[Openvpn-devel] IRC community meeting summary
As agreed in the weekly community meeting we will be sending weekly meeting summaries to the OpenVPN developer's mailing list from now on. Meeting summary for 18 October 2023: * *Closed: Community Hackathon 2023 meeting* /This was held in Orihuela Costa 6-8 October./ /For a summary seeHackathon 2023 <https://community.openvpn.net/openvpn/wiki/Hackathon2023>/ * *Closed: Weekly meeting summaries by email* /It was decided novaflash will do meeting summaries on wiki and send copy to devel mailing list./ /novaflash has joined the openvpn-devel mailing list and will send out these meeting summaries./ * *Updated: Website release process woes* /There are is actual movement on this now, they're moving the Community Downloads content now to another CMS./ /They will also move Security Advisories to this other CMS as well so both can be updated independently from website updates./ * *Updated: OpenVPN 2.6.7 release* /CMake backport is in./ /We originally planned for 18 October, but we will postpone it a little but still expect it to go out in October./ /Reason is there are a number of outstanding issues ready to be merged that we want to get in, this takes a bit more time./ /Also there is a div-by-zero bug we want to get out soon so we'd rather delay 2.6.7 slightly to get it in./ * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /A new version of James Bottomley patch is needed as it broke openssl 1.0.2 and libressl. Plaisthos will look into this./ /Then dazo can review things so we can decide if we can finalize this./ /One of the tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary./ * *Updated: OpenVPN community meetup 2024* /Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it, as we want to encourage developers and those interested in contributing to feel welcome./ /Where: Karlsruhe, Germany. It is a relatively central location in Europe and is fairly easily reachable by train. A meeting location is yet to be arranged./ /When: At the moment tentatively set to 20-22 September 2024./ /Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest./ /Shirts: There is plenty of time still to prepare a shirt design./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 25 October 2023: * *Updated: Publish security assessment of OpenVPN2 codebase on main website.* /Approvals and preparations are done for this./ /Marketing decided to make it a larger topic (?) and include past security assessments./ /Expected to be published within the next 3 weeks. / * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /The OpenSSL James Bottomley stuff is resolved now./ /The --tls-export-cert feature needs to be removed by dazo and reimplemented by plaisthos./ /Then it is up to dazo to review things so we can work on finalizing this./ /One of the tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary./ /For new contributions the new license already applies so maxf is unblocked to implement mbedtls3 support on master./ /maxf mentioned he will look into how much work it is to backport mbedtls3 it to 2.6.' / * *Updated: OpenVPN 2.6.7 release* /CMake backport is in./ /We are working on some outstanding patches that we are working to get in./ /Also there is a div-by-zero bug we want to get out soon so we're waiting until that is in./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 1 November 2023: * *Updated: OpenVPN 2.6.7 release* /CMake backport is in./ /We are working on some outstanding patches that we are working to get in./ /Also there is a div-by-zero bug and a critical bug we want to get out soon so we're waiting until that is in./ /The patch for it is on security mailing list and being reviewed by dazo and df12k./ * *Updated: Publish security assessment of OpenVPN2 codebase on main website.* /Approvals and preparations are done for this./ /Marketing sent a draft over internally which was reviewed by novaflash and dazo and looks almost reasonable./ /Expected to be published within the next 2 weeks./ * *Updated: Tunnelcrack published nowhttps://tunnelcrack.mathyvanhoef.com <https://tunnelcrack.mathyvanhoef.com/>* /A post was published atTunnelCrack community wiki article <https://community.openvpn.net/openvpn/wiki/TunnelCrack>/ /More details are in thewiki:Hackathon2023 <https://community.openvpn.net/openvpn/wiki/Hackathon2023>meeting summary./ /A security advisory went up on the main websitehttps://openvpn.net/security-advisories/ / As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 8 November 2023: * *Updated: OpenVPN 2.6.7 release* /There is a div-by-zero bug and a critical bug we were waiting to get fixed before proceeding./ /The patch for fixing both is on security mailing list and has acks so will go in now./ /The release is expected to happen today./ * *Updated: Publish security assessment of OpenVPN2 codebase on main website.* /Expected to be published either this or next week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 15 November 2023: * *Updated: OpenVPN 2.6.7 release* /The 2.6.7 release was made last week on November 9th 2023./ /There was a segfault crash reported that points to double check buffer leak code./ /There was a mention of fragment 0 not working anymore (since 2.6.1). This was from documentation 12 years old. But we can still look into handling this case better./ /There was a question from glcox on whether copr can hold older versions as well to rollback to. There are of course always options like using packages.openvpn.net for this or upstreaming to EPEL repos or such. But unfortunately copr has the limitation that it only can have one build. So there is no easy solution here with copr. The effort involved to get another solution is stopping us at this moment to implement a solution. dazo does mention that perhaps modules or streams for various versions on EPEL could be a solution. Ideally we'd have someone from EPEL repository to collaborate with./ * *New: OpenVPN 2.6.8 release* /There is a fix available for the crash in 2.6.7. We will put this into 2.6.8 and release soon./ /There are 2 patches from lev that will go in as well./ /Intention is to get this out this week (Friday likely)./ * *New: donations for OpenVPN community* /There is currently no place to donate money to the community./ /The question is, do we want to allow donations? The answer is yes./ /We need to figure out how to deal with that legally, and what payment methods to accept and how./ /Probably credit card is a must. Maybe paypal as well. Bitcoin seems to encounter some resistance in the discussions./ /We definitely do not want the donation thing to be forced - have a mechanism to do it, but keep it out of the way./ /Random things yelled out (to investigate): legal entity? stripe? paypal? creditcard? open collective? github sponsors? linux foundation? sf conservancy?/ * *Updated: Publish security assessment of OpenVPN2 codebase on main website.* /Expected to be published this week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 22 November 2023: * *Closed: OpenVPN 2.6.7 release* /2.6.7 was released, and followed up with 2.6.8./ * *Closed: OpenVPN 2.6.8 release* /2.6.8 was released on Friday 17 November./ * *Updated: Publish security assessment of OpenVPN2 on main website.* /Trail of Bits security audit of OpenVPN2 published:https://openvpn.net/blog/trail-of-bits// * *Updated: Website release process woes* /Website team reports they are going to publish the new CMS for community downloads and security advisories next week./ * *New: TLS 1.0 PRF problem* /OpenVPN has used a scheme based on the TLS 1.0 PRF with MD5+SHA1 in the past. Since OpenVPN 2.6.0+ and 3.6.0+ using Keying Material Exporters (RFC 5705) is preferrred as modern alternative to that.//If one or both sides are older versions of OpenVPN like 2.5 and use the older method of making key material, there can be a problem./ /For example on platforms like RHEL9 with FIPS enabled, you cannot use TLS 1.0 PRF with MD5+SHA1. So even for these special cases MD5 has become impossible in this particular situation./ /As a practical example, this means OpenVPN 2.5 on RHEL9 with FIPS enabled cannot work at all. But 2.6 does work because it uses TLS export, but only if the other side supports TLS export too./ /We should first of all document this. But second, having a self-test in OpenVPN that warns of this situation can be beneficial./ * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /For new contributions the new license already applies./ /The --tls-export-cert option needs to be removed, and reimplemented. dazo sent in the patch to remove it, plaisthos will reimplement it./ /Then it is up to dazo to review things so we can work on finalizing this./ /One of the last tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 22 November 2023: * *New: spam on forums.* /It just keeps coming. We need a solution./ /asked pippin_ if he could maybe get attention from ecrist to try and solve this./ * *Updated: Website release process woes* /Website team continues to report that they are on the verge of launching the new stuff./ /But there is a release freeze planned for last weeks of December so we may not actually get it this year./ * *Updated: TLS 1.0 PRF problem* /A patch for this has been created and it needs reviews.'/ * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /For new contributions the new license already applies./ /The --tls-export-cert code was removed, and plaisthos will reimplement it./ /Then it is up to dazo to review things so we can work on finalizing this./ /One of the last tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary./ * *New: OpenVPN 2.6.9 release* /After --export-peer-cert/--tls-export-cert issue is clarified and code merged, we feel we're ready for a new release./ /Tentatively next week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] Correction: IRC community meeting summary
I had the date wrong in the previous mail. Sorry. Meeting summary for 6 December 2023: * *New: spam on forums.* /It just keeps coming. We need a solution./ /asked pippin_ if he could maybe get attention from ecrist to try and solve this./ * *Updated: Website release process woes* /Website team continues to report that they are on the verge of launching the new stuff./ /But there is a release freeze planned for last weeks of December so we may not actually get it this year./ * *Updated: TLS 1.0 PRF problem* /A patch for this has been created and it needs reviews.'/ * *Updated: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /For new contributions the new license already applies./ /The --tls-export-cert code was removed, and plaisthos will reimplement it./ /Then it is up to dazo to review things so we can work on finalizing this./ /One of the last tasks is reviewing if remaining items are trivial patches, and maybe get legal advice on those if necessary./ * *New: OpenVPN 2.6.9 release* /After --export-peer-cert/--tls-export-cert issue is clarified and code merged, we feel we're ready for a new release./ /Tentatively next week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 13 December 2023: * *Updated: OpenVPN 2.6.9 release* /In discussion with community members looks like next week would be a good time for a 2.6.9 release./ * *Updated: forums topics* /Pippin_ and novaflash reported lots of spam on the forums. rob0 got into contact with ecrist, looks like anti-spam module had expired. It was renewed./ /ecrist suggests to decouple authentication system for forums from community PWM. almost all forum users never use other community resources, so it makes sense./ /There is the pending migration from BSD to Linux for the forums machine./ /In collaboration with ecrist, we'll look into arranging for OpenVPN Inc. to provide a new VM and a license for vBulletin. ecrist can then convert the existing forums content./ /RegardingCloudFlare <https://community.openvpn.net/openvpn/wiki/CloudFlare>; currently not enabled on forums, but we will enable it on the new VM./ * *New: community funding* /ordex has an initiative he wants to bring up regarding dev resources to be added to community./ /This may tie into the donations topic./ /In short ordex convinced OTF (Open Tech Fund) to provide a "test FOSS funding scheme" to OpenVPN./ /This would for example allow to pay for allocated hours for mattock and cron2 to work on OpenVPN community tasks./ /This is to be worked out more and in collaboration between OpenVPN Community, OpenVPN Inc., and OTF./ * *Updated: Donations for OpenVPN community* /There is currently no place to donate money to the community, and we do want to allow that./ /We need to figure out how to deal with that legally, and what payment methods to accept and how./ /Probably credit card is a must. Maybe paypal as well. Bitcoin seems to encounter some resistance in the discussions./ /We definitely do not want the donation thing to be forced - have a mechanism to do it, but keep it out of the way./ /Random things yelled out (to investigate): legal entity? stripe? paypal? creditcard? open collective? github sponsors? linux foundation? sf conservancy?