wiki:StatusOfOpenvpn25

Version 16 (modified by Antonio Quartulli, 4 years ago) (diff)

--

Introduction

This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

  • October 7 - Feature selection

At the hackathon in Lviv, we'll decide which features we want for 2.5. After that, we can start planning the steps below.

  • ??? - 2.5_beta1

After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC.

  • (optional) ??? - 2.5_beta2

Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.

  • ??? - 2.5_rc1

Only really needed and critical bug fixes allowed.

  • ??? - 2.5_rc2

Branching out release/2.5 happens here.

  • ??? - 2.5.0 Final release.

Deadline: To be determined

Last time we used the Debian freeze as a hard deadline.

TODO: investigate if there is a similar freeze we want to make.

Features/fixes to include

must have

Task descriptionAssigned toStatusTicket
tls-crypt-v2 syzzer Patch review in progress (ordex) #1121
Purge NSIS installers (migrate to MSI installers) mattock ??? #1122
Netlink support (includes route.c / tun.c refactoring) ordex pending review #1123
VLAN patch set ordex/cron2/plaithos planning #6
Support for multiple sockets (multi-port/multi-IP) ordex pending review #556
Implement asymmetric compression plaisthos pending review (syzzer/cron2) ?

"we should try to make it happen" (but will likely not make it)

Task descriptionAssigned toStatusTicket
ChaCha20-Poly1305 support for the data channel syzzer Pending review -
IPv6-only server ordex Patch review in progress, few patches missing (cron2)#208
support for multiple-protocol sockets (UDP/TCP) ordex wip
Dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
transport plugin (primary use case: obfuscation) Operator Foundation / ordex ordex is getting the patches in shape for ml
'make VPN fast again!' ??? ???
struct argv overhaul d12fk Patch review completed (dazo), patch 1-4 applied, patch 5-7 need v2 patches
auth-gen-token: Inform client why auth-token was rejected dazo Patch review in progress (syzzer)
tftp/wpad patch jjk patch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554
Allow OpenVPN to communicate to peers via a Linux VRF - updated patches need review + ML submission
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)not started
update auth-user-pass docs mattocknot started, discussion here
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???
improve control channel performance syzzer ???

work needed

  • trac tickets (2.4.x, 2.5.x, unclassified)

(major) items already done

  • remove ENABLE_CRYPTO

TODO: update list