wiki:StatusOfOpenvpn24

Version 70 (modified by Steffan Karger, 7 years ago) (diff)

--

Introduction

This page shows the high-level status of OpenVPN 2.4 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

  • November 16 - 2.4_beta1 After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC.
  • (optional) November 24th/25th - 2.4_beta2 Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.
  • December 1st - 2.4_rc1 Only really needed and critical bug fixes allowed. This is also the time where we change to a unified coding style across the whole source code.
  • December 15th - 2.4_rc2 Branching out release/2.4 happens here.
  • December 28th - 2.4.0 Final release.

Deadline: Debian 9 freeze

Mattock asked the Debian package maintainer about getting 2.4_something into Debian 9 before the freeze. Here's the response: "I'll consider uploading 2.4_something in early December, so we have a month to fix possible issues. After December 29 it won't be doable."

Features/fixes to include

must have

Task descriptionAssigned toStatus
re-indent formatting???requires lots of manual work. See CodeStyle.

minor, but "we should try to make it happen"

Task descriptionAssigned toStatus
struct argv overhaul d12fk Patch review completed (dazo), patch 1-4 applied, patch 5-7 need v2 patches
auth-gen-token: Inform client why auth-token was rejected dazo Patch review in progress (syzzer)
tftp/wpad patchjjkpatch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer #554 (started, but no patches available yet)
Allow OpenVPN to communicate to peers via a Linux VRF - updated patches need review + ML submission
test server that does --auth-user-pass and/or challenge stuffcron2 (snair)not started
update auth-user-pass docsmattocknot started, discussion here
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started

work needed

  • trac tickets (2.3.x, 2.4.x, unclassified)

(major) items already done

  • poor man's NCP (v6)
  • make openvpnserv2 use exit-events
  • combined 32/64-bit Windows installers
  • semi-automated testing of OpenVPN/OpenVPN-GUI/openvpnserv2 on Windows using openvpn-windows-test
  • dhcp-option DNS6 (stub, windows netsh+service, android)
  • bundle OpenSSL 1.0.2 on windows
  • Refactor CRL handling
  • --tls-crypt control channel encryption #633
  • ifconfig-before-open reversal patch for windows fixed (argv_printf) and merged
  • openvpnserv2 integration
  • pushable ciphers, and cipher negotiation
  • true dual-stack operation (2.3 has "dual single-stack")
  • interactive service + openvpn-gui integration
  • IPv6 route-gateway redirection
  • AEAD cipher
  • cipher negotiation (for all but a few corner cases)
  • peer-id (server and client, 2.3 has only client)
  • compression v2 = more efficient alignment
  • unified TCP timeout handling (Arne v3)
  • new buildbots for FreeBSD 10.3, NetBSD 7.0.1, OpenBSD 6.0, MacOS X, various recent Linux versions
  • --multihome fixed on BSD/amd64 architectures, tested by buildbots
  • recursive routing fixup (Lev v4)
  • block-outside-dns on multiple tunnels (v2, Selva)