Introduction
This page shows the high-level status of OpenVPN 2.6 release. If you want all the details, see the Active Tickets by Milestone report.
Schedule
Currently planned:
- all "must have" code in and all major (crash) bugs fixed: Jan 11, 2023
- RC candidates: Dec 28, 2022 + Jan 12 2023
- 2.6.0 release: Jan 26, 2023
Features/fixes to include
must have
Task description | Assigned to | Status | Ticket | Patchwork
|
DCO (on Linux) | ordex, plaisthos, cron2 | merged, now ironing out bugs (p2p reconnection) | - | Series 1516
|
DCO (on Windows) | lev, d12fk, plaisthos, ordex | merged, ironing out bugs (--windows-driver, --disable-dco quirks) | - | Series 1516
|
DCO (on FreBSD) | kp, cron2 | merged, fine tuning (/24-on-/24 iroute, peer stats, exit notification with stats) | - |
|
update auth-user-pass docs | mattock | wip: man-page updates (discussion) |
|
TLS handshake replay protection (up for discussion) | plaisthos | pending review | - | patch 2747
|
sort out multiple-plugin auth mess | dazo, cron2 | on-going | - | RFC patch 2327
|
must have - completed/done
Task description | Assigned to | Status | Ticket | Patchwork
|
frame/buffer size handling | plaisthos | done | - |
|
OpenSSL 3.0.0 support | plaisthos | mostly done 2021-11-12 | - |
|
OpenSSL 3.0.0 xkey | selva | done 2022-01-20 | - |
|
switch to 3.0.1 for Windows builds | lev, mattock | done | - |
|
OpenSSL Config file handling ("where does an OpenVPN binary read OpenSSL config from, and why?") - windows build / private vcpkg? - unix builds - OpenVPN vs. system defaults vs. loading "local" OpenSSL 3.0 providers | lev, selva(?) | done 2021-11-24 | - |
|
--nobind for --pull by default ("random client port by default") | plaisthos | done 2021-12-06 | #936, #877 |
|
DNS option rework (split DNS) - new option parsing | d12fk | done (commit b3e0d95dcf) | - | patch 2494
|
review INSTALL, README, PORTS etc. files | cron2 | done | - | -
|
do not push route-ipv6 entries that are also in the iroute-ipv6 list | ordex, cron2 | done, commit 437812d4eac9 | #354 | patch 332
|
polish auth-token / auth-gen-token corner cases (not sending token after explicit-exit-notify from server, etc.) | cron2, plaisthos, selva | "seems to be all in good shape now" | - | patch 2303, patch 2488
|
DDoS reflection hardening (rate-limiting) | plaisthos, cron2 | merged | - |
|
nice to have / wild ideas
Task description | Assigned to | Status | Ticket | Patchwork
|
implement kqueue on MacOS | plaisthos | wip (but slower than poll()) | - | -
|
DNS option rework (split DNS) - windows backend | lev, d12fk | not started | - | -
|
support TLS alerts | plaisthos | ??? | -
|
AUTH_TEMP_FAIL ("I can not handle you *now*, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x must handle gracefully ] | plaisthos | review pending | - | series 1580
|
test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | --auth-user-pass done, challenge missing |
|
Update OpenVPN PRF (move away from SHA1/MD5) | syzzer/plaisthos | done(?) |
|
maybe: fix radius-plugin - plugin is useful but not maintained very well | ??? | ??? |
|
test framework improvements (local "make check" crypto tests) | syzzer | - | -
|
unlikely to happen, keeping the list
inner VRF support? | ?? | ?? | ??
|
route monitoring (enable clients to react to network changes) | cron2 | not started | -
|
maybe: add PRF plugin interface | ??? | ??? |
|
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) | ??? | ??? |
|
maybe: add data channel separation (or, move to ovpn3, which already has this?) | ??? | ??? |
|
Dynamic routes ('route in ccd-file'), depends on netlink support | ??? | ??? |
|
transport plugin (primary use case: obfuscation) | ordex | wip |
|
tftp/wpad patch | jjk | patch on list, needs review and merge |
|
support TLS record splitting (like ovpn3) | syzzer | (started, but no patches available yet) | #554
|
support for multiple-protocol sockets (UDP/TCP) | ordex | wip | -
|
Support for multiple sockets (multi-port/multi-IP) | ordex | pending review | #556
|
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling | syzzer | ??? |
|