Version 3 (modified by Antonio Quartulli, 4 years ago) (diff)



This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.


  • October 7 - Feature selection

At the hackathon in Lviv, we'll decide which features we want for 2.5. After that, we can start planning the steps below.

  • ??? - 2.5_beta1

After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC.

  • (optional) ??? - 2.5_beta2

Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.

  • ??? - 2.5_rc1

Only really needed and critical bug fixes allowed.

  • ??? - 2.5_rc2

Branching out release/2.5 happens here.

  • ??? - 2.5.0 Final release.

Deadline: To be determined

Last time we used the Debian freeze as a hard deadline.

TODO: investigate if there is a similar freeze we want to make.

Features/fixes to include

must have

Task descriptionAssigned toStatus
tls-crypt-v2 syzzer Patch review in progress (ordex)
transport plugin (primary use case: obfuscation) Operator Foundation (ordex will get them ready for ml) ordex
netlink support (includes route.c / tun.c refactoring) ordex ???
'make VPN fast again!' ??? ???
purge NSIS installers (migrate to MSI installers) mattock ???
VLAN patch set ordex/cron2/plaithos ordex/cron2/plaithos
support for multiple sockets (UDP/TCP/multi-port/multi-IP) ordex ???
dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
improve control channel performance syzzer ???

minor, but "we should try to make it happen"

Task descriptionAssigned toStatus
struct argv overhaul d12fk Patch review completed (dazo), patch 1-4 applied, patch 5-7 need v2 patches
auth-gen-token: Inform client why auth-token was rejected dazo Patch review in progress (syzzer)
tftp/wpad patchjjkpatch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer #554 (started, but no patches available yet)
Allow OpenVPN to communicate to peers via a Linux VRF - updated patches need review + ML submission
test server that does --auth-user-pass and/or challenge stuffcron2 (snair)not started
update auth-user-pass docsmattocknot started, discussion here
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???

work needed

  • trac tickets (2.4.x, 2.5.x, unclassified)

(major) items already done

TODO: create list