Version 28 (modified by 5 years ago) (diff) | ,
---|
Introduction
This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.
Schedule
As we missed our original deadline (Debian Buster freeze) we don't have a schedule yet, except "in year 2019". Nevertheless, the release will proceed as follows:
- 2.5_beta1
After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC; but should be avoided.
- ??? - 2.5_beta2 (optional)
Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.
- ??? - 2.5_rc1
Only really needed and critical bug fixes allowed.
- ??? - 2.5_rc2
Branching out release/2.5 happens here.
- 2.5.0 Final release.
Deadline: To be determined
Last time we used the Debian freeze as a hard deadline. For OpenVPN 2.5 we wanted to use Debian Buster freeze, but missed the deaadline.
Features/fixes to include
must have
Task description | Assigned to | Status | Ticket |
Purge NSIS installers (migrate to MSI installers) | mattock | ??? | #1122 |
Netlink support (includes route.c / tun.c refactoring) | ordex | merged | #1123 |
VLAN patch set | ordex/cron2/plaithos | pending review (arne) | #6 |
Support for multiple sockets (multi-port/multi-IP) | ordex | pending review | #556 |
Implement asymmetric compression | plaisthos | pending, need updated patch + review (syzzer/cron2) | ? |
"we should try to make it happen" (but will likely not make it)
Task description | Assigned to | Status | Ticket |
IPv6-only server | ordex | server support is pending review | #208 |
support for multiple-protocol sockets (UDP/TCP) | ordex | wip | |
Dynamic routes ('route in ccd-file'), depends on netlink support | ??? | ??? | |
transport plugin (primary use case: obfuscation) | ordex | wip | |
'make VPN fast again!' | ??? | ??? | |
struct argv overhaul | d12fk | Patch review completed (dazo), patch 1-4 applied, v2 of patches 5-7 on the ml waiting for review (rebranded as 1-4 by davids) | |
auth-gen-token: Inform client why auth-token was rejected | dazo | Patch review in progress (syzzer) | |
tftp/wpad patch | jjk | patch on list, needs review and merge | |
support TLS record splitting (like ovpn3) | syzzer | (started, but no patches available yet) | #554 |
Allow OpenVPN to communicate to peers via a Linux VRF | - | updated patches need review + ML submission | |
test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | not started | |
update auth-user-pass docs | mattock | not started, discussion here | |
Update OpenVPN PRF (move away from SHA1/MD5) | syzzer | not started | |
maybe: add PRF plugin interface | ??? | ??? | |
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) | ??? | ??? | |
maybe: add data channel separation (or, move to ovpn3, which already has this?) | ??? | ??? | |
maybe: fix radius-plugin - plugin is useful but not maintained very well | ??? | ??? | |
improve control channel performance | syzzer | ??? |
work needed
- trac tickets (2.4.x, 2.5.x, unclassified)
- MSI testing and user documentation
(major) items already done
- remove ENABLE_CRYPTO
- ChaCha20-Poly1305 support for the data channel
- tls-crypt-v2 (#1121)
- MSI packaging
TODO: update list