/ /ordex suggested that he will take a look in january to figure out what legalities etc are involved in getting a legal entity for OpenVPN community./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 20 December 2023: * *New: no meeting on 27th december or 3 january.* /Normal meetings to resume on January 10 2024./ * *Updated: OpenVPN 2.6.9 release* /Given that we're so close to end of year, we'll push this to next year./ /The --tls-export-cert PR needs a little love first./ /Tentative new release date is January 10./ * *Updated: forums topics* /There has been a lot of spam. An antispam module had expired. We fixed that. But there's still the occasional bit of spam./ /We agreed in last meeting to commit to a path to get a new VM and switch to vBulletin and disconnect from community LDAP logins./ /The new VM is delivered, the license should be delivered this week too, so then ecrist can get to work./ /RegardingCloudFlare? <https://community.openvpn.net/openvpn/wiki/CloudFlare>, currently not enabled on forums, but we will enable it at some point on the new VM./ * *New: status of trac/wiki* /ordex wanted to discuss state of trac/wiki. Do we move to something else? Do we update existing?/ /mattock has been volunteered to look into alternatives./ /It must be open source. Self-hosted or hosted open-source both fine./ /There is no hard requirement for LDAP capability./ /Should have access controls so only approved members can edit./ * *New: status of community LDAP sign-in solution* /We use it currently for forums, wiki, gerrit, patchwork. We are seriously considering getting rid of it./ /The reality is that 99.99% of forums users do not interact with the other tools./ /And that the small group of contributors to wiki and gerrit does not justify the need for an LDAP sign-in solution./ /So we're inclined to disconnect from LDAP. For the forums we already intend to do that now./ /No final decision reached at this time. Considering our options./ * *New: packet header order* /plaisthos wanted to get consensus/decision on whether we do that as part of the rekeying improvements./ /Generally in favor of adding a new negotiable packet format, so long as plaisthos and syzzer are in agreement./ * *New: plan to improve server side testing* /mattock postedhttps://community.openvpn.net/openvpn/wiki/ServerSideTestingImprovementPlan#no1 <https://community.openvpn.net/openvpn/wiki/ServerSideTestingImprovementPlan#no1>/ /It's a plan to improve server side testing. mattock would like to get eyes on this and feedback./ * *Updated: TLS 1.0 PRF problem* /Patches for this have been created and are in review, have not made it in yet./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time (except this 27 december and 3 january). Best of luck to all of you in the new year, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 24 January 2024: * *Closed: License amendment for OpenVPN2 to solve openssl/mbedtls licensing issues* /All work on this is now completed./ * *New: security mailing list procedure can stand improvement* /To be discussed in more detail later./ * *Updated: tasks related to build processes (Mattock)* o Buildbot can now skip builds that don't touch irrelevant files (https://github.com/OpenVPN/openvpn-buildbot/pull/31 <https://github.com/OpenVPN/openvpn-buildbot/pull/31>) + Which file and/or directory changes should trigger the buildbot builds? + Do we want the skipped builds to show up on the build state page? Or to be (almost) completely invisible to buildbot? + We do not have answers right now to these questions but the fact that we can now skip irrelevant things is great. o Extending the above: Have different Builders and build steps for different types of files + We can have more than one Scheduler per project (e.g. openvpn) + Each Scheduler can have a different Change Filters for builds that are relevant for that type of build + Each Scheduler links to a set of Builders + Each Builder runs different commands on the Worker (e.g. "autoreconf -vi && ./configure ..." or "do-something-else") + Example Schedulers: # /openvpn-default/Scheduler (=what we have now) would: * Trigger normal builds on all builders * No build would be triggered on documentation changes # /openvpn-rst/Scheduler would: * Trigger RST sanity check on one builder when .rst file changes * *Updated: OpenVPN 2.6.9 release* /There is a small security issue reported in OpenVPN for Windows installer./ /Once this is resolved we can make the 2.6.9 release./ /lev, selva, and d12fk, are looking into this at the moment./ /dazo will work with lev to arrange a CVE report./ * *Updated: forums topics* /There has been a lot of spam. An antispam module had expired. We fixed that. But there's still the occasional bit of spam./ /ecrist looked into setting up a new forum. Discovered that migrating data is not possible./ /Suggested approach is to run both old and new side-by-side and let people finish discussions on old forums while new is up. Then after some time make the old forum read-only. /RegardingCloudFlare? <https://community.openvpn.net/openvpn/wiki/CloudFlare>, currently not enabled on forums, but we will enable it at some point on the new VM. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 6 March 2024: * *New: openvpn 2.6.10 release* /There are some Windows related issues to be resolved in this release./ /Tentatively planned for end of next week./ * *Updated: server-side testing status and next meeting* o mattock has created a PoC of --dev null "does a client connect" check + client config has "--dev null" and "ifconfig-noexec" # uses an "up" script to stop the parent (openvpn) process gracefully soon after connection initialization # the "up" script almost certainly includes some Linux-specifisms # example usage: * openvpn --config client.conf |grep "Initialization Sequence Completed" # integration with "make check", buildbot, etc. is still missing # next steps: * integrate the PoC with "make check" * make the script portable * buildbot integration (if required separately) /We want to continue on this topic once a bit more progress has been made./ * *Updated: forums topics* /A new forum is under construction. But already spammers have found it./ /Suggestion is to give openvpn_inc user novaflash and Pippin_ full admin rights so they can help find a solution and help maintain the forums./ /To be discussed with ecrist./ /Layout and categories look ok?/ /Access for Mod to delete users that put spam url in profile and never post a message, currently I cannot discover a way to delete those/(1) /Access for Mod to edit user profiles/(1) /Mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /Access for mods to logs so one can see what others did/ /Considering some existing platform to do discussions next to forum?/ /(1) May not be necessary if enough admin available/ * *Updated: website release process* /Finally they have come up with a solution that they will run by novaflash this week./ * *New: breaking DCO changes, how to approach?* /This topic appeared but we do not have details on what this entails exactly./ /Perhaps ordex can provide details on what this is about, so we can have a meaningful discussion./ * *Updated: Status of SBOM* /There was a discussion between MaxF and djpig and others./ /For OpenVPN2 / OpenVPN-NL, there is not much overlap, as OpenVPN2 doesn't ship much in terms of libraries, but OpenVPN-NL does./ /The interesting use-case for an SBOM is really the OpenVPN Windows GUI client./ * *Updated: Debian and Ubuntu snapshot packages and buildbot* o Cloudfront + S3 + aptly PoC is complete and seems to work fine o Cloudfront caches need to be invalidated when new packages are added or removed, or the apt repository will end up in an inconsistent state almost immediately o If we use swupdate.openvpn.net to publish the snapshots we will have to deal with cloudfront + cloudflare. o We can choose to just publish snapshots on build.openvpn.net. This seems the preferred option. o Alternatively a new S3 bucket + cloudfront can be done. Whatever people like best. o Buildbot integration is missing, but should be fairly straightforward o This will probably have to wait until "--dev null" is done As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 13 March 2024: * *New: topic from an openvpn inc contributor to community (illia)* /Would like to discuss about --inactive option that disconnects a VPN when it is not sending/receiving more than the set seconds timeout./ /One part of it is that openvpn2 only counts outgoing packets and openvpn3 counts incoming and outgoing. Which is correct?/ /Another part is type of packets to count - this is all not so clear./ /For now we counting any packets and ICMP spam from router resets inactive timeout very often for openvpn3 so it disconnects later than 2/ /Current proposal: count also incoming packets for openvpn2 and do not reset inactive timeout on ICMP packets for both ovpn3 and 2/ /There was argument made that "this is how it has been in openvpn2 forever and we had no complaints" but oddly the documentation claims incoming and outgoing is counted./ /after looking into this a bit some screwiness was found with tracking the data in openvpn2 that could use fixing, and illia will work on it./ /and there is some voodoo happening in openvpn2 that skips inactive reset packets and similar magic is missing in ovpn3, so illia will work on that too./ * *New: breaking DCO changes, how to approach?* /During the upstreaming process to the Linux kernel some alterations had to be made./ /This made the updated implementation different enough from ovpn-dco-v2 that OpenVPN 2.6 won't work with it anymore./ /The plan is to adjust OpenVPN 2.6 so it can support the ovpn-dco-v2 delivered as out-of-tree kernel module, and the in-tree new kernel module./ /We can then update the out-of-tree kernel module to work in the new way and have a graceful transition period./ /So when it goes upstream and is in the Linux kernel, or DCO is installed out-of-tree, it will work the same./ /We can later decide on when to drop the support for ovpn-dco-v2 old methods./ * *Updated: openvpn 2.6.10 release* /There are some Windows related issues to be resolved in this release./ /Was planned for this week - pushed to begin next week./ * *Updated: website release process* /Next week a website release is planned that will enable a new way for updating Community Downloads page./ /The new way has a much faster release method separate from the rest of the website's release schedule./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 20 March 2024: * *Updated: openvpn 2.6.10 release* /This release should go out today./ /It contains a number of security fixes focused on Windows./ * *OpenVPN 2.5.10 release* /According to ourSupportedVersions <https://community.openvpn.net/openvpn/wiki/SupportedVersions>guidelines we should do a release with the CVE fixes from 2.6./ /But we don't promise Windows installers there. But given that these issues are all focused around Windows, we will do a best effort attempt to deliver it anyway. This is something we'll pick up right after 2.6.10. /// * *New: tunnelblick and sophos UTM* /Need to investigate this issue. Possibly a client side fix./ * *Updated: website release process* /This week a website release is planned that will enable a new way for updating Community Downloads page./ /The new way has a much faster release method separate from the rest of the website's release schedule./ /For today's release however the usual annoying method will be used to get it published on the main site./ * *Updated: forums topics* /ecrist has gone ahead and launched the new forums and locked the old forums./ /The idea is that people and conversations migrate over to the new forums./ /There are still some issues with the new forums that should be resolved./ /The current situation is that old forums is new topics locked, and new forums has issues./ /Discussed and agreed to ask ecrist to either fix new forums quickly or unlock new topics on old forums until we fix things./ /- email delivery seems not to be working. email confirmation on registration was suggested./ /- spammers found the new forums - but an anti-spam module was installed so that should solve this in theory./ /- access to admin interface seems broken. have to find out where problem is exactly and solve it./ /- we still need to work on having some other people with some admin or high mod access./ /- mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: Security mailing list procedure can stand improvement* /dazo and novaflash will start discussing this internally in openvpn inc./ /Goal of discussions is to work out a better internal procedure to connect security mailing list better with company product responsible people./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 27 March 2024: * *New: when to deprecate weak ciphers* /Weak ciphers like 3DES and BF-CBC - what to do with them and when?