Introduction
This page shows the high-level status of OpenVPN 2.4 release. If you want all the details, see the Active Tickets by Milestone report.
Deadlines
Debian 9 freeze
Mattock asked the Debian package maintainer about getting 2.4_something into Debian 9 before the freeze. Here's the response: "I'll consider uploading 2.4_something in early December, so we have a month to fix possible issues. After December 29 it won't be doable."
Features/fixes to include
must have
| Task description | Assigned to | Status
|
| t_client-style "test all windows specific options" testbed on windows | ??? | very basic scripts + profiles done. powershell work by Samuli. Windows testing page: WindowsTesting
|
| make openvpnserv2 use exit-events | mattock | research started, tracked here
|
| re-indent formatting | ??? | last thing before we release, requires lots of manual work
|
| bundle OpenSSL 1.0.2 on Windows | mattock | not started, but should be trivial
|
minor, but "we should try to make it happen"
| Task description | Assigned to | Status
|
| block-outside-dns v2 | snair | patch on list, needs review and merge (cron2)
|
| tftp/wpad patch | jjk | patch on list, needs review and merge
|
| dhcp-option dns6... | cron2 | not done yet
|
| test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | not started
|
| support TLS record splitting (like ovpn3) | syzzer | #554 (started, but no patches available yet)
|
--tls-crypt control channel encryption | syzzer | #633 (preview branch available)
|
| update auth-user-pass docs | mattock | not started, discussion here
|
| support OpenSSL 1.1 | syzzer (?) | not started
|
undefined priority
| Task description | Assigned to | Status
|
| combined i686/x96_64 Windows installers | chipitsine/mattock | PR ready, but in mattock's tests it had some issues
|
work needed
- trac tickets (2.3.x, 2.4.x, unclassified)
major items already done
- ifconfig-before-open reversal patch for windows fixed (argv_printf) and merged
- openvpnserv2 integration
- pushable ciphers, and cipher negotiation
- true dual-stack operation (2.3 has "dual single-stack")
- interactive service + openvpn-gui integration
- IPv6 route-gateway redirection
- AEAD cipher
- cipher negotiation (for all but a few corner cases)
- peer-id (server and client, 2.3 has only client)
- compression v2 = more efficient alignment
- unified TCP timeout handling (Arne v3)
- new buildbots for FreeBSD 10.3, NetBSD 7.0.1, OpenBSD 6.0, MacOS X, various recent Linux versions
- --multihome fixed on BSD/amd64 architectures, tested by buildbots
- recursive routing fixup (Lev v4)
