This page shows the high-level status of OpenVPN 2.7 release. If you want all the details, see the Active Tickets by Milestone report.


no schedule yet

Features/fixes to include

must have

Task descriptionAssigned toStatusTicketPatchwork / Gerrit
DCO code polishing ordex not started - -
sort out multiple-plugin auth mess dazo, cron2 on-going - RFC patch 2327
DNS option rework (split DNS) - windows backend lev, d12fk in gerrit? - -
SRV patch (set) ? patch needs work - -
Make TAP6-Windows Really Fast lev not started - -
Improve NM-OVPN integration cron2 trying to establish contact - -
Switch from MSVC buildsystem to CMake for Windows builds djpig Patch in gerrit - Change 266
Remove deprecated --ns-cert-type - - wiki:DeprecatedOptions#Option:--ns-cert-typeStatus:Pendingremoval -
Remove deprecated --tun-ipv6 - - wiki:DeprecatedOptions#Option:--tun-ipv6Status:Ignoredpendingremoval -
Remove deprecated --max-routes - - wiki:DeprecatedOptions#Option:--max-routesStatus:Ignoredpendingremoval -
Remove deprecated --dhcp-release - - wiki:DeprecatedOptions#Option:--dhcp-releaseStatus:Ignoredpendingremoval -
Remove deprecated --no-replay djpig Patch in gerrit wiki:DeprecatedOptions#Option:--no-replayStatus:Pendingremoval Change 281
Properly deprecate _v1 and _v2 plugin functions - - wiki:DeprecatedOptions#plugin:_v1and_v2functionsforopenandfunccallStatus:Pendingremoval -

must have - completed/done

Task descriptionAssigned toStatusTicketPatchwork

nice to have / wild ideas

Task descriptionAssigned toStatusTicketPatchwork
implement kqueue on MacOS plaisthos wip (but slower than poll()) - -
support TLS alerts plaisthos ??? -
AUTH_TEMP_FAIL ("I can not handle you *now*, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x must handle gracefully ] plaisthos Done - c9474fa316a6f73286ed97b36c8f8b1ba62141bd
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)--auth-user-pass done, challenge missing
Update OpenVPN PRF (move away from SHA1/MD5) syzzer/plaisthos done(?)
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ???
test framework improvements (local "make check" crypto tests) syzzer - -
inner VRF support? ?? ?? ??
route monitoring (enable clients to react to network changes) cron2 not started -
maybe: add PRF plugin interface ??? ???
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ???
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ???
investigate TUNSLMODE on FreeBSD and NetBSD to get rid of iroute table (iroutes become normal system routes) cron2 not started - -
Dynamic routes ('route in ccd-file'), depends on netlink support ??? ???
transport plugin (primary use case: obfuscation) ordex wip
tftp/wpad patch jjk patch on list, needs review and merge
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554
support for multiple-protocol sockets (UDP/TCP) ordex wip -
Support for multiple sockets (multi-port/multi-IP) ordex wip (rebase required) #556
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling syzzer ???

unlikely to happen, keeping the list

Last modified 3 days ago Last modified on 05/26/23 13:16:17