wiki:StatusOfOpenvpn24

Version 54 (modified by Gert Döring, 7 years ago) (diff)

block-outside-dns done

Introduction

This page shows the high-level status of OpenVPN 2.4 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

  • November 16 - 2.4_beta1 After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC.
  • (optional) November 23rd - 2.4_beta2 Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.
  • December 1st - 2.4_rc1 Only really needed and critical bug fixes allowed. This is also the time where we change to a unified coding style across the whole source code.
  • December 15th - 2.4_rc2 Branching out release/2.4 happens here.
  • December 28th - 2.4.0 Final release.

Deadline: Debian 9 freeze

Mattock asked the Debian package maintainer about getting 2.4_something into Debian 9 before the freeze. Here's the response: "I'll consider uploading 2.4_something in early December, so we have a month to fix possible issues. After December 29 it won't be doable."

Features/fixes to include

must have

Task descriptionAssigned toStatus
t_client-style "test all windows specific options" testbed on windows???very basic scripts + profiles done. powershell work by Samuli. Windows testing page: WindowsTesting
make openvpnserv2 use exit-eventsmattockresearch started, tracked here
re-indent formatting???last thing before we release, requires lots of manual work
bundle OpenSSL 1.0.2 on Windowsmattocknot started, but should be trivial

minor, but "we should try to make it happen"

Task descriptionAssigned toStatus
struct argv overhaul d12fk Patch review completed (dazo), patch 1-3 can at least be considered for v2.4, patch 4-7 if v2 patches arrives and can be reviewed+ACK before release of 2.4_beta1
auth-gen-token: Inform client why auth-token was rejected dazo Patch review in progress (syzzer)
--tls-crypt control channel encryption syzzer #633, patches on ML, need review
Refactor CRL handling syzzer Patches on ML, need review
tftp/wpad patchjjkpatch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer #554 (started, but no patches available yet)
Allow OpenVPN to communicate to peers via a Linux VRF - updated patches need review + ML submission
dhcp-option dns6...cron2not done yet
support OpenSSL 1.1 syzzer (?) not started
test server that does --auth-user-pass and/or challenge stuffcron2 (snair)not started
update auth-user-pass docsmattocknot started, discussion here
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started

undefined priority

Task descriptionAssigned toStatus
combined i686/x86_64 Windows installerschipitsine/mattockPR ready, but in mattock's tests it had some issues

work needed

  • trac tickets (2.3.x, 2.4.x, unclassified)

major items already done

  • ifconfig-before-open reversal patch for windows fixed (argv_printf) and merged
  • openvpnserv2 integration
  • pushable ciphers, and cipher negotiation
  • true dual-stack operation (2.3 has "dual single-stack")
  • interactive service + openvpn-gui integration
  • IPv6 route-gateway redirection
  • AEAD cipher
  • cipher negotiation (for all but a few corner cases)
  • peer-id (server and client, 2.3 has only client)
  • compression v2 = more efficient alignment
  • unified TCP timeout handling (Arne v3)
  • new buildbots for FreeBSD 10.3, NetBSD 7.0.1, OpenBSD 6.0, MacOS X, various recent Linux versions
  • --multihome fixed on BSD/amd64 architectures, tested by buildbots
  • recursive routing fixup (Lev v4)
  • block-outside-dns on multiple tunnels (v2, Selva)