wiki:StatusOfOpenvpn26

Version 4 (modified by Gert Döring, 2 years ago) (diff)

--

Introduction

This page shows the high-level status of OpenVPN 2.6 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

Too early to say, but we hope to get this done quicker than 2.4 and 2.5 - so, tentatively, "March 2022"

Features/fixes to include

must have

Task descriptionAssigned toStatusTicket
DCO (on Linux) ordex, plaisthos, cron2 alpha release -
DCO (on Windows) lev, d12fk, plaisthos wip -
update auth-user-pass docs mattock not started, discussion here
polish auth-token / auth-gen-token corner cases (not sending token after explicit-exit-notify from server, etc.) cron2, plaisthos pending -
frame/buffer size handling plaisthos TBD -
OpenSSL 3.0.0 support plaisthos wip -
OpenSSL 3.0.0 xkey selva PR sent -
TLS handshake replay protection (up for discussion) plaisthos not started -
DDoS reflection hardening (rate-limiting) plaisthos, cron2 wip -
DNS option rework (split DNS) - new option parsing d12fk concept being written -
switch to 3.0.0 for Windows builds lev, mattock - -
OpenSSL Config file handling ("where does an OpenVPN binary read OpenSSL config from, and why?") - windows build / private vcpkg? - unix builds - OpenVPN vs. system defaults vs. loading "local" OpenSSL 3.0 providers lev, selva(?) - -

nice to have / wild ideas

Task descriptionAssigned toStatusTicket
implement kqueue on MacOS plaisthos not started -
DNS option rework (split DNS) - windows backend lev, d12fk -
support TLS alerts plaisthos ??? -
AUTH_TEMP_FAIL ("I can not handle you *now*, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x must handle gracefully ] ? ? -
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)--auth-user-pass done, challenge missing
Update OpenVPN PRF (move away from SHA1/MD5) syzzer/plaisthos done(?)
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???
DCO (on FreBSD) ? ? -
test framework improvements (local "make check" crypto tests) syzzer - -

unlikely to happen, keeping the list

inner VRF support? ?? ?? ??
route monitoring (enable clients to react to network changes) cron2 not started -
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
Dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
transport plugin (primary use case: obfuscation) ordex wip
tftp/wpad patch jjk patch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554
support for multiple-protocol sockets (UDP/TCP) ordex wip -
Support for multiple sockets (multi-port/multi-IP) ordex pending review #556
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling syzzer ???