= Introduction = This page shows the high-level status of OpenVPN 2.4 release. If you want all the details, see the [report:3 Active Tickets by Milestone] report. = Schedule = * November 16 - 2.4_beta1 After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC. * (optional) November 23rd - 2.4_beta2 Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped. * December 1st - 2.4_rc1 Only really needed and critical bug fixes allowed. This is also the time where we change to a unified coding style across the whole source code. * December 15th - 2.4_rc2 Branching out release/2.4 happens here. * December 28th - 2.4.0 Final release. == Deadline: Debian 9 freeze == Mattock asked the Debian package maintainer about getting 2.4_something into Debian 9 before the freeze. Here's the response: ''"I'll consider uploading 2.4_something in early December, so we have a month to fix possible issues. After December 29 it won't be doable."'' = Features/fixes to include = == must have == ||'''Task description'''||'''Assigned to'''||'''Status'''|| ||t_client-style "test all windows specific options" testbed on windows||???||very basic scripts + profiles done. powershell work by Samuli. Windows testing page: WindowsTesting|| ||make openvpnserv2 use exit-events||mattock||research started, tracked [https://github.com/xkjyeah/openvpnserv2/issues/10 here]|| ||re-indent formatting||???||last thing before we release, requires lots of manual work|| ||bundle OpenSSL 1.0.2 on Windows||mattock||not started, but should be trivial|| == minor, but "we should try to make it happen" == ||'''Task description'''||'''Assigned to'''||'''Status'''|| ||[https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12818.html struct argv overhaul] || d12fk || Patch review completed (dazo), patch 1-3 can at least be considered for v2.4, patch 4-7 if v2 patches arrives and can be reviewed+ACK before release of 2.4_beta1 || ||[https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12848.html auth-gen-token: Inform client why auth-token was rejected] || dazo || Patch review in progress (syzzer) || ||[https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12974.html --tls-crypt control channel encryption] || syzzer || #633, patches on ML, need review || ||[https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12809.html Refactor CRL handling] || syzzer || Patches on ML, need review || ||[http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg10511.html tftp/wpad patch]||jjk||patch on list, needs review and merge|| ||support TLS record splitting (like ovpn3) || syzzer || #554 (started, but no patches available yet) || ||[https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12767.html Allow OpenVPN to communicate to peers via a Linux VRF] || - || [https://github.com/OpenVPN/openvpn/pull/65/commits/1baa7e6782b39ed664eedb9b006728d31e22c07e updated patches] need review + ML submission || ||dhcp-option dns6...||cron2||not done yet|| ||support OpenSSL 1.1 || syzzer (?) || not started || ||test server that does --auth-user-pass and/or challenge stuff||cron2 (snair)||not started|| ||update auth-user-pass docs||mattock||not started, discussion [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12835.html here]|| ||Update OpenVPN PRF (move away from SHA1/MD5) || syzzer || not started || == undefined priority == ||'''Task description'''||'''Assigned to'''||'''Status'''|| ||combined i686/x86_64 Windows installers||chipitsine/mattock||PR ready, but in mattock's tests it had some issues|| == work needed == * trac tickets (2.3.x, 2.4.x, unclassified) == major items already done == * ifconfig-before-open reversal patch for windows fixed (argv_printf) and merged * openvpnserv2 integration * pushable ciphers, and cipher negotiation * true dual-stack operation (2.3 has "dual single-stack") * interactive service + openvpn-gui integration * IPv6 route-gateway redirection * AEAD cipher * cipher negotiation (for all but a few corner cases) * peer-id (server and client, 2.3 has only client) * compression v2 = more efficient alignment * unified TCP timeout handling (Arne v3) * new buildbots for FreeBSD 10.3, NetBSD 7.0.1, OpenBSD 6.0, MacOS X, various recent Linux versions * --multihome fixed on BSD/amd64 architectures, tested by buildbots * recursive routing fixup (Lev v4) * block-outside-dns on multiple tunnels (v2, Selva)