wiki:OpenVPN2013-week-15-summary

Version 4 (modified by Samuli Seppänen, 11 years ago) (diff)

--

Previous week | Index | Next week

Interesting events

  • There was a discussion on openvpn-devel about usage of the management interface on the server-side. Apparently it's not very widely used, with the exception of the Access Server.
  • FreeBSD went into a "panic mode" over the potential side-channel exploit fixed in OpenVPN 2.3.1, flagging all OpenVPN versions <2.3.1 as vulnerable. In a nutshell, they thought the vulnerability was more serious than it really was. A security announcement was written to allow FreeBSD (and others) to gauge the real impact of the vulnerability, which is low. The original FreeBSD notice seems not to be available anymore, but the current one is here. An attempt will be made to handle future security vulnerabilities in a more coordinated fashion.
  • It was agreed on IRC to restart the weekly IRC meetings. The first meeting was scheduled for 18th April 2013.
  • The discussion about having a closed security mailing list was reopened. It will be created by OpenVPN Technologies and will include both company and community members.

Commits to the Git repo

  • 12 Apr 2013 (Fri):
    • Gert Doering: Print "Virtual IPv6 Address" on management interface queries [v4] (b5df9fa)
  • 11 Apr 2013 (Thu):
    • Arne Schwabe: Print client id only if compiled with man agent support. Otherwise print an empty string. (01cfa61)

Ongoing development