/signing issues fixed, estimated ~4-6 weeks)
  • TLS1.3 related patches are acceptable for 2.4.7 if they do not change existing behaviour (unless you use --tls-ciphersuite


  • are buggy
  • 30 day refund policy

features in 2.5 that we want

  • we have a page in the wiki so people can read up on this
  • MSI packaging (Simon, Samuli)
    • TAP6 changes -> TAP6 MSI installer
    • Samuli is reading books about MSI
    • possibly drop NSIS, or offer both options
  • tls-cryptv2
    • Antonio is reviewing, goal: this weekend
  • IPv6-only
    • Gert needs to finish review and test bed
  • netlink / sitnl refactoring of tun.c, route.c
    • Arne volunteers to review, but is entangled in ipv6-only changes (so might need rebasing) -> Antonio to check
    • code is there, but needs better coordination
    • blocker or nice to have?
  • transport plugin (obfuscation or others)
    • operator foundation, founded by google
    • coordinating with Antonio
    • patches based on 2.4 - asked to rebase on master
    • "nice to have"?
  • "make VPN fast again" (Antonio)
    • ongoing activity...
  • VLAN patchset
    • Antonio volunteers to rebase + adjust the code to master
    • Arne volunteers to review
    • Gert to build test infrastructure
    • David: suggest to checkout the code tree "right before the uncrustify changes", apply Fabian's v2 patch set, and proceed from there
  • multi-listen / multi-port / multi-ip patch set
    • multi-port is done, with multi-ip (if same protocol) (first chunk) "in beta"
    • multi-protocol (TCP+UDP) "not even alpha"
    • Arne feels like he needs to review this
  • dynamic-route (routes in CCD/)
    • today: OpenVPN only adds route at startup
    • adding routes at client-connect time needs to be done "outside"
    • nice to have(!!) - it can be done with --client-connect or in plugin code - but easier debugged if "built in"

features we want in 2.6

  • asynchronous netlink (= do not block waiting for kernel ACK)
  • performance enhancements on multi-CPU machines
    • multithreading? Do we want to just go for 3.0 here?