Introduction
This page shows the high-level status of OpenVPN 2.7 release. If you want all the details, see the Active Tickets by Milestone report.
Schedule
no schedule yet
Features/fixes to include
must have
Task description | Assigned to | Status | Ticket | Patchwork / Gerrit |
DCO code polishing | ordex | not started | - | - |
sort out multiple-plugin auth mess | dazo, cron2 | on-going | - | RFC patch 2327 |
DNS option rework (split DNS) - windows backend | lev, d12fk | in gerrit? | - | - |
SRV patch (set) | ? | patch needs work | - | - |
Make TAP6-Windows Really Fast | lev | not started | - | - |
Improve NM-OVPN integration | cron2 | trying to establish contact | - | - |
Switch from MSVC buildsystem to CMake for Windows builds | djpig | Patch in gerrit | - | Change 266 |
Remove deprecated --ns-cert-type | - | - | wiki:DeprecatedOptions#Option:--ns-cert-typeStatus:Pendingremoval | - |
Remove deprecated --tun-ipv6 | - | - | wiki:DeprecatedOptions#Option:--tun-ipv6Status:Ignoredpendingremoval | - |
Remove deprecated --max-routes | - | - | wiki:DeprecatedOptions#Option:--max-routesStatus:Ignoredpendingremoval | - |
Remove deprecated --dhcp-release | - | - | wiki:DeprecatedOptions#Option:--dhcp-releaseStatus:Ignoredpendingremoval | - |
Remove deprecated --no-replay | djpig | Patch in gerrit | wiki:DeprecatedOptions#Option:--no-replayStatus:Pendingremoval | Change 281 |
Properly deprecate _v1 and _v2 plugin functions | - | - | wiki:DeprecatedOptions#plugin:_v1and_v2functionsforopenandfunccallStatus:Pendingremoval | - |
must have - completed/done
Task description | Assigned to | Status | Ticket | Patchwork |
nice to have / wild ideas
Task description | Assigned to | Status | Ticket | Patchwork |
implement kqueue on MacOS | plaisthos | wip (but slower than poll()) | - | - |
support TLS alerts | plaisthos | ??? | - | |
AUTH_TEMP_FAIL ("I can not handle you *now*, but please come back later") [auth-retry noninteract -> something for 3.x mostly, but 2.x must handle gracefully ] | plaisthos | Done | - | c9474fa316a6f73286ed97b36c8f8b1ba62141bd |
test server that does --auth-user-pass and/or challenge stuff | cron2 (snair) | --auth-user-pass done, challenge missing | ||
Update OpenVPN PRF (move away from SHA1/MD5) | syzzer/plaisthos | done(?) | ||
maybe: fix radius-plugin - plugin is useful but not maintained very well | ??? | ??? | ||
test framework improvements (local "make check" crypto tests) | syzzer | - | - | |
inner VRF support? | ?? | ?? | ?? | |
route monitoring (enable clients to react to network changes) | cron2 | not started | - | |
maybe: add PRF plugin interface | ??? | ??? | ||
maybe: add key exchange plugin interface (allows easily doing .e.g post quantum kex) | ??? | ??? | ||
maybe: add data channel separation (or, move to ovpn3, which already has this?) | ??? | ??? | ||
investigate TUNSLMODE on FreeBSD and NetBSD to get rid of iroute table (iroutes become normal system routes) | cron2 | not started | - | - |
Dynamic routes ('route in ccd-file'), depends on netlink support | ??? | ??? | ||
transport plugin (primary use case: obfuscation) | ordex | wip | ||
tftp/wpad patch | jjk | patch on list, needs review and merge | ||
support TLS record splitting (like ovpn3) | syzzer | (started, but no patches available yet) | #554 | |
support for multiple-protocol sockets (UDP/TCP) | ordex | wip | - | |
Support for multiple sockets (multi-port/multi-IP) | ordex | wip (rebase required) | #556 | |
improve control channel performance (further) - redo reliability layer, introduce windowing / scaling | syzzer | ??? |
unlikely to happen, keeping the list
Last modified 3 days ago
Last modified on 05/26/23 13:16:17