wiki:StatusOfOpenvpn25

Version 23 (modified by David Sommerseth, 5 years ago) (diff)

--

Introduction

This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

  • October 7 - Feature selection

At the hackathon in Lviv, we'll decide which features we want for 2.5. After that, we can start planning the steps below.

  • December 21 - 2.5_beta1

After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC; but should be avoided.

  • (optional) ??? - 2.5_beta2

Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.

  • ??? - 2.5_rc1

Only really needed and critical bug fixes allowed.

  • ??? - 2.5_rc2

Branching out release/2.5 happens here.

  • February 2, 2019 - 2.5.0 Final release.

Deadline: To be determined

Last time we used the Debian freeze as a hard deadline.

Current freeze dates for Debian Buster: https://release.debian.org/buster/freeze_policy.html The release date proposed accounts for avoiding a potential 10 days testing delay; but should be verified with the OpenVPN Debian package maintainer.

Features/fixes to include

must have

Task descriptionAssigned toStatusTicket
tls-crypt-v2 syzzer merged #1121
Purge NSIS installers (migrate to MSI installers) mattock ??? #1122
Netlink support (includes route.c / tun.c refactoring) ordex pending review (arne) #1123
VLAN patch set ordex/cron2/plaithos planning #6
Support for multiple sockets (multi-port/multi-IP) ordex pending review #556
Implement asymmetric compression plaisthos pending, need updated patch + review (syzzer/cron2) ?

"we should try to make it happen" (but will likely not make it)

Task descriptionAssigned toStatusTicket
ChaCha20-Poly1305 support for the data channel syzzer merged. -
IPv6-only server ordex Patch review in progress, few patches missing (cron2)#208
support for multiple-protocol sockets (UDP/TCP) ordex wip
Dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
transport plugin (primary use case: obfuscation) Operator Foundation / ordex ordex is getting the patches in shape for ml
'make VPN fast again!' ??? ???
struct argv overhaul d12fk Patch review completed (dazo), patch 1-4 applied, v2 of patches 5-7 on the ml waiting for review (rebranded as 1-4 by davids)
auth-gen-token: Inform client why auth-token was rejected dazo Patch review in progress (syzzer)
tftp/wpad patch jjk patch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554
Allow OpenVPN to communicate to peers via a Linux VRF - updated patches need review + ML submission
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)not started
update auth-user-pass docs mattocknot started, discussion here
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???
improve control channel performance syzzer ???

work needed

  • trac tickets (2.4.x, 2.5.x, unclassified)

(major) items already done

  • remove ENABLE_CRYPTO

TODO: update list