/ /Originally it looks like it was planned to remove in 2.7 but that may be too soon./ /For example OpenVPN Inc. still sees customers with 10+ year old installations fairly regularly./ /A proposal to consider may be to deprecate it when crypto libraries deprecate it./ /Weighing the expected complaints versus the low cost of just maintaining weak ciphers until crypto libraries deprecate them - the choice seems obvious./ /For now we'll stick with letting weak ciphers stay in unless there is some convincing reason to remove it./ * *Closed: OpenVPN 2.6.10 release* /This was released 20th of March./ * *Closed: OpenVPN 2.5.10 release* /This was released 21st of March, including new Windows installers./ * *Closed: community funding initiative* /ordex convinced OTF (Open Tech Fund) to let OpenVPN join the "FOSS sustainability funding pilot run"./ /This allows to pay for allocated hours for mattock and cron2 to work on OpenVPN community tasks./ /Some ongoing tasks are listed under 'Mattock Topics' in the meeting notes and have already been going on for a while./ /This topic is therefore considered closed for now./ * *Closed: inactive setting data counter in openvpn2 and openvpn3* /It looks like openvpn2 and openvpn3 handle the counting of traffic for this differently./ /After some discussion it was decided illia will submit some suggested fixes./ /This will now follow standard procedure for patch submission and review. Closing topic./ * *Closed: tunnelblick and sophos UTM* /Looks like Tunnelblick implemented a fix on their end./ /https://github.com/OpenVPN/openvpn/issues/525 <https://github.com/OpenVPN/openvpn/issues/525>/ * *Updated: website release process* /Last week a website release was planned that would enable a new way for updating Community Downloads page./ /Postponed to this week. We'll see./ * *Updated: forums topics* /ecrist still working on forums. admin access issue looks resolved. email issue looks resolved./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- we still need to work on having some other people with some admin or high mod access./ /- mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex will prepare a v3 patchset soon based on feedback received./ /There will be an API change that makes it incompatible with the current implementation./ /A graceful solution to that was already discussed and in motion. giaan will be working on this./ /(in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)// * *Updated: mattock topics* /Made it so --dev null tests can run arbitrary numbers of servers concurrently, and have arbitrary amount of clients run in parallel to these servers./ /Will probably look into separating the --dev null test data (test cases) from the test scripts./ /Also started on debian snapshot publishing but didn't get very far there yet./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 3 April 2024: * *New: live route update feature* /A client implementation will be added to OpenVPN3 core soonish./ /Obviously we'll need a spec that can be agreed on for this feature./ /And ideally also an openvpn2 implementation (client+server)./ /lev will put together a spec proposal for next meeting./ * *Updated: website release process* /Waiting for faster way to update community downloads and security advisories on main site./ /Again postponed due to issues. Now planned for this week. We'll see./ * *Updated: forums topics* /ecrist still working on forums. a DNS record for the future archive address will be added, rob0 is doing this./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- we still need to work on having some other people with some admin or high mod access./ /- mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: mattock topics* /Separated test data from code in --dev null tests./ /Also started on debian snapshot publishing but didn't get very far there yet./ /Will next look at remove sudo root requirement from --dev null server-side./ /Figure out if reliability can be increased further (i.e. why did it fail 4 out of 500 times)./ * *Closed: when to deprecate weak ciphers* /Weak ciphers like 3DES and BF-CBC - what to do with them and when?/ /Originally it looks like it was planned to remove in 2.7 but that may be too soon./ /For example OpenVPN Inc. still sees customers with 10+ year old installations fairly regularly./ /A proposal to consider may be to deprecate it when crypto libraries deprecate it./ /Weighing the expected complaints versus the low cost of just maintaining weak ciphers until crypto libraries deprecate them - the choice seems obvious./ /For now we'll stick with letting weak ciphers stay in unless there is some convincing reason to remove it./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 10 April 2024: * *Updated: live route update feature* /In short, the ability to update routes, DNS, ifconfig options, live, without having to do a full reconnect./ /One example where this solves an issue is when 1000 users are connected to a server, and you change a route that applies to all. You'd end up temporarily almost DDoS-ing yourself./ /As discussed last week, Lev has put together a proposal from which we can build a specification./ /The plan is to get approval for the specification first. ThenCloudConnexa? <https://community.openvpn.net/openvpn/wiki/CloudConnexa>/openvpn3 will get this implemented./ /In discussion with ordex it seems he and giaan can take on creating the OpenVPN2 server and client implementations./ /Proposal here:https://cryptpad.fr/pad/#/2/pad/edit/w1SE-ttFQphTrgZALaG8o8YE/ <https://cryptpad.fr/pad/#/2/pad/edit/w1SE-ttFQphTrgZALaG8o8YE/>/ /DYNAMIC_ROUTES message name is too limited to just routes, we instead prefer PUSH_UPDATE./ /Initially PUSH_UPDATE will support routes, DNS, and ifconfig options, to update network related settings on the client. This could be expanded in the future./ * *Updated: forums topics* /ecrist still working on forums. DNS record for archive of old forums was finally correctly created./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- we still need to work on having some other people with some admin or high mod access./ /- mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: OpenVPN community meetup 2024* /Naming: We decided to rename from 'Hackathon' to 'OpenVPN community meetup'. This has a more open spirit to it./ /Where: Karlsruhe, Germany. Meeting room location to be determined./ /When: At the moment tentatively set to 20-22 September 2024./ /Who: We'll do an open invitation to openvpn-devel mailing list, but also CC: specifically past attendees and people of interest./ /Shirts: There is plenty of time still to prepare a shirt design./ /There's a wiki page up now where we can coordinate:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 17 April 2024: * *New: updated 2.6.10 with new MSI installers* /There is a new Windows DCO driver that should handle coming back from hibernation better/faster, as it doesn't wait for keepalive timeout after hibernation./ * *New: --topology directive* /We changed the default for this to be 'subnet' as this is the most commonly used setup and has been for ages (used to be net30)./ /This is however breaking things by default for peer to peer setups. We could limit the change to just --server mode./ /djpig will propose a patch and it can be discussed further there./ * *Closed: live route update feature* /In short, the ability to update routes, DNS, ifconfig options, live, without having to do a full reconnect./ /After discussing last week seems like a path forward is clear./ * *Updated: Security mailing list procedure can stand improvement* /company will improve process on picking up tasks from security mailing list in the next week or so./ /The idea being that community guys will continue doing their thing as usual, and company guys monitor the list for company related items and follow up on those./ /The idea of an NDA is also revived. But it was made clear internally that we need like a one-page simple NDA for community members, not the unnecessarily restrictive one originally suggested by legal guys./ * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex will send a patchset v3 based on feedback received today./ /There will be an API change that makes it incompatible with the current implementation./ /A graceful solution to that was already discussed and in motion. giaan will be working on this./ /(in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)// * *Updated: donation collection* /From earlier exploration it is clear that setting up a legal entity is not worth the expense at this point. We're just starting out with donations./ /What we can do is start out with an existing company that can collect the money and puts it to good community use. ordex volunteers to take this on./ /There are some options to consider. There may be existing solutions that we want to consider./ /PayPal? <https://community.openvpn.net/openvpn/wiki/PayPal>seems overly expensive with all their fees./ /Stripe could be worth considering for credit card processing./ /GitHub? <https://community.openvpn.net/openvpn/wiki/GitHub>Sponsors was mentioned as a possible solution, this is worth investigating./ /Open Collective was also mentioned, that needs some investigating how that exactly would work for us./ * *Updated: forums topics* /ecrist still working on forums. waiting on ecrist to move things around./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- mod guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: mattock topics* /Managed to make tests run reliably now, the occassional failures seem resolved now./ /Documentation here:https://github.com/mattock/openvpn/blob/dev_null/doc/dev-null-test-suite.rst <https://github.com/mattock/openvpn/blob/dev_null/doc/dev-null-test-suite.rst>/ /Will submit a patch soon./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 24 April 2024: * *New, closed: OpenSSL 1.0.2 removal from OpenVPN 2.7* /Currently plaisthos is still supporting OpenSSL 1.0.2 because of Access Server still releasing on CentOS7/Red Hat7./ /Since we are dropping those platforms on Access Server, there appears to be no reason to keep supporting it./ /There were no objections to removing openssl 1.0.2 support from OpenVPN 2.7/ * *New: Discussion related to DNS IV flag* /The implementation of the dns option deviates somewhat from the original specification./ /d12fk wants to discuss a possible solution using another IV flag./ /A flag such as IV_PROTO_DNS_OPTION_V2 would be acceptable, as of OpenVPN 2.6.11./ /IV_PROTO_DNS_OPTION could be renamed to IV_PROTO_DNS_OPTION_OLD and marked as 'do not send'./ * *Updated: forums topics* /ecrist still working on forums. waiting on ecrist to move things around./ /ecrist requests that cloudflare be removed again. that's not really something that we want to do as we lose a lot of protection./ /rob0 and novaflash would like to assist in solving this problem. they would need root access to the VM. perhaps djpig can arrange this?/ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- mod permissions, guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: mattock topics* /PR created for the --dev null test suite. Fixed some issues based on feedback in #openvpn-devel./ /Documentation here:https://github.com/mattock/openvpn/blob/dev_null/doc/dev-null-test-suite.rst <https://github.com/mattock/openvpn/blob/dev_null/doc/dev-null-test-suite.rst>/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 8 May 2024: * *Closed: Discussion related to DNS IV flag* /This was done with a IV_PROTO_DNS_OPTION_V2 proto flag./ * *New, closed:TunnelVision <https://community.openvpn.net/openvpn/wiki/TunnelVision>vulnerability.*/ /This looks to be basically the same as theTunnelCrack <https://community.openvpn.net/openvpn/wiki/TunnelCrack>vulnerability./ /Mitigations forTunnelCrack <https://community.openvpn.net/openvpn/wiki/TunnelCrack>are underway but take time to deliver as the implementation is different on each platform./ /What we'll do is add a wiki article forTunnelVision <https://community.openvpn.net/openvpn/wiki/TunnelVision>that redirects toTunnelCrack <https://community.openvpn.net/openvpn/wiki/TunnelCrack>statement already present on our wiki./ /We'll add a section there specific to theTunnelVision <https://community.openvpn.net/openvpn/wiki/TunnelVision>aspect of this.// * *Updated: Tunnelcrack progressTunnelCrack community wiki article <https://community.openvpn.net/openvpn/wiki/TunnelCrack>* /Status update onTunnelCrack <https://community.openvpn.net/openvpn/wiki/TunnelCrack>mitigations:/ /Windows, openvpn2: ready to merge. openvpn3: in code review./ /Linux, openvpn2: in progress. openvpn3: in progress./ /macOS: to be determined./ /iOS: to be determined./ /Android: not vulnerable./ * *New:BlackHat? <https://community.openvpn.net/openvpn/wiki/BlackHat>announcement regarding 'OVPNX'.