Changes between Version 2 and Version 3 of StatusOfOpenvpn26


Ignore:
Timestamp:
11/06/21 10:20:58 (2 years ago)
Author:
Gert Döring
Comment:

discussions at hackathon incorporated

Legend:

Unmodified
Added
Removed
Modified

  • StatusOfOpenvpn26

    v2 v3  
    55= Schedule =
    66
    7 Too early to say, but we hope to get this done quicker than 2.4 and 2.5 - so, tentatively, "August 2021"
     7Too early to say, but we hope to get this done quicker than 2.4 and 2.5 - so, tentatively, "March 2022"
    88
    99= Features/fixes to include =
     
    1212
    1313||'''Task description'''||'''Assigned to'''||'''Status'''||'''Ticket'''||
    14 || DCO (on Linux) || ordex, plaisthos || alpha release || - ||
     14|| DCO (on Linux) || ordex, plaisthos, cron2 || alpha release || - ||
    1515|| DCO (on Windows) || lev__, d12fk, plaisthos || wip || - ||
    16 || DCO (on FreBSD) || ? || ? || - ||
    1716|| update auth-user-pass docs || mattock ||not started, discussion [https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12835.html here]||
    1817|| polish auth-token / auth-gen-token corner cases (not sending token after explicit-exit-notify from server, etc.) || cron2, plaisthos || pending || - ||
     18|| frame/buffer size handling || plaisthos || TBD || - ||
     19|| OpenSSL 3.0.0 support || plaisthos  || wip || - ||
     20|| OpenSSL 3.0.0 xkey || selva || PR sent || - ||
     21|| TLS handshake replay protection (up for discussion) || plaisthos || not started || - ||
     22|| DDoS reflection hardening (rate-limiting) || plaisthos, cron2 || wip || - ||
     23|| DNS option rework (split DNS) - new option parsing || d12fk || concept being written ||
    1924
    20 == nice to have ==
     25
     26== nice to have / wild ideas ==
    2127||'''Task description'''||'''Assigned to'''||'''Status'''||'''Ticket'''||
    22 || support for multiple-protocol sockets (UDP/TCP) || ordex || wip ||
    23 || Support for multiple sockets (multi-port/multi-IP) || ordex || pending review ||#556||
     28|| implement kqueue on MacOS || plaisthos || not started || - ||
     29|| DNS option rework (split DNS) - windows backend || lev, d12fk || - ||
     30|| support TLS alerts || plaisthos || ??? || - ||
     31|| AUTH_TEMP_FAIL ("I can not handle you *now*, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x **must handle gracefully** ] || ? || ? || - ||
     32|| test server that does --auth-user-pass and/or challenge stuff ||cron2 (snair)||--auth-user-pass done, challenge missing|| ||
     33|| Update OpenVPN PRF (move away from SHA1/MD5) || syzzer/plaisthos || done(?) || ||
     34|| maybe: fix radius-plugin - plugin is useful but not maintained very well  || ??? || ??? || ||
     35|| DCO (on FreBSD) || ? || ? || - ||
     36|| test framework improvements (local "make check" crypto tests) || syzzer || - || - ||
     37
     38
     39== unlikely to happen, keeping the list ==
     40|| inner VRF support? || ?? || ?? || ?? ||
     41|| route monitoring (enable clients to react to network changes) || cron2 || not started || - ||
     42|| maybe: add PRF plugin interface || ??? || ??? || ||
     43|| maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) || ??? || ??? || ||
     44|| maybe: add data channel separation (or, move to ovpn3, which already has this?) || ??? || ??? || ||
    2445|| Dynamic routes ('route in ccd-file'), depends on netlink support || ??? || ??? || ||
    2546|| transport plugin (primary use case: obfuscation) || ordex || wip || ||
    2647|| [http://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg10511.html tftp/wpad patch] || jjk ||patch on list, needs review and merge|| ||
    2748|| support TLS record splitting (like ovpn3) || syzzer ||(started, but no patches available yet) ||#554||
    28 || test server that does --auth-user-pass and/or challenge stuff ||cron2 (snair)||--auth-user-pass done, challenge missing|| ||
    29 || Update OpenVPN PRF (move away from SHA1/MD5) || syzzer/plaisthos || done(?) || ||
    30 || maybe: add PRF plugin interface || ??? || ??? || ||
    31 || maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) || ??? || ??? || ||
    32 || maybe: add data channel separation (or, move to ovpn3, which already has this?) || ??? || ??? || ||
    33 || maybe: fix radius-plugin - plugin is useful but not maintained very well  || ??? || ??? || ||
    34 || improve control channel performance || syzzer || ??? || ||
    35 || inner VRF support? || ?? || ?? || ?? ||
    36 || route monitoring (enable clients to react to network changes) || cron2 || not started || - ||
     49|| support for multiple-protocol sockets (UDP/TCP) || ordex || wip || - ||
     50|| Support for multiple sockets (multi-port/multi-IP) || ordex || pending review ||#556||
     51|| improve control channel performance (further) - redo reliability layer, introduce windowing / scaling || syzzer || ??? || ||
     52
     53