wiki:StatusOfOpenvpn27

Introduction

This page shows the high-level status of OpenVPN 2.7 release. If you want all the details, see the Active Tickets by Milestone report.

Schedule

Release is roughly planned for two years after OpenVPN 2.6. So end of 2024 or beginning of 2025. It was discussed that we should provide official preview builds earlier this time to gather more feedback for merged changes. Also the experience from 2.6 release was to branch off release/2.7 later, since branching it off too early causes a lot of work for little benefit.

Features/fixes to include

completed/done

Task descriptionAssigned toStatusTicketPatchwork / Gerrit
Switch from MSVC buildsystem to CMake for Windows builds djpig Done - Change 266
Remove deprecated --no-replay djpig Done wiki:DeprecatedOptions#Option:--no-replayStatus:RemovedinOpenVPNv2.7 Change 281
Make it harder to use --secret plaisthos Done wiki:DeprecatedOptions#Option:--secretStatus:Deprecatedpendingremoval Change 325
Remove deprecated NTLM v1 support djpig Done wiki:DeprecatedOptions#NTLMv1authenticationsupportin--http-proxyStatus:Deprecatedpendingremoval Change 379 Change 500
support TLS alerts plaisthos Done - Change 449
Change default for --topology to subnet djpig Done wiki:DeprecatedOptions#Changedefault--topologynet30tosubnetStatus:Pending Change 421
afunix/lwipovpn plaisthos, cron2 Done - lwipovpn topic
Tunnelcrack improvements for Windows d12fk Done - Change 489

must have (might block the release)

Task description Assigned toStatusTicketGerrit / Patchwork
DNS option rework (split DNS) - windows backend lev, d12fk WIP - -
support for multiple-protocol sockets (UDP/TCP) Giaan Gerrit #556 multisocket topic
New API for DCO kernel module on Linux ordex Trying to get in mainline first - -
Remove wintun driver support lev TBD - -
Remove support for compression on send djpig Gerrit - Change 755

should have

Task description Assigned toStatusTicketGerrit / Patchwork
Data v3 format with AES rekeying plaisthos, syzzer WIP - -
Tunnelcrack improvements for Linux d12fk TBD - -
--cipher/--data-ciphers add DEFAULT syntax plaisthos TBD - -

nice to have / wild ideas

Task description Assigned toStatusTicketPatchwork / Gerrit
Bloom-filter DDoS protection plaisthos Gerrit - bloom topic
Live route updates / push-update ordex - - -
dco-win multipeer (--server) lev WIP - -
HAProxy support ralf_lici Gerrit - proxy-protocol topic
Remove deprecated --ns-cert-type - - wiki:DeprecatedOptions#Option:--ns-cert-typeStatus:Pendingremoval -
Remove deprecated --tun-ipv6 - - wiki:DeprecatedOptions#Option:--tun-ipv6Status:Ignoredpendingremoval -
Remove deprecated --max-routes - - wiki:DeprecatedOptions#Option:--max-routesStatus:Ignoredpendingremoval -
Remove deprecated --dhcp-release - - wiki:DeprecatedOptions#Option:--dhcp-releaseStatus:Ignoredpendingremoval -
Properly deprecate _v1 and _v2 plugin functions - - wiki:DeprecatedOptions#plugin:_v1and_v2functionsforopenandfunccallStatus:Pendingremoval -
Deprecate NTLM v2 support djpig - wiki:DeprecatedOptions#NTLMv2authenticationsupportin--http-proxyStatus:Tobedeprecatedin2.7 -
implement kqueue on MacOS plaisthos wip (but slower than poll()) - -
sort out multiple-plugin auth mess dazo, cron2 on-going - RFC patch 2327
Improve NM-OVPN integration cron2 trying to establish contact - -
Make TAP6-Windows Really Fast lev not started - -
SRV patch (set) ? patch needs work - -
test server that does --auth-user-pass and/or challenge stuff cron2 (snair)--auth-user-pass done, challenge missing - -
Update OpenVPN PRF (move away from SHA1/MD5) syzzer/plaisthos done(?) - -
maybe: fix radius-plugin - plugin is useful but not maintained very well ??? ??? - -
test framework improvements (local "make check" crypto tests) syzzer - - -
inner VRF support? ?? ?? ??
route monitoring (enable clients to react to network changes) cron2 not started - -
maybe: add PRF plugin interface ??? ??? - -
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) ??? ??? - -
maybe: add data channel separation (or, move to ovpn3, which already has this?) ??? ??? -
investigate TUNSLMODE on FreeBSD and NetBSD to get rid of iroute table (iroutes become normal system routes) cron2 not started - -
Dynamic routes ('route in ccd-file'), depends on netlink support ordex not started - -
transport plugin (primary use case: obfuscation) ordex wip - -
tftp/wpad patch jjk patch on list, needs review and merge - -
support TLS record splitting (like ovpn3) syzzer (started, but no patches available yet) #554 -
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling syzzer ??? - -
Last modified 2 months ago Last modified on 09/30/24 12:48:23