*/BlackHat? <https://community.openvpn.net/openvpn/wiki/BlackHat>announced a presentation about OVPNX vulnerabilities that lead to privilege escalation./ /This is by the same guy, Vladimir Tokarev, that reported these issues to us that we then solved./ /The problem is they are announcing it as zero-day vulnerabilities, which is simply not true./ /These were responsibly disclosed and in cooperation were fixed and published with the OpenVPN 2.6.10 and 2.5.10 releases./ /We did reach out to clarify things but haven't had a response yet./ /A security advisory and a blog post will be posted in the next day or so on the main website, and it will be added to the company newsletter as well./ /These will set the record straight that it's not zero-day, and furthermore point out that this is not that critical of an issue as you need privileges anyways to exploit it./ /Also this only affects OpenVPN2 GUI on Windows./ * *Updated: forums topics* /rob0 and novaflash volunteered to take a look at the web server config to make it work correctly./ /However due to other ongoing things, didn't have time yet, but will be able to spend time on it soonish./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- mod permissions, guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: mattock topics* /PR created to add t_server_null tests to buildbot./ /There's a parallelism issue to fix between t_server_null.sh and t_client.sh - will work on that./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 13:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 22 May 2024: *First a one-time reminder: the meeting time was changed from 13:00 Central European Time to 14:00 Central European Time, as per agreement in community.* * *New: DCO-win update needed* /There was a responsible disclosure report made regarding DCO windows driver. Details are currently under embargo./ /A new Windows installer release will be made available shortly and details will be published then./ /This will be an I002 Windows installer release for 2.6.10./ * *New: community.openvpn.net server maintenance* /There was some downtime here and after looking into it, the conclusion is that the software is out-of-date and needs love./ /We were already planning to migrate to another wiki solution, so this has provided an impetus to accelerate this./ /mattock will do a PoC of wiki.js and outline and we will make a decision once those are up, and then go for it./ * *Updated: Security mailing list* /It was proposed to add df12k to the security mailing list. If no objections this will be done./ /No objections. He will be added./ * *Updated: forums topics* /rob0 and novaflash will work to get access and then find some time to look at solving the cloudflare related issue./ /Unfortunately the past weeks were difficult to find time - holidays and travel and such. Will find time and push this forward./ /Plan is to soon switch URLs so new forum is on forums.openvpn.net and old forums is on archive address./ /- email confirmation on registration was suggested./ /- mod permissions, guide, hard or soft delete (chuck board?), what to do with GDPR, etc. (write it down and actually make it available to mods, maybe a hidden topic)/ /- access for mods to logs so one can see what others did/ * *Updated: mattock topics* /There is code waiting for review/merging but one of the reviewers is on vacation./ /Will in the meantime tackle the community.openvpn.net / wiki topic./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 29 May 2024: * *Closed: DCO-win update needed* /There was a responsible disclosure report made regarding DCO windows driver./ /This was fixed and released in the I003 Windows installer release for 2.6.10./ * *Updated: community.openvpn.net trac wiki* /There was some downtime here and after looking into it, the conclusion is that the software is out-of-date and needs love./ /We were already planning to migrate to another wiki solution, so this has provided an impetus to accelerate this./ /mattock will look into putting a PoC of wiki.js and outline after debian/ubuntu snapshot task is done./ * *Updated: release openvpn 2.6.11* /Waiting to complete review/merge process of Windows tunnelcrack mitigations./ /For the proposed Linux tunnelcrack mitigations, going for policy routing and such, it may need to go to 2.7 and it's quite a big change./ /There's an item reported by reynir that we'll likely want to get into this release as well./ * *Updated: OpenVPN community meetup 2024* /There's a wiki page up now where we can coordinate:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /We're basically at the point where we can prepare a mailing and send out invites to people./ /Where: Karlsruhe, Germany. Exact details of meeting room to be determined./ /When: Set to 20-22 September 2024./ /Shirts: novaflash will talk to matt about this./ * *Updated: mattock topics* /There is code waiting for review/merging but one of the reviewers is on vacation./ /Will in the meantime tackle the community.openvpn.net / wiki topic./ /Wrapping up debian/ubuntu snapshot building. It already works but wants to clean things up and make a PR./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 5 June 2024: * *New, closed: no community meeting on 12 June 2024* /Due to an event that a large amount of people will attend, this particular day will be inconvenient to do a meeting./ /Meetings will resume the week after on 19 June 2024./ * *Updated: Buildbot and t_server null* /Builds were failing because worker containers have not been rebuilt./ /This issue was resolved between mattock and djpig./ * *Updated: community.openvpn.net trac wiki* /It turned out that outline is not really open source, it has BSL 1.1 license. Not suitable for us./ /Wiki.js still seems at the moment the direction we want to go. To be sure leoossa will present some workflows to test./ /Based on the results of those tests we can then see where the limitations of wiki.js are, and then we can see if those are dealbreakers or not./ * *Updated: release openvpn 2.6.11* /Waiting to complete review/merge process of Windows tunnelcrack mitigations./ /Waiting to complete review/merge process of item reported by reynir./ /Once those items are in we'll prepare for a release, tentatively in 2 weeks from now./ * *Updated: DCO and Linux upstreaming, API change*/ //Upstreaming DCO to Linux is proceeding, it is in review stage at the moment. ordex will send a *patchset v4* based on feedback received over the past days. There will be an API change that makes it incompatible with the current implementation. A graceful solution to that was already discussed and in motion. giaan will be working on this. (in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 19 June 2024: * *Updated: release openvpn 2.6.11* /There is a security issue reported by reynir that is resolved, and we want to get that out in 2.6.11 tomorrow./ /The tunnelcrack mitigations for Windows are held back because we have had absolutely no response on the mailing lists for testing these and confirming that it doesn't break things./ /If someone can contribute to testing this we can follow up with a 2.6.12 release in a few weeks that contains the tunnelcrack mitigations for Windows./ * *New: buildbot PRs need attention* /Getting these merged soonish would help avoid nasty merge conflicts down the line/ Allow skipping build types <https://github.com/OpenVPN/openvpn-buildbot/pull/50> Add smoketest builds for openvpn3, openvpn3-linux and ovpn-dco <https://github.com/OpenVPN/openvpn-buildbot/pull/51> https://github.com/OpenVPN/openvpn-buildbot/pull/48 <https://github.com/OpenVPN/openvpn-buildbot/pull/48> /Developers have been pinged in the meeting about these, so they'll take a look when they can./ * *New: fixing openvpn3-linux builds in Buildbot* /Mattock has this almost working. Some platforms will have to be skipped because openvpn3-linux / gdbuspp dependencies (Meson in particular) are too old or missing./ /As an aside, OpenVPN3 Linux v22 dev for Ubuntu 24.04 LTS and Fedora 39 and 40 are in the release process./ /Next step is a 'regular' OpenVPN3 Linux v23 release again./ * *New: Linux arm64 buildbot workers* /Mattock has done initial research./ /Docker seems to support (QEMU) emulated non-native containers, but Buildbot might be missing the glue to make it work./ /Patching Buildbot should not be *that* difficult./ /External (arm64) Docker host might be a more performant alternative option./ * *New: how to proceed with lzo2.pc* /pc file suggests "all includes should be done without|lzo/|prefix" - which is generally not a bad idea, but needs code changes beyond configure (right?)/ /There are some options to make changes here. For now we'll just keep working around this issue.' /One thing seems clear; it would be too early to rip it out, it would most likely affect too many people still using it despite the fact that they shouldn't./ /An option we have is to use the OpenVPN3 implementation of lzo and port that to OpenVPN2, to solve this./ /This is a topic that will be moved to the OpenVPN community meetup 2024.// * *New: run tests of 2.x against openvpn3? how?* /There is a 'null client' variant of ovpncli that allows to make VPN connections but not fully, for testing purposes./ /This is in the openvpn3 repository./ * *Updated: community.openvpn.net trac wiki* /Wiki.js felt quite awkward and counterintuitive in practical tests done by mattock. It seems to focus on bling rather than usability./ /Xwiki felt quite bulky and enterprisey (a.k.a. full of "stuff") in the practical tests by mattock. It seems an overkill for our simple use-case./ /Mediawiki no longer feels as nasty as it once did :)/ /Maybe some Git-based wiki-type solution would be ok?/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 26 June 2024: * *New: release openvpn 2.6.12* /The security issue addressed in 2.6.11 has the known issue that it breaks certain setups with backend scripts that produce custom auth_failed messages./ /This will be addressed in the upcoming 2.6.12 release./ /An improvement in the area of the LZO library is also in the works./ * *Updated: release openvpn 2.6.11* /This release was done last week on June 20th./ /We have a fix for a reported issue with localized versions of Windows and a custom installation path of OpenVPN GUI. Looks like we can update to I002 for the Windows installer./ /This will likely go out today./ /The tunnelcrack mitigations for Windows are held back because we have had absolutely no response on the mailing lists for testing these and confirming that it doesn't break things./ /If someone can contribute to testing this we can follow up with a 2.6.12 release in a few weeks that contains the tunnelcrack mitigations for Windows. Otherwise it goes to 2.7./ * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex has sent in*patchset version 4*./ /There will be an API change that makes it incompatible with the current implementation./ /A graceful solution to that was already discussed and in motion. giaan will be working on this./ /(in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)// * *Updated: Tunnelcrack progressTunnelCrack community wiki article <https://community.openvpn.net/openvpn/wiki/TunnelCrack>* /Status update onTunnelCrack <https://community.openvpn.net/openvpn/wiki/TunnelCrack>mitigations:/ /The tunnelcrack mitigation for Windows has gone in master, which will go to 2.7 release. There is the possibility for it to go to 2.6.x if we can find testers for this./ /Windows, openvpn2: merged to master, not to 2.6.x. openvpn3: in code review./ /Linux, openvpn2: in progress. openvpn3: in progress./ /macOS: to be determined./ /iOS: to be determined./ /Android: not vulnerable./ * *Updated: OpenVPN community meetup 2024* /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany. Meeting room found, need to find out how many participants roughly./ /When: Set to 20-22 September 2024./ /Shirts: novaflash spoke to matt - he will get us some design in august./ /We need to know how many participants will show. To that end it makes sense if we put together an invite mail and send it out./ /novaflash put together a suggested mail;https://cryptpad.fr/pad/#/2/pad/edit/UEzTg-cbReVteh9zR9CQD-Tt/ <https://cryptpad.fr/pad/#/2/pad/edit/UEzTg-cbReVteh9zR9CQD-Tt/>/ /This will be sent out as an official invite to openvpn-devel and to some special guests./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] Invitation: OpenVPN community meetup 2024
