Introduction
This page shows the high-level status of OpenVPN 2.4 release. If you want all the details, see the Active Tickets by Milestone report.
Schedule
- November 16 - 2.4_beta1 After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC.
- (optional) November 24th/25th - 2.4_beta2 Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.
- December 1st - 2.4_rc1 Only really needed and critical bug fixes allowed. This is also the time where we change to a unified coding style across the whole source code.
- December 15th - 2.4_rc2 Branching out release/2.4 happens here.
- December 28th - 2.4.0 Final release.
Deadline: Debian 9 freeze
Mattock asked the Debian package maintainer about getting 2.4_something into Debian 9 before the freeze. Here's the response: "I'll consider uploading 2.4_something in early December, so we have a month to fix possible issues. After December 29 it won't be doable."
Features/fixes to include
must have
Task description | Assigned to | Status |
All done.
minor, but "we should try to make it happen"
Task description | Assigned to | Status |
struct argv overhaul | d12fk | Patch review completed (dazo), patch 1-4 applied, patch 5-7 need v2 patches |
auth-gen-token: Inform client why auth-token was rejected | dazo | Patch review in progress (syzzer) |
tftp/wpad patch | jjk | patch on list, needs review and merge |
support TLS record splitting (like ovpn3) | syzzer | #554 (started, but no patches available yet) |
Allow OpenVPN to communicate to peers via a Linux VRF | - | updated patches need review + ML submission |
test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | not started |
update auth-user-pass docs | mattock | not started, discussion here |
Update OpenVPN PRF (move away from SHA1/MD5) | syzzer | not started |
work needed
- trac tickets (2.3.x, 2.4.x, unclassified)
(major) items already done
- poor man's NCP (v6)
- make openvpnserv2 use exit-events
- combined 32/64-bit Windows installers
- semi-automated testing of OpenVPN/OpenVPN-GUI/openvpnserv2 on Windows using openvpn-windows-test
- dhcp-option DNS6 (stub, windows netsh+service, android)
- bundle OpenSSL 1.0.2 on windows
- Refactor CRL handling
- --tls-crypt control channel encryption #633
- ifconfig-before-open reversal patch for windows fixed (argv_printf) and merged
- openvpnserv2 integration
- pushable ciphers, and cipher negotiation
- true dual-stack operation (2.3 has "dual single-stack")
- interactive service + openvpn-gui integration
- IPv6 route-gateway redirection
- AEAD cipher
- cipher negotiation (for all but a few corner cases)
- peer-id (server and client, 2.3 has only client)
- compression v2 = more efficient alignment
- unified TCP timeout handling (Arne v3)
- new buildbots for FreeBSD 10.3, NetBSD 7.0.1, OpenBSD 6.0, MacOS X, various recent Linux versions
- --multihome fixed on BSD/amd64 architectures, tested by buildbots
- recursive routing fixup (Lev v4)
- block-outside-dns on multiple tunnels (v2, Selva)
- re-indent formatting (dazo, syzzer). More details on CodeStyle
Last modified 6 years ago
Last modified on 12/15/16 18:25:29