Basic info

• Time: Wednesday 18 January 2023 at 13:00 CET (12:00 UTC)
• Place: #openvpn-meeting channel on LiberaChat IRC network

Topics

Current topics

• Can we have someone at OpenVPN create nicer windows traybar logos (#1276)?
  yes, novaflash will check with a designer to see if he can be motivated to generate something.

• Press release of 2.6 to go out with stable release
  novaflash will work with openvpn inc folks to prepare something.
  

• License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues
  plaisthos and novaflash brought this to francis and james. they consent.
  plaisthos sent proposal to the developer mailing list. response was mostly not seeeing the need.
  but debian obviously does see a problem. we need a lawyer to advise us if there is a problem and if how, how to solve.
  so it's back to plaisthos and novaflash to contact the specific lawyer and figure this out.
  main issue is convincing the developers that there is an issue, they currently do not see/understand it.

• As discussed in Hackathon we want to do a PoC with using Gerrit for code review.
  openvpn inc is working on setting up a poc for this.

• 2.6 release plans
  2.6 rc2 went out on January 12th. Intend to do another release on 25th.
  lev_'s config folder patches made it in.
  plaisthos' dynamic tls-crypt patches did not. pushed to 2.6.1.
  what about SRV? pushed to 2.6.1
  
  Looks like we're going to do a stable 2.6.0 release on January 25th.
  lev_ wants to slip in some minor changes to driver installation on windows.
  script-security behavior is different from 2.5 to 2.6 - permissions are less. need to decide on approach to fix. affects only linux.

OpenVPN 2.6.0 stable release open issues

• blockers (must be fixed before 2.6.0)

• nice to have
  P2P --tls-server still gets confused sometimes when "client just disappears" and no --keepalive is configured
  duplicate route addition / EEXIST with SITNL is not handled correctly (will lead to duplicate route removal)
  route_add() status code uses 0/1/2 magic numbers, should use MAGIC_CONSTANTS
  dco.dco_del_peer_reason etc. should be initialized "upfront" not "after the fact" (see commit aaccf8843)

• additional features
  ---?

• DCO showstoppers (not holding up 2.6.0 release, but a reason to not use DCO in production)
  OOM in netlink on busy servers ​https://github.com/OpenVPN/ovpn-dco/issues/16
  openvpn hang on "close tun, before restarting" ​https://github.com/OpenVPN/ovpn-dco/issues/18
  more... ​https://github.com/OpenVPN/ovpn-dco/issues

• OpenVPN2 build environment and improving it.
  djpig is currently working on this. The company has decided to prioritize this task.
  Code signing key was moved to an HSM system for increased security.
  djpig overhauled openvpn-build, it now uses submodules for openvpn and openvpn-gui, and contains debian packaging scripts.
  Further improvements to the build process are underway.

• OpenVPN 2.6 performance results.
  We should work on an article to publish some performance results when 2.6 is out as stable.

• Forums machine on community infrastructure is only non-Linux system.
  mattock made a new forums system that runs on rocky linux 8 as agreed with ecrist.
  Currently waiting for ecrist to test if he has access and all is well before we're able to make the switch.
  ecrist indicated that he is missing some information, mattock will provide.

Topics on standby

• Management interface documentation on main website will be updated with info from doc/management-notes.txt
  novaflash will pick this up again now that he is back.

• ​https://www-dev.openvpn.in/community-resources/openvpn-quickstart/ will be updated from /doc/man-sections/example-fingerprint.rst information.
  Static-key will be deprecated and contents updated with peer-fingerprint stuff.
  novaflash will pick this up again now that he is back.

• IPv6 to community.
  No new information to report.