Hello OpenVPN enthusiasts! Every year the OpenVPN community organizes a meeting to get together in real life and discuss important topics for the future of the OpenVPN software. We welcome all people that can contribute in one way or another to the community. In the past we called these meetings 'hackathons' but we feel that this excludes people that do other valuable work like helping on the forums, answering questions, and contributing in other ways. So we've renamed it to 'OpenVPN community meetup', to lower any barrier to joining us. If you intend to join, please let us know by responding to this mail, either on the mailing list or privately. It's free to join - but of course you have to arrange your own travel and hotel. We would like to get an idea of how many people will be at the meetup so we can have the appropriately sized meeting room arranged! Oh, and if you want a cool free OpenVPN t-shirt when you attend, be sure to add your t-shirt size to the wiki page: https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 When? September 20, 21, and 22, this year. Where? Germany, Karlsruhe. The exact meetup location in Karlsruhe will be decided once we have a clearer picture of how many people are coming. What? One of the main items is going to be the upcoming major release OpenVPN 2.7, and what new things will go into that release. We have a community meeting wiki page (https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024) where we will gather topics and you are welcome to suggest items to discuss or present there. Topics like code improvements, features, enhancements, future developments, possible collaborations, and so on. And more informally, to hang out together and get to know each other a bit, preferably with (non-alcoholic) beer! The format is one where we meet up in a meeting room arranged for this purpose, and have the opportunity to discuss all sorts of topics, and get to know each other's technical backgrounds. In the past various features have been hashed out in detail at these meetings, giving people a chance to talk face-to-face and work things out more easily and quickly. And afterwards there is opportunity to eat and drink and get to know each other a bit better. Who? All that contribute in some way! We will have of course a lot of the developers that contribute code, but also people that contribute in other ways. We receive security reports from cybersecurity experts and welcome their insights and presence as well. We would welcome anyone that can contribute in some way to making OpenVPN better. Please let us know if you'll join! Thank you! Greetings from the OpenVPN community. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 3 July 2024: * *Updated, closed: release openvpn 2.6.11* /The original release was done on June 20th. A Windows installer update was done last week to solve an issue with localization and custom installation path (I002)./ * *Updated: forums topics* /novaflash finally has time to look into this topic. But has no access. Who can get novaflash access?/ /looks like mattock, djpig or uddr35 - will poke uddr35 about this./ * *Updated: buildbot PRs need attention* /2 out of 3 PRs got merged, 3rd one is still up/ Add smoketest builds for openvpn3, openvpn3-linux and ovpn-dco <https://github.com/OpenVPN/openvpn-buildbot/pull/51> * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex has sent in*patchset version 5*./ /There will be an API change that makes it incompatible with the current implementation./ /A graceful solution to that was already discussed and in motion. giaan will be working on this./ /(in a nutshell, make OpenVPN understand old and new API, DKMS and kernel versions both will then use new API, then we drop old API)// * *Updated: OpenVPN community meetup 2024* /Invitation was sent, waiting to gather responses./ /Perhaps we can do a guesstimate on number of people expected./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany. Meeting room found, need to find out how many participants roughly./ /When: Set to 20-22 September 2024./ /Shirts: novaflash spoke to matt - he will get us some design in august./ * *Updated: community.openvpn.net trac wiki* /We keep running into stupid limitations and bad suckiness with wiki solutions./ /So we're going back to requirements and lining up candidates:https://community.openvpn.net/openvpn/wiki/NewWiki <https://community.openvpn.net/openvpn/wiki/NewWiki>/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 10 July 2024: * *Updated: forums topics* /novaflash got access just last week, will look into the forums situation and set up a new PoC server./ * *Updated: OpenVPN community meetup 2024* /Determined that venue will be atSteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe. Details will be added to the wiki./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany. Meeting room found, need to find out how many participants roughly./ /When: Set to 20-22 September 2024./ /Shirts: novaflash spoke to matt - he will get us some design in august./ * *Updated: community.openvpn.net trac wiki* /novaflash tried out a few things and updated:https://community.openvpn.net/openvpn/wiki/NewWiki <https://community.openvpn.net/openvpn/wiki/NewWiki>/ /the search continues./ /the security level on community.openvpn.net was lowered by one notch. immediately attacks happened again./ /turns out trac has a reflection attack vulnerability and this was mitigated. let's see how it runs now./ /we know we need to replace this but need to find a solution that fits our needs first./ * *Updated: release openvpn 2.6.12* /This should address the slightly-too-aggressive security fix in 2.6.11 that could affect people sending custom messages with trailing newline characters./ /Tentatively we will release this version next week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 17 July 2024: * *Updated: release openvpn 2.6.12* /This should address the slightly-too-aggressive security fix in 2.6.11 that could affect people sending custom messages with trailing newline characters./ /Should be a release tomorrow on 18 July./ * *Updated: OpenVPN community meetup 2024* /Hotel recommendation added; Hotel Santo in Karlsruhe./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany.SteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe./ /When: Set to 20-22 September 2024./ /Shirts: novaflash spoke to matt - he will get us some design in august./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 31 July 2024: * *Updated: OpenVPN community meetup 2024* /Hotel recommendation added; Hotel Santo in Karlsruhe./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany.SteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe./ /When: Set to 20-22 September 2024./ /Shirts: matt gave us 2 t-shirt designs and we reviewed them in the meeting./ /We love the cartoon version, so if we can only have one, we'll do that. But if possible, getting the minimalistic one too would be cool./ * *Updated: live route updates* /lev has a proposal to go through, to see if the approach is acceptable to community members./ /cron2 hasn't had time to read through it yet./ /So far it seems we are good with optional/mandatory options concept, and by default all options are mandatory./ /Optional are prefixed with a question mark (?). The idea here is that if a client does not support updating that parameter live it can ignore it./ /Whereas without such a prefix, it is mandatory, so if a client cannot update it live, it will do a normal reconnect to ensure changes are implemented./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 14 August 2024: * *Updated: OpenVPN community meetup 2024* /Hotel recommendation added; Hotel Santo in Karlsruhe./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany.SteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe./ /When: Set to 20-22 September 2024./ /Shirts: matt gave us 2 t-shirt designs and we reviewed them in the meeting./ /T-shirt are being ordered, there will be enough to provide the list of people on the wiki page./ * *Updated: community.openvpn.net trac wiki* /novaflash and mattock tried out a few things and updated:https://community.openvpn.net/openvpn/wiki/NewWiki <https://community.openvpn.net/openvpn/wiki/NewWiki>/ /we found otterwiki and this checks the must have boxes and a nice-to-have "commit to git backend" function. So we'll PoC that./ /Collaborative editing seems to only be possible with paid products currently./ * *Updated: Linux arm64 buildbot workers* /There's a "docker host" now that is essentially a buildbot environment that can run arm64 containers./ /In theory pointing our existing buildmaster to it should work. This is untested but should work./ /When mattock has time he'll work further on this./ People that are paying close attention might have noticed that last week there was no meeting summary. This was because there were no noteworthy updates last week. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 11 September 2024: * *Updated: OpenVPN community meetup 2024* /Hotel recommendation added; Hotel Santo in Karlsruhe./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany.SteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe./ /When: Set to 20-22 September 2024./ /Shirts: T-shirts are on their way, expected to arrive this week./ * *Updated: community.openvpn.net trac wiki* /mattock is working on getting otterwiki working in a reasonable production configuration./ /Hit a bug in otterwiki, reported it, it got fixed, moving on.../ /Basically working on setting up postgresql, separating uwsgi. After that, let's see if we can copy content./ * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex has sent in*patchset version 6*. and v7 is on the way./ /There will be an API change that makes it incompatible with the current implementation./ / * *Closed: Linux arm64 buildbot workers* /mattock almost finished the work on this - a small fix that djpig requested is pending, but it's all working now./ * *Closed: fixing openvpn3-linux builds in Buildbot* /Mattock has this almost working. Some platforms will have to be skipped because openvpn3-linux / gdbuspp dependencies (Meson in particular) are too old or missing./ /As an aside, OpenVPN3 Linux v22 dev for Ubuntu 24.04 LTS and Fedora 39 and 40 are in the release process./ /Next step is a 'regular' OpenVPN3 Linux v23 release again./ People that are paying close attention might have noticed that in the past few weeks there were no meeting summaries. This was because of a bit of summer vacation hiatus, which should be over now. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 13 November 2024: * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex will send out*patchset v12*later this week./ * *Updated: DCO windows multi-peer* /Kernelspace and userspace now look to be working./ /Ran gremlin tests for 30 minutes with up to 1000 connections and it all worked as it should./ /Will prepare to send in patches for review./ * *Updated: multi-socket patch series* /This has been rebased and comments addressed - now in review./ /Two minor refactoring patches handled. Continuing work on this./ * *Updated: data format v3 / epoch data keys* /RFC is here:https://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /plaisthos is working to implement it in openvpn3 first./ /MaxF will review the RFC. And comments/questions he will pass to plaisthos so he can handle updating the RFC if needed./ * *Updated: push_update / live route updates* /There have been some initial tests on a server implementation in PG./ /There is a server-side bug that will be fixed in PG, and a request to support a few more options (keepalive options)./ /levwill add keepalive to OpenVPN3 code./ /mrbff and ordex will implement the openvpn2 server and client support for push_update./ * *Updated: TLS-exporter in mbedtls* /Needed for TLS 1.3 support with openvpn and mbedtls - TLS-exporter currently missing in mbedtls./ /maxf reports he's making some progress on implementing this - currently working to ensure all unit tests in all million billions of configurations work./ * *Updated: --dns patch review upcoming* /d12fk patches are being made ready for gerrit review now./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 18 September 2024: * *Updated: OpenVPN community meetup 2024* /Hotel recommendation added; Hotel Santo in Karlsruhe./ /Wiki coordination page:https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2024>/ /Where: Karlsruhe, Germany.SteamWork? <https://community.openvpn.net/openvpn/wiki/SteamWork>, Karlsruhe./ /When: 20-22 September 2024./ /Shirts: T-shirts are in d12fk's possession in Karlsruhe now./ * *Updated: DCO and Linux upstreaming, API change*/ /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex has sent in*patchset version 7*. Awaiting review again./ / * *Updated: community.openvpn.net trac wiki* /Seems mattock managed to get it into a reasonable shape ready for production./ /Next step is looking at migrating data from old to new./ * *Updated: live route updates* /There's a PR up on github openvpn-rfc for the live route updates proposal./ /So far it seems we are good with optional/mandatory options concept, and by default all options are mandatory./ /Optional are prefixed with a question mark (?). The idea here is that if a client does not support updating that parameter live it can ignore it./ /Whereas without such a prefix, it is mandatory, so if a client cannot update it live, it will do a normal reconnect to ensure changes are implemented./ This weekend the OpenVPN community meetup 2024 will take place. All those that will attend - see you there! As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 27 November 2024: * *New: swupdate.openvpn.net/org cleanup* /Basically this has become a dumping ground for just about everything. We're cleaning it up./ /Need to discuss how to handle community files that are on there./ /A priority is to ensure no interruptions to existing content/links./ /The plan we want to propose to OpenVPN Inc. is to get all proprietary stuff moved off of swupdate.openvpn.net, which seems to already be ongoing anyhow./ /And then keep swupdate.openvpn.net purely for community and move the s3 bucket to community AWS account and reduce the amount of caching layers to just one./ /Will relay this plan to OpenVPN Inc. and see what they say./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /patchset v12 had 2 weeks delay, hoping to get it out this week now. Main reason is having to deal with someone with a lot of comments to make./ * *Updated: community.openvpn.net wiki* /A more suitable production deployment schema for otterwiki has been submitted upstream. That does not block us however./ /uddr35 has arranged a node for mattock to use and the DNS record for it should be ready today./ /That means mattock will have access to a node to set things up on in the next few hours or so./ * *Updated: t_server_null improvements* /The LWIP ping testing in t_server_null.sh is working and a PR is up./ * *Updated: OpenVPN community meetup 2025* /When: september/october ish, a poll will be made soonish to gather people's availabilities./ /Where: Napoli, Italy./ /Meeting room: tbd./ /Hotel: tbd./ /Beer: yes./ /T-shirts: yes./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] Subject: Inquiry/Report Regarding OpenVPN CVE and Security Updates
