Version 23 (modified by 5 years ago) (diff) | ,
---|
Introduction
This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.
Schedule
- October 7 - Feature selection
At the hackathon in Lviv, we'll decide which features we want for 2.5. After that, we can start planning the steps below.
- December 21 - 2.5_beta1
After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC; but should be avoided.
- (optional) ??? - 2.5_beta2
Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.
- ??? - 2.5_rc1
Only really needed and critical bug fixes allowed.
- ??? - 2.5_rc2
Branching out release/2.5 happens here.
- February 2, 2019 - 2.5.0 Final release.
Deadline: To be determined
Last time we used the Debian freeze as a hard deadline.
Current freeze dates for Debian Buster: https://release.debian.org/buster/freeze_policy.html The release date proposed accounts for avoiding a potential 10 days testing delay; but should be verified with the OpenVPN Debian package maintainer.
Features/fixes to include
must have
Task description | Assigned to | Status | Ticket |
tls-crypt-v2 | syzzer | merged | #1121 |
Purge NSIS installers (migrate to MSI installers) | mattock | ??? | #1122 |
Netlink support (includes route.c / tun.c refactoring) | ordex | pending review (arne) | #1123 |
VLAN patch set | ordex/cron2/plaithos | planning | #6 |
Support for multiple sockets (multi-port/multi-IP) | ordex | pending review | #556 |
Implement asymmetric compression | plaisthos | pending, need updated patch + review (syzzer/cron2) | ? |
"we should try to make it happen" (but will likely not make it)
Task description | Assigned to | Status | Ticket |
ChaCha20-Poly1305 support for the data channel | syzzer | merged. | - |
IPv6-only server | ordex | Patch review in progress, few patches missing (cron2) | #208 |
support for multiple-protocol sockets (UDP/TCP) | ordex | wip | |
Dynamic routes ('route in ccd-file'), depends on netlink support | ??? | ??? | |
transport plugin (primary use case: obfuscation) | Operator Foundation / ordex | ordex is getting the patches in shape for ml | |
'make VPN fast again!' | ??? | ??? | |
struct argv overhaul | d12fk | Patch review completed (dazo), patch 1-4 applied, v2 of patches 5-7 on the ml waiting for review (rebranded as 1-4 by davids) | |
auth-gen-token: Inform client why auth-token was rejected | dazo | Patch review in progress (syzzer) | |
tftp/wpad patch | jjk | patch on list, needs review and merge | |
support TLS record splitting (like ovpn3) | syzzer | (started, but no patches available yet) | #554 |
Allow OpenVPN to communicate to peers via a Linux VRF | - | updated patches need review + ML submission | |
test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | not started | |
update auth-user-pass docs | mattock | not started, discussion here | |
Update OpenVPN PRF (move away from SHA1/MD5) | syzzer | not started | |
maybe: add PRF plugin interface | ??? | ??? | |
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) | ??? | ??? | |
maybe: add data channel separation (or, move to ovpn3, which already has this?) | ??? | ??? | |
maybe: fix radius-plugin - plugin is useful but not maintained very well | ??? | ??? | |
improve control channel performance | syzzer | ??? |
work needed
- trac tickets (2.4.x, 2.5.x, unclassified)
(major) items already done
- remove ENABLE_CRYPTO
TODO: update list