= Introduction = This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the [report:3 Active Tickets by Milestone] report. = Schedule = * October 7 - Feature selection At the hackathon in Lviv, we'll decide which features we want for 2.5. After that, we can start planning the steps below. * ??? - 2.5_beta1 After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC. * (optional) ??? - 2.5_beta2 Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped. * ??? - 2.5_rc1 Only really needed and critical bug fixes allowed. * ??? - 2.5_rc2 Branching out release/2.5 happens here. * ??? - 2.5.0 Final release. == Deadline: To be determined == Last time we used the Debian freeze as a hard deadline. TODO: investigate if there is a similar freeze we want to make. = Features/fixes to include = == must have == ||'''Task description'''||'''Assigned to'''||'''Status'''||'''Ticket'''|| || tls-crypt-v2 || syzzer || Patch review in progress (ordex) ||#1121|| || Purge NSIS installers (migrate to MSI installers) || mattock || ??? ||#1122|| || Netlink support (includes route.c / tun.c refactoring) || ordex || pending review ||#1123|| || VLAN patch set || ordex/cron2/plaithos || planning ||#6|| || Support for multiple sockets (multi-port/multi-IP) || ordex || pending review ||#556|| || Implement asymmetric compression || plaisthos || pending review (syzzer/cron2) || ? || == "we should try to make it happen" (but will likely not make it) == ||'''Task description'''||'''Assigned to'''||'''Status'''||'''Ticket'''|| || ChaCha20-Poly1305 support for the data channel || syzzer || Pending review || - || || [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16998.html IPv6-only server] || ordex ||Patch review in progress, few patches missing (cron2)||#208|| || support for multiple-protocol sockets (UDP/TCP) || ordex || wip || || Dynamic routes ('route in ccd-file'), depends on netlink support || ??? || ??? || || transport plugin (primary use case: obfuscation) || Operator Foundation / ordex ||ordex is getting the patches in shape for ml|| || 'make VPN fast again!' || ??? || ??? || || [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12818.html struct argv overhaul] || d12fk || Patch review completed (dazo), patch 1-4 applied, patch 5-7 need v2 patches || || [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12848.html auth-gen-token: Inform client why auth-token was rejected] || dazo || Patch review in progress (syzzer) || || [http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg10511.html tftp/wpad patch] || jjk ||patch on list, needs review and merge|| || support TLS record splitting (like ovpn3) || syzzer ||(started, but no patches available yet) ||#554|| || [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12767.html Allow OpenVPN to communicate to peers via a Linux VRF] || - || [https://github.com/OpenVPN/openvpn/pull/65/commits/1baa7e6782b39ed664eedb9b006728d31e22c07e updated patches] need review + ML submission || || test server that does --auth-user-pass and/or challenge stuff ||cron2 (snair)||not started|| || update auth-user-pass docs || mattock||not started, discussion [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12835.html here]|| || Update OpenVPN PRF (move away from SHA1/MD5) || syzzer || not started || || maybe: add PRF plugin interface || ??? || ??? || || maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) || ??? || ??? || || maybe: add data channel separation (or, move to ovpn3, which already has this?) || ??? || ??? || || maybe: fix radius-plugin - plugin is useful but not maintained very well || ??? || ??? || || improve control channel performance || syzzer || ??? || == work needed == * trac tickets (2.4.x, 2.5.x, unclassified) == (major) items already done == * remove ENABLE_CRYPTO TODO: update list