Hello Netanal, For security related issues, especially those under embargo, use secur...@openvpn.net only. Do not include the developer mailing list. It is also not appreciated to add in other security reporting lists. If you have something to report in terms of security for OpenVPN, then report it only to OpenVPN (secur...@openvpn.net). However since there is nothing known and that is not a secret I can answer all 3 of your questions with a simple; no. Your idea of reporting security issues and doing security testing does not seem to meet (our) standards, sorry. You've found nothing yet continue to claim that you think there is something. We've proven there isn't. You provide no proof there is. And your recent response to "Please investigate, Tnx" is quite frankly hilarious as well as entirely useless. We gave you explicit advice and instructions to make a decent report that you just seem to ignore. You've proven nothing. You're quite frankly embarrassing yourself in the community. Being inexperienced at something is not a crime, we all had to start somewhere, and I've made mistakes in the past too. But that's okay, we learn and get better. However, there is a lot of information out there on the Internet and also given in these email conversations that can help you to become a decent security researcher and make sensible reports, if you would care to actually follow that advice. It does not seem you are willing to do what is necessary. Because of that, I am going to ignore messages from you going forward, unless you actually have something relevant to report. Kind regards, Johan Draaisma On 18-11-2024 15:30, נתי שטרן wrote: Dear OpenVPN Security Team, I hope this message finds you well. I am writing to inquire about recent vulnerabilities disclosed in OpenVPN, specifically related to Data Channel Offload (DCO) and associated components. Our current deployment uses OpenVPN version *2.6.12*, which appears to include patches for the vulnerabilities described under CVE-2024-27459, CVE-2024-24974, CVE-2024-27903, and CVE-2024-1305. However, I would like to confirm the following: 1. Are there additional security recommendations for mitigating potential exploitation of DCO-specific features? 2. Are there any newly identified vulnerabilities in OpenVPN 2.6.12 that have not yet been disclosed in advisories? 3. Could you provide more detailed guidance or best practices for hardening configurations against these and similar vulnerabilities? If you require any additional information from our side, I am happy to provide details within the limits of operational confidentiality. TNX, NETANEL ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 20 November 2024: * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex intended to send out patchset v12 but was delayed due to illness. Now expected this week./ * *Updated: data format v3 / epoch data keys* /RFC is here:https://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /plaisthos is working to implement it in openvpn3 first./ /MaxF reviewed the RFC and commented that it looks good./ * *Updated: DCO windows multi-peer* /Preparing patchset for the userspace implementation./ * *Updated: t_server_null improvements* /The LWIP ping testing in t_server_null.sh is somewhat working./ /It is a bit tricky to get it right but then it seems to be working./ /mattock will prepare a patch./ * *Updated: community.openvpn.net wiki* /A more suitable production deployment schema for otterwiki has been submitted upstream. That does not block us however./ /mattock is ready to proceed and needs an EC2 instance in the community account for hosting production./ /This instance can have some new address so we can start setting it up and migrating content./ /After migrating data we can then remove the old wiki and put the new wiki on the address of the old one./ /djpig or uddr35 can help to provide the instance and give mattock full access to it so he can then deploy the necessary otterwiki deployment on it./ * *New: snapshot releases via Chocolatey software* /mattock contacted the Chocolate package maintainer for OpenVPN and aasked if he would be okay with publishing Windows MSI snapshots as well./ /Seems like the maintainer is amenable to helping us achieve that goal./ * *Updated: --dns patch review upcoming* /d12fk patches are being made ready for gerrit review now - should arrive before next meeting./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 4 December 2024: * *New: no meetings on 25th of December, 1st of January* /For obvious reasons./ * *Updated: swupdate.openvpn.net/org cleanup* /Basic idea is agreed; set up a new S3 bucket in AWS community account, keep only community stuff there, move swupdate.openvpn.net/org domains there, have only 1 caching layer (not 2 like now)./ /There will be some redirects for some of the company stuff that go to packages.openvpn.net./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v12 has gone out and is under review./ /ordex reports that some of the test framework has been merged so it looks like there is some movement./ * *Updated: t_server_null improvements* /ovpnlwip seems to work fine on all linux platforms, based on buildbot tests./ /Waiting review./ * *Updated: buildbot improvements* /cron2 requests that we pretty please have a mingw build in gerrit. this has in the meantime materialized./ /mattock is looking into adding ubu24.04 clang+asan build./ * *Updated: multi-socket support* /Now in review. Patchset v8 should be going out this week./ * *Updated: new --dns option support* /Now in review. d12fk sent in patchset for new --dns option support./ /*Note: obviously, there will be no meetings on 25th of December or 1st of January for obvious reasons. Obviously.*/ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 5 February 2025: * *New: OpenSSL update with vulnerability severity "HIGH" is dropping next week.* /This might not really affect us but we will likely have to do a 2.6.13 I002 binary for Windows./ * *New: Windows MSI snapshots not updating* /lev asks if this can be looked at. will look into it./ * *Updated: Release 2.7* /We want to get our release done before the next major Debian release./ /This means tentatively getting stuff for 2.7 done before March 1 or so, and release early April./ /Looking into a weird failure to deliver properly working openssl binary on amd64 on master./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v19 will be sent in after addressing some more comments, hopefully end of week./ * *Updated: data format v3 / epoch data keys* /RFC is here: https://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /PR: https://gerrit.openvpn.net/c/openvpn/+/806 <https://gerrit.openvpn.net/c/openvpn/+/806> / /Implementation in OpenVPN3 is done./ /Implementation in OpenvPN2 is almost fully merged, has been tested, and has just one patch and ack to go. MaxF will review for final acks./ * *Updated: multi-socket support* /https://gerrit.openvpn.net/q/topic:%22multisocket%22 <https://gerrit.openvpn.net/q/topic:%22multisocket%22>/ /ordex and giaan continuing the work on this./ /Found a new problematic area that has to be dug into, this will take some time./ * *Updated: DCO windows multi-peer* /lev is continuing his work on this, looks like it's nearing completion./ * *Updated: new --dns option support* /https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>/ /Certain issues were found during testing, these are being addressed./ /There's also a small bugfix coming for a case reported by an OpenVPN Inc. customer related to search domains./ /And after discussions between d12fk and plaisthos some adjustments will be made to how DNS config is applied./ * *Updated: push_update / live route updates* /mrbff and ordex are implementing the openvpn2 server and client support for push_update./ /PR has approves, waiting review from cron2./ * *Updated: community.openvpn.net wiki* /Some content has been copied over, perhaps not ideally but there's something./ /A couple of community folks have access now and we can start to work on this wiki replacement by adding content./ /A 404 page was added that explains that we are moving to a new wiki so in case people hit something that was removed or not moved over yet, people at least will know why./ /action item for novaflash; To continue migrating pages we want a list of hits over last 6 months or so./ /action item for novaflash; To do outgoing SMTP we need an account for an SMTP servce./ * //*Updated: t_server_null improvements */ovpnlwip seems to work fine on all linux platforms, based on buildbot tests./// /This is in cron2's backlog to review./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 29 January 2025: * *Updated: Release 2.7* /We want to get our release done before the next major Debian release./ /This means tentatively getting stuff for 2.7 done before March 1 or so, and release early April./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v19 will be sent in on Feb 3rd when the netdev mailing list is open again./ * *Updated: data format v3 / epoch data keys* /RFC is here: https://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /Implementation in OpenVPN3 is done./ /Implementation in OpenvPN2 is almost fully merged, just one patch to go. MaxF will review./ * *Updated: multi-socket support* /https://gerrit.openvpn.net/q/topic:%22multisocket%22 <https://gerrit.openvpn.net/q/topic:%22multisocket%22>/ /ordex and giaan continuing their work on this./. * *Updated: new --dns option support* /https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>/ /Waiting d12fk to respond to feedback - will do this soon./ * *Updated: community.openvpn.net wiki*/* *Some content has been copied over, perhaps not ideally but there's something. djpig and novaflash have access now and we can start to work on this wiki replacement by adding content./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 11 December 2024: * *Reminder: no meetings on 25th of December, 1st of January* /For obvious reasons./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v13 and v14 followed really fast and v14 is now under review./ /Interesting news article appeared on the webs:https://www.phoronix.com/news/OpenVPN-Data-Channel-DCO-Soon <https://www.phoronix.com/news/OpenVPN-Data-Channel-DCO-Soon>/ * *Updated: OpenVPN community meetup 2025* /https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 <https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025>/ /When: september/october ish, a poll for checking availibity is here: https://nuudel.digitalcourage.de/NROHeFlkfaYnoNGC/ /Where: Napoli, Italy./ /Meeting room: tbd./ /Hotel: tbd./ /Beer: yes./ /T-shirts: yes./ /*Note: obviously, there will be no meetings on 25th of December or 1st of January for obvious reasons. Obviously.*/ /*Note number 2: We are already gathering availability for people attending the community meetup for 2025. A poll can be filled in here; https://nuudel.digitalcourage.de/NROHeFlkfaYnoNGC */ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 22 January 2025: * *Closed: 2.6.x release* /2.6.13 was released last week./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v18 sparked 2 discussions, both resolved. A v19 is expected to be sent in after net-next opens on February 3rd again./ * *Updated: community.openvpn.net wiki* /it's online now, but completely empty. now we will look into a proper 404 page in preparation for the move. we are going to move releases information, IRC meeting summaries and notes, and security advisories over first. Then we'll see further./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 15 January 2025: * *Updated: 2.6.x release* /Plan to start the 2.6.13 release process today with the assorted patches that are in release/2.6./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v17 and v18 followed really fast and v18 is now under review./ * *Updated: DCO windows multi-peer* /lev has finished the driver and userspace implementations for the iroute./ * *Updated: data format v3 / epoch data keys* /RFC is here:https://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /Implementation in OpenVPN3 is in review/merge stage./ /Implementation in OpenvPN2 is almost fully merged, just one patch to go./ * *Updated: multi-socket support* /Patchset v12 is pushed out and ready for review./ /https://gerrit.openvpn.net/q/topic:%22multisocket%22 <https://gerrit.openvpn.net/q/topic:%22multisocket%22>/ * *Updated: community.openvpn.net wiki* /mattock converted the setup to podman which is what we tend to use nowadays in our infrastructure./ /mattock will try to finish the work this week so we can plan for deploying it./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 23 April 2025: * *Updated, closed: DCO Linux upstreaming* /The moment has arrived; DCO has been accepted upstream. It will become part of Linux kernel 6.16./ /Congratulations to everyone and particular Antonio Quartulli who put in so much of his time to get it done./ /A backport will be made of the code that was accepted upstream for older kernels, and this backport will eventually replace the current DCO kernel module code together with 2.7 release./ * *Updated: community.openvpn.net wiki* /We are planning to switch from trac wiki to otterwiki. Mattock suggests to do this on May 12./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 16 April 2025: * *Closed: Release 2.6.14* /This was released on April 2nd 2025 and addressesCVE-2025-2704 <https://community.openvpn.net/openvpn/wiki/CVE-2025-2704>./ /Access Server 2.14.3 was released April 14th that has this version and fix in it./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is still in review phase but very close to being merge ready./ /Sabrina has extensively reviewed and all items are now resolved and her reviewed-by blessing given./ /Jakub is now reviewing and had a few comments and a patchset v26 was sent in yesterday to address these./ /The tentative expectation is that once finally Jakub okays it, it may get merged./ * *Updated: Release 2.7* /Unfortunately our initial goal to get 2.7 ready for the next Debian 13 release is not feasible./ /Current estimates are to have all major code items in by May 1st and then a release on July 1st./ /For DCO the plan is to take the DCO code that is being worked on to upstream to Linux kernel, and make it like a backport to go together with 2.7./ /For changes to Windows service handling for 2.7, those changes have been made so openvpn can run nicely under a limited privileges account./ /There is a party interested in doing a security audit of OpenVPN 2.7, there are some questions to be clarified about it being a code audit and/or testing./ /SRLabs.de was the party chosen to do the audit./ * *Updated: forums situation* /Situation in a nutshell; old forums got flooded with spam. attempt was made to make new forums to fix it. this was aborted. now we're in limbo./ /We now have someone from OpenVPN Inc to help us fix it up, so we'll let him try./ * *Updated: new --dns option support* /https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>/ /Implementation for unix-like has needed approvals but needs to go in. Windows implementation is done and in./ /Currently work is being done on expanding the test framework to test the new DNS options - server-side of that is done, client side needs to comply./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 19 February 2025: * *New: community downloads hard to find on main website* /Three suggestions that will be passed on to company:/ /1. rename community to open source, there is a consensus in the meeting that community could be anything and open source is specific to openvpn open source software./ /2. open source community would prefer to see open source downloads back on the 'second line' main menu./ /3. it was suggested to add a call to action like "looking for open source downloads?" at the bottom of the page./ * *Updated: OpenSSL update severity high* /We discussed internally and looks like it doesn't affect us. But since a copy of OpenSSL is shipped with the Windows installer, we'll just update that copy just to be sure./ /This will be shipped as a 2.6.13-I002 update/revision to the MSI installer only, not a full OpenVPN release./ * *Updated: Release 2.7* /We want to get our release done before the next major Debian release./ /This means tentatively getting stuff for 2.7 done before March 1 or so, and release early April./ /Looking into a weird failure to deliver properly working openssl binary on amd64 on master. Looks like with old MSVC the OpenSSL ARM64 bug we observed doesn't occur./ /We need to decide on switching to newer API for DCO and making a newer out-of-tree DCO. We're already working towards an updated out-of-tree DCO copy./ /There is a party interested in doing a security audit of OpenVPN 2.7, there are some questions to be clarified about it being a code audit and/or testing./ * *Updated: data format v3 / epoch data keys* /Implementation in user space in OpenVPN2 and OpenVPN3 are both done now./ /Since Linux DCO is in the process of upstreaming to Linux kernel, we're not changing the implementation to include this now, but will do it after./ /Windows DCO multipeer support is currently in review process - once that part is done we can look at adding the necessary changes for epoch data keys./ * *Udated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /Patchset v19 lead to some further discussions which are believed to now be resolved, v20 should land by end of this week./ * *Updated: multi-socket support* /https://gerrit.openvpn.net/q/topic:%22multisocket%22 <https://gerrit.openvpn.net/q/topic:%22multisocket%22>/ /Currently there's 3 patches left. A trivial one, then one that may need more discussion, and then the big one that makes it all work./ /It generally works but cron2 was able to trigger crashes after stress testing it - so that needs to be addressed./ * *Updated: DCO windows multi-peer* /This is in review now - it compiles and works./ /cron2 is looking into stress testing it to see what breaks./ * *Updated: new --dns option support */https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>//It's going to be updated based on feedback received and discussions had on how to handle the situation of being unable to handle certain DNS options. //Expect it to be ready for review again by end of the week./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 5 March 2025: * *New: security mailing list* /Despite agreements made before, company now has a proposal to take over the security mailing list entirely./ /community has rejected this. suggested to set up company reporting address instead and let us keep the existing list./ /will await response./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /A patchset v21 was sent in on Monday. There are still small items that are being brought up for discussion/improvement so a v22 is on the horizon./ * *Updated: new --dns option support* /https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>/ /In the latest patchset some stuff is broken so d12fk will address that./ /cron2 and d12fk are working out agreement on the configure part - on or off by default./ * *Updated: multi-socket support */https://gerrit.openvpn.net/q/topic:%22multisocket%22 <https://gerrit.openvpn.net/q/topic:%22multisocket%22>//The assert crash issue that cron2 found earlier should be addressed by the patch that's going to be pushed today./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 12 March 2025: * *Updated: security mailing list* /Both community and company want to be in control of security mailing list. We need some resolution./ /novaflash suggested to nominate ordex and cron2 as representatives of community to discuss directly with andrew from openvpn inc to come to some agreement./ /This idea was accepted by community and novaflash will arrange a date/time for the call./ * *Updated: DCO Linux upstreaming* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /A patchset v22 was sent in on Tuesday./ * *Updated: new --dns option support */https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>//As agreed d12fk has been addressing things in the PR and handling comments there. //The new --dns directive allows more functionality and to resolve ambiguity in current dhcp-option dns handling, which is different per client and OS. //OpenVPN2 on unix-like systems does not have built-in DNS handling. On these you tend to have to add --up and --down script handling for DNS. Not ideal. //We want to deliver a DNS script that is enabled by default so OpenVPN2 on unix-like systems can 'just do DNS' out of the box. //But we also don't want to break situations where people have already implemented --up and --down script handling. //The proposed behavior is; //- by default dns-script is delivered with openvpn2 on Linux and enabled by default //- it is not used when --up script is set in openvpn config file - that will function as before //- it is not used when at runtime --dns-script disable is set //- it is not used when at compile time --disable-dns-script is set //The PRs for improving DNS implementation using NRPT on Windows and solving a WMIC related problem have already been merged./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 26 February 2025: * *Updated, closed: OpenSSL update severity high* /Even though we don't appear to be affected by the issues in this release, but because the Windows installers bundle a copy of OpenSSL, we decided to update the Windows installers to version I002./ /This is up on the community wiki now but main website will follow suit shortly. novaflash will arrange that website gets updated - should be updated on Thursday somewhere./ * *Updated, closed: DCO windows multi-peer* /This was merged, and 2 bugs discovered in iroute implementation were also fixed./ /Epoch data keys implementation in Windows DCO development is now unblocked./ * *Updated: new --dns option support* /https://gerrit.openvpn.net/q/topic:%22dns+option%22 <https://gerrit.openvpn.net/q/topic:%22dns+option%22>/ /cron2 wants to discuss about a particular issue regarding DNS, and a documentation update is needed./ * *Updated: data format v3 / epoch data keys* /Implementation in user space in OpenVPN2 and OpenVPN3 are both done now./ /Developing support for epoch data keys in DCO Linux is on hold until upstreaming to Linux kernel is done./ /Developing support for epoch data keys in DCO Windows is unblocked - to be picked up by lev when he is able./ * *Updated: DCO Linux upstreaming */Upstreaming DCO to Linux is proceeding, it is in review stage at the moment. //Due to changes in RTNL kernel space we have to send an updated patchset (v20 i think by now)./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 9 July 2025: * *Updated, closed: Changes to community pages on main website* Company has published the updated community page:https://openvpn.net/community/ There were some issues related to community documentation living on openvpn.net - this is resolved. * *Updated: cve.mitre.org deprecation notice* The MITRE CVE site we are linking to for all CVE record references has a deprecation notice. Instead cve.org is being advised as the site to use from now on. novaflash made an internal company ticket to update links on the main site. novaflash search/replaced all the CVE links on community wiki to the new address. * *Updated: Release 2.7* For macOS DNS script there is a patch up for review. For multisocket, a bug report came in, and a patch is up for review. For float and DCO, lev has an idea on how to implement it but needs some agreement with ordex on adjustments for user space. For the DCO related changes, DCO+TCP is improving. Epoch data keys still needs to be done, mssfix not planned yet. For the live route updates changes, chances are improving that it may get in to 2.7 after all. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 2 July 2025: * *New: cve.mitre.org deprecation notice* The MITRE CVE site we are linking to for all CVE record references has a deprecation notice. Instead cve.org is being advised as the site to use from now on. Suggestion from novaflash is to search/replace all links and update them accordingly to go to the new site. novaflash will make an internal company ticket to update links on the main site. and novaflash will search/replace things on community wiki to do the same. * *New: minor issue on community.openvpn.net site* While not causing critical issues, there are some cache related issues caused by cloudflare. This requires some finetuning of settings to solve issues like: Logging in requires to use query string parameter to defeat cache. Changes like enabling dark mode can linger in cache and affect other visitors. Sometimes pages added don't show in menu until cache is defeated in some way. The "are you human" screen is quite persistent and annoying, perhaps it can be fixed. novaflash is working with the company to look into finetuning the cloudflare settings to address these issues. * *New: format code using clang formatting* It seems prudent to do this before the real 2.7 release. It was discussed and there's some additional work to be paid either on reviewer or submitter side. Strategy will be; get all code into beta1, collect bugfixes, reformat everything, then beta2. Collect more bugfixes and then do release 2.7.0 and branch it off into its own release branch. * *Updated: Changes to community pages on main website* Company has published the updated community page:https://openvpn.net/community/ This design was created in collaboration with community members lev, ordex, and novaflash. If any changes are requested please relay them to novaflash as per usual, and he will forward it internally. * *Updated: Release 2.7* For the DNS related changes, the macOS DNS script is merged but there's still some minor tweaks being made. For multisocket, a bug report came in, and we're working to fix that. For the DCO related changes, DCO+TCP is improving. Epoch data keys still needs to be done, float has a patch ready for review, mssfix not planned yet. For the live route updates changes, chances are improving that it may get in to 2.7 after all. * *Updated: push_update / live route updates* For client-side support, company did QA on it against the current only server implementation (cloudconnexa) and it works as expected. cron2 will put reviewing it on his to-do list. Server-side support patch is up and requires review and is a bit more involved, lev__ and company QA will work on it. * *Updated: OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: weekend of 25 and 26 october. Where: Napoli, Italy. Meeting room: it looks like this may be it;https://www.hotelparadisonapoli.it/en/home-page.aspxwe will work to get budget cleared for this. Hotel: probably Paradiso Napoli. Beer: yes. T-shirts: yes. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 21 May 2025: * *New: Changes to community pages on main website* Company reached out to novaflash about proposed changes. novaflash involved ordex and lev__ for feedback/ideas. It's about cleaning up and revamping the community section, remove old releases, focus on latest release, and so on. Feedback from last time was incorporated: 'community' item was moved out of main menu. Community gave feedback; it was moved back to main menu. Renaming of Community to open source can be done partially - got pushback from openvpn inc CEO to rename community to open source in the main menu. Rest of places we can update it though to mention open source. Basic idea is to revamp the community page on main website so it shows just the main download artifacts and release notes of latest version, plus where community resources can be found, plus where developers can be reached. A list of resources and contact methods has been collected and while not set in stone will be passed for an initial design to be reviewed later. * *Updated: Release 2.7* Current estimates are to have all major code items in by May 1st and then a release on July 1st. Together with 2.7 a new Linux DCO module based on upstreamed (linux kernel) codebase will be released, the code for this is done, bugs being fixed. Together with 2.7 a new Windows DCO module with server support will be released. The code for this is done but needs more testing. DNS changes are mostly in but some issues are still found on Windows and need to be addressed. Currently we feel that it looks reasonable to do a 2.7 alpha release next week. For the actual release we should still do a reformatting to clang-format so master and 2.7 have the same formatting. Otherwise backporting bugfixes will be a pain. * *Updated: DCO tasks* Implementation of epoch data keys in user space in OpenVPN2 and OpenVPN3 are both done now. For Windows, Linux, and FreeBSD DCO this implementation still needs to happen. lev__ has started work on epoch data keys in Windows DCO. Windows DCO has also support for server mode now so has some significant changes coming with 2.7. Red Hat 9.6 introduced a change that breaks the current production DCO kernel module code. A fix for this is available now. Programs that rely on this like Access Server and OpenVPN3 Linux will push out an updated DCO kernel module with this fix soonish. There are still some bugfixes for the backport copy of linux kernel upstreamed version of DCO for 2.7 to be resolved. * *Updated: OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: based on an availabilty poll and by agreement the weekend of 25 and 26 october as meeting days, with days before and after as travel days, seems best. Where: Napoli, Italy. Meeting room: giaan will take a look into this. Hotel: giaan will take a look into this. Beer: yes. T-shirts: yes. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 28 May 2025: * *Updated: Release 2.7* We are going for an alpha release - this was released 28 May 2025. Main website to be updated 29 May 2025 somewhere. Currently collecting all the changes that are new to 2.7 and making a changes.rst and reviewing anything still left to handle. Together with 2.7 a new Linux DCO module based on upstreamed (linux kernel) codebase will be released, the code for this is 'done' although there are still bugs being fixed. Together with 2.7 a new Windows DCO module with server support will be released. The code for this is done but needs more testing. DNS changes are in but there are still some minor bug fixes and such on the way.\ * *Updated: Changes to community pages on main website* Company reached out to novaflash about proposed changes. novaflash involved ordex and lev__ for feedback/ideas. An initial design suggestion was put forward, hoping to get feedback from community on it to finetune it. https://crashed.computer/new.png There was no immediate feedback in the community meeting, so novaflash, ordex, and lev__, will work together to come up with something sensible. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 18 June 2025: * *Updated, closed: (embargo) security issue* CVE ID CVE-2025-50054 reserved for this security issue. For OpenVPN 2.6 the Windows installer will be updated. For OpenVPN 2.7 a new alpha2 release will be made. Estimated delivery date 19 june 2025. * *Updated: Release 2.7* OpenVPN 2.7 alpha2 expected 19 june 2025 (includes embargoed security issue fix). For the DNS related changes, the macOS DNS script and the compatibility code is yet to be merged. For the DCO related changes, Windows server support is done, epoch data keys being worked on in both Linux and Windows. For the live route updates changes, it is likely that this will not make it into 2.7. * *Updated: push_update / live route updates* For client-side support, company did QA on it against the current only server implementation (cloudconnexa) and it works as expected. Server-side support patch is up and requires review and is a bit more involved, company QA will test it. * *Updated: OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: weekend of 25 and 26 october. Where: Napoli, Italy. Meeting room: giaan found a first location - too expensive. will look for a more normal option next. Hotel: giaan will take a look into this. Beer: yes. T-shirts: yes. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 23 July 2025: * *Updated: Release 2.7* We planned for an alpha3 this week but decided to postpone because for DCO and push_update we have some fixes coming in. Float with DCO on Linux and Windows is now in and working. FreeBSD patch is in review. For multisocket the reported bug when peer IDs collide is now in. For the DCO related changes, DCO+TCP is improving. Epoch data keys still needs to be done, mssfix not planned yet. For DCO Windows driver there's some small bugfixes that can go out with alpha3. Let's see how reviewing and merging the pending items goes and then see if by next week an alpha3 can be made. * *Updated: push_update / live route updates* For client-side support, company did QA on it against the current only server implementation (cloudconnexa) and it works as expected. For server-side support, company did QA on it with openvpn2 but found some missing features that are being added now. At least client-side support will probably make it into alpha3. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 30 July 2025: * *New: build failures* Changes in Gerrit do not automatically pick up fixes from master, so sometimes we see a lot of build failures even though those are fixed in master. Some options were discussed, seems like the one preferred is to reject pushes that are behind. djpig will look into it. * *New: Reference manuals OpenVPN 2.x* There was a mistake made on the main website which for a few hours? or days? made the reference manual 404. This has been restored. However the URL will slightly change in the future, but a redirect on the old URL will be in place. mattock raised the question where the latest OpenVPN man page should be hosted. When discussing this we agreed that djpig will contact the technical writer for openvpn.net and see if the ingestion/updating process can be smoother. Independently we can also investigate getting the manuals on the wiki somewhere, perhaps automated. * *Updated: push_update / live route updates* Client-side support for push_update is now merged. For server-side support, company did QA on it with openvpn2 but found some missing features that are being added now. At least client-side support will probably make it into alpha3. * *Updated: Release 2.7* A 2.7 alpha3 release is planned for 31 July. This includes a fix for a couple of rare crashes on Windows DCO driver. We'll backport these fixes to the Windows installer for 2.6. The FreeBSD patch for float is now in review. For the DCO related changes, DCO+TCP is improving. Epoch data keys still needs to be done, mssfix not planned yet. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 6 August 2025: * *Updated: Release 2.7* A 2.7 alpha3 release went out last week. This includes a fix for a couple of rare crashes on Windows DCO driver. This was backported to the installer for 2.6.14. Another further small fix (driver fix for recursive routing issue) will be included in 2.6.14 Windows installer version i004 later today. The FreeBSD patch for float is now in review. The tentative plan for release is now: August 20: beta1 September 3: release candidate 1 September 17: stable release These are some known remaining tasks: Epoch data keys for Linux DCO and Windows DCO - can be done in a minor release after 2.7.0. Small fix to check message id/acked ids too when doing sessionid cookie checks - should go into 2.7.0. PUSH_UPDATE review and server-side support - cron2 wants to discuss changes. mi prefix handling, int/uint fixes, and the new 'real route' gateway handling As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 14 May 2025: * *Updated, closed: community.openvpn.net wiki* On May 12 around 14:30 CET the community wiki was switched to the new wiki. It is expected that there may be some dead links or some content missing, we will work to update links and add content as needed/reported. lev__ and d12fk were added as users to the wiki during the meeting. Since all seems to be working so far this topic can be closed. * *Updated, closed: OpenVPN GUI improvements* In OpenVPN GUI code wintun is now replaced with win-dco. Some code cleanup still remains to be done. OpenVPN GUI is also capable of adding new adapters (tap or win-dco) as needed if more than one connection needs to be active at the same time. These changes are available in technical previews currently and will go out as an official release with OpenVPN 2.7. * *Updated: testing framework improvements* mattock reports that win-dco iroute testing is progressing but not yet done. server log tail output in t_server_null.sh on failure is now working. * *Updated: Release 2.7* Current estimates are to have all major code items in by May 1st and then a release on July 1st. We may try for an alpha release next week if possible. Together with 2.7 a new DCO module based on upstreamed (linux kernel) codebase will be released, the code for this is done, bugs being fixed. Only module versioning is in the works for DCO and this is expected to be done soonish. For Windows things look really good - auto-creation of adapters, wintun removal. Some small items for DNS pending. DNS looks promising, some very minor fixes left to get unix support and some bugfