Context Navigation

Introduction

This page shows the high-level status of OpenVPN 2.6 release. If you want all the details, see the Active Tickets by Milestone report.

Currently planned:

Task description	Assigned to	Status	Ticket	Patchwork
DCO (on Linux)	ordex, plaisthos, cron2	merged, now ironing out bugs (p2p reconnection)	-	Series 1516
DCO (on Windows)	lev, d12fk, plaisthos, ordex	merged, ironing out bugs (--windows-driver, --disable-dco quirks)	-	Series 1516
DCO (on FreBSD)	kp, cron2	merged, fine tuning (/24-on-/24 iroute, peer stats, exit notification with stats)	-
update auth-user-pass docs	mattock	wip: man-page updates (discussion)
TLS handshake replay protection (up for discussion)	plaisthos	pending review	-	patch 2747
sort out multiple-plugin auth mess	dazo, cron2	on-going	-	RFC patch 2327

Task description	Assigned to	Status	Ticket	Patchwork
frame/buffer size handling	plaisthos	done	-
OpenSSL 3.0.0 support	plaisthos	mostly done 2021-11-12	-
OpenSSL 3.0.0 xkey	selva	done 2022-01-20	-
switch to 3.0.1 for Windows builds	lev, mattock	done	-
OpenSSL Config file handling ("where does an OpenVPN binary read OpenSSL config from, and why?") - windows build / private vcpkg? - unix builds - OpenVPN vs. system defaults vs. loading "local" OpenSSL 3.0 providers	lev, selva(?)	done 2021-11-24	-
`--nobind` for `--pull` by default ("random client port by default")	plaisthos	done 2021-12-06	#936, #877
DNS option rework (split DNS) - new option parsing	d12fk	done (commit b3e0d95dcf)	-	patch 2494
review INSTALL, README, PORTS etc. files	cron2	done	-	-
do not push route-ipv6 entries that are also in the iroute-ipv6 list	ordex, cron2	done, commit 437812d4eac9	#354	patch 332
polish auth-token / auth-gen-token corner cases (not sending token after explicit-exit-notify from server, etc.)	cron2, plaisthos, selva	"seems to be all in good shape now"	-	patch 2303, patch 2488
DDoS reflection hardening (rate-limiting)	plaisthos, cron2	merged	-

Task description	Assigned to	Status	Ticket	Patchwork
implement kqueue on MacOS	plaisthos	wip (but slower than poll())	-	-
DNS option rework (split DNS) - windows backend	lev, d12fk	not started	-	-
support TLS alerts	plaisthos	???	-
AUTH_TEMP_FAIL ("I can not handle you now, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x must handle gracefully ]	plaisthos	review pending	-	series 1580
test server that does --auth-user-pass and/or challenge stuff	cron2 (snair)	--auth-user-pass done, challenge missing
Update OpenVPN PRF (move away from SHA1/MD5)	syzzer/plaisthos	done(?)
maybe: fix radius-plugin - plugin is useful but not maintained very well	???	???
test framework improvements (local "make check" crypto tests)	syzzer	-	-

inner VRF support?	??	??	??
route monitoring (enable clients to react to network changes)	cron2	not started	-
maybe: add PRF plugin interface	???	???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex)	???	???
maybe: add data channel separation (or, move to ovpn3, which already has this?)	???	???
Dynamic routes ('route in ccd-file'), depends on netlink support	???	???
transport plugin (primary use case: obfuscation)	ordex	wip
tftp/wpad patch	jjk	patch on list, needs review and merge
support TLS record splitting (like ovpn3)	syzzer	(started, but no patches available yet)	#554
support for multiple-protocol sockets (UDP/TCP)	ordex	wip	-
Support for multiple sockets (multi-port/multi-IP)	ordex	pending review	#556
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling	syzzer	???

Last modified 16 months ago Last modified on 01/10/23 07:36:07