wiki:StatusOfOpenvpn25

Version 57 (modified by David Sommerseth, 4 years ago) (diff)

--

Introduction

This page shows the high-level status of OpenVPN 2.5 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

As we missed our original deadline (Debian Buster freeze) we don't have a schedule yet, except "in year 2020". Nevertheless, the release will proceed as follows:

  • 2.5_beta1 (early July)

After this date, no new features allowed, stabilising starts for real. Some minor "nice to have patches" might be accepted after evaluation/discussion on IRC; but should be avoided. Man page processing will be converted from the current groff formatting to a markdown formatting right before beta tagging.

  • ??? - 2.5_beta2 (optional)

Only patches related to stabilising and important bug-fixes are allowed after this point. No more "nice to have patches" after this point. If we have no bug fixes or otherwise stabilizing code this release can be skipped.

  • ??? - 2.5_rc1

Only really needed and critical bug fixes allowed.

  • ??? - 2.5_rc2

Branching out release/2.5 happens here.

  • 2.5.0 Final release.

Deadline: To be determined

  • Code freeze on June 30st, 2020 (based initially on discussions in Trento hackathon, postponed in IRC meeting on 4th March 2020, postponed again...)
  • 2.5.0 release on August 15th, 2020

Features/fixes to include

must have

Task descriptionAssigned toStatusTicket
MSI installers mattock Final integration tests not done #1122
async client-connect support plaisthos + ordex pending, needs more review + work -
update auth-user-pass docs mattocknot started, discussion here
polish auth-token / auth-gen-token corner cases (not sending token after explicit-exit-notify from server, etc.) cron2, plaisthos pending -

Postponed items (former "nice to have" items for 2.5)

Task descriptionAssigned toStatusTicket
support for multiple-protocol sockets (UDP/TCP) ordex wip
Support for multiple sockets (multi-port/multi-IP) ordex pending review #556
Dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
transport plugin (primary use case: obfuscation) ordex wip
tftp/wpad patch jjk patch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)not started
Update OpenVPN PRF (move away from SHA1/MD5) syzzer not started
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???
improve control channel performance syzzer ???

work needed

  • trac tickets (2.4.x, 2.5.x, unclassified)
  • MSI testing and user documentation

items already done

IPv6-only server ordex & cron2 most of the work is done! some details remain to be cleaned up #208
Implement asymmetric compression plaisthos v5 merged (lev/cron2)
Allow OpenVPN to communicate to peers via a Linux VRF cron2 patch v2 on the list & merged
man page formatting change dazo merged

TODO: update list

Missing pieces from MSI

Bundling OpenVPN as an MSI will require changes to several projects: openvpn, openvpnserv2, openvpn-build and tap-windows6. Here's a list of the missing pieces (hopefully) in the order in which they should be merged:

  1. openvpn: the openvpnmsica and tapctl patch series
  2. tap-windows6: MSM packaging
  3. openvpn-build: Windows MSI packaging
  4. openvpn-vagrant: Add MSI build support
    • Needs to be adapted to final upstream URLs before merging

Dropping tap-windows6 NSI changes?

I (mattock) propose we drop the following tap-windows6 PRs that change the NSIS installer:

Current OpenVPN / tap-windows6 NSIS installers are working well across all the platforms, so I'd prefer not to "rock the boat" by introducing changes unnecessarily. Also, I believe the above PRs were originally meant for OpenVPN 2.5, not for 2.4. And OpenVPN 2.5 does not need these PRs anymore now that we have MSM packaging for tap-windows6. Even if we did decide that the above PRs make sense for 2.4, our support policy says that 2.4 would move to "Old stable" in ~6 months after 2.5.0, after which we would not provide any Windows installers. So the gain for 2.4. would be rather small, maybe for one or two 2.4.x releases at most.