OpenVPN Hackathon 2019

This year's hackathon is organized by Antonio Quartulli

We will stick to the format of the previous years, which means attendance is in principle limited to "active developers that are also regularly contributing to #openvpn-devel or the mailing list". We should have enough space in the meeting room for 10-14 devs.

Who is coming?

Name Topics Arrival Departure Hotel
Antonio Quartulli - @home
Gert Döring devel process, networking Friday about 14:30 Sunday afternoon-ish Albergo Accademia
David Sommerseth * Friday morning Sunday afternoon Albergo Accademia
Arne Schwabe * Friday morning Sunday afternoon Albergo Accademia
Steffan Karger - Friday afternoon Monday afternoon Albergo Accademia
Simon Rozman - Friday noonish Sunday afternoon Albergo Accademia
Lev Stipakov - Friday morning Sunday afternoon Albergo Accademia
Uipko Berghuis - Friday afternoon Monday afternoon Albergo Accademia
Samuli Seppänen-Thursday late eveningSundayAlbergo Accademia
Jan Just Keijser -Friday noonishSunday noonNH Trento
Johan Draaisma-yesyesamazing place


The hackathon will take place from Friday November 8th 2019 to Sunday November 10th.


The Hackathon will be held in a meeting room fully reserved for us with 24h access (as long as I am around) within the "Impact Hub Trentino" co-working space. Full address: Via Roberto da Sanseverino, 95 - Trento - Italy "Impact Hub Trentino" is a co-working space in Trento, North-Eastern Italy and it is part of an international network of co-working spaces. Some of you may have already heard about the "Impact Hub" brand.

The co-working space provides free wifi, a pantry and some vending machines. There is no "free food", but I'll see if I can arrange some basic catering for the event.

The venue is conveniently located nearby the city center which translates to several accommodations and restaurants in range.

Entrance to the venue

Our meeting room is outside of the main building, therefore it can be reached by crossing the parking lot (green route). This route can be taken on Friday, when the ImpactHub? (and the parking lot) is open.

On Saturday/Sunday? the parking lot will be closed, therefore you have to enter from the main building (red route) cross it all and then exit on the other side. The main building might stay locked during the weekend, therefore if you arrive at a $random time, please drop me a message so that I can come and open :-)

hackathon: way in


By Italian standards Trento is a small but very nice and safe city. It hosts a university with around 17k students, who contribute to the good feeling and vibe. The city is surrounded by amazing mountains which offer incredible landscapes and are absolutely easy to reach (even for day trips).

The city center is fairly small and you can visit it all by foot. Tickets for local trains and buses to go around the area can be purchased online with the OpenMove? app (so no need to fiddle with vending machines or ticket offices).

How to get there

  • By air: Trento does not have its own commercial airport. The closest airport is Verona (VRN) - 96km/1h by car - which is small, but connected to a couple of hubs in Europe (i.e. flying Lufthansa or Alitalia). Flying to Venice (VCE), Bergamo (BGY) or Bologna (BLQ) is also an option, but the commute to Trento is longer. Flying to Innsbruck (Austria) may also be feasible, but it's still quite far. If you land in Verona, you can take a direct bus to the train station "Verona Porta Nuova" (the bus is just outside the arrival area) and then catch a train to "Trento" from there.
  • By train: Trento train station is in the center of the city and quite close to the venue. Several trains stop there (also Deutsche Bahn trains). The major railway company in Italy can be found at - station name is just "Trento".
  • By Car: Trento sits next to the A22 motorway, which connects the city center to the various airports, the rest of Italy and Austria/Germany?.

If you have any questions - please contact Antonio Quartulli (antonio @


  • man page
    • Currently formatted in groff (nroff supported too?), which is a cumbersome format for humans to edit.
    • OpenVPN 3 Linux decided to use rst2man which converts .rst files to man pages with quite good results. It can also produce other formats as well, such as html, xml, latex, odt.
    • Downside: rst2man is a Python utility
    • Upside: Much easier to write man pages where even the source file is readable.
    • There might be other tools similar to rst2man, which does not require Python.
  • Getting 2.5 out
    • test + merge the VLAN patchset (cron2/ordex)
    • review and ACK the client-connect patchset (ordex/plaisthos)
  • networking topics
    • ipv6-only (client side) for 2.4 (cron2/ordex)
    • get rid of "broadcast" ifconfig setting (cron2/ordex, /31 thread)
  • test framework
    • t_client "this address MUST NOT ping after the VPN is up" (client isolation testing with vlan patchset)
  • management API, external keys, TLS 1.3 / OpenSSL 1.1.1
    • patch from Arne
  • Two-Factor-Auth Patchset in trac
    • what, why, how? sample config?
    • get merged (dazo/plaisthos)
  • (...more.topics...)


Free wifi network is available at the venue


These are some accommodations Antonio has picked among those in the surroundings of the venue:

NameTypePrice (1p, 3nights)Distance from Impact Hub (Venue)Distance from Piazza Duomo (Main square)
*The Closest to the Impact Hub*
NH TrentoHotel155,00€350m1.3km
Komodo ApartmentsResidence153,00€400m1.3km
Bed & go TrentoB&B198,00€450m1.2km
*The Cheapest*
International Youth Hostel 'Giovane Europa'Hostel80,00€1.6km400m
*City Center Accomodations*
Albergo AccademiaHotel151,00€1.7km200m
Al Cavour 34B&B136,00€1.6km100m
B&B al Palazzo MalfattiB&B163,00€1.6km100m
Torrione TrentoGuesthouse171,00€1.5km300m

Most of the above can be found on Many more options are available also on or the portal of your choice.


The way forward for NCP

Arne and Steffan discussed, concluded:

  1. It's time to implement actual negotiation. Would be nice to get into 2.5, but will not block a 2.5 release.
  2. Client will still send IV_NCP=2, but add IV_NCP_CIPHERS=<colon-separated-cipher-list> (e.g. IV_NCP_CIPHERS=AES-256-GCM:AES-128-GCM)
  3. Server will select a cipher based on the server cipher lists preferences. I.e. the server will push the first cipher in it's local --ncp-ciphers list that's also listed in the client's IV_NCP_CIPHERS.
  4. For now, both client and server remain required to support AES-128-GCM and AES-256-GCM to do NCP.
  5. At some point, the client will no longer send IV_NCP, but just IV_NCP_CIPHERS. From then on, supporting the AES-GCM ciphers is no longer needed.


Last modified 3 years ago Last modified on 02/27/20 13:58:10

Attachments (1)

Download all attachments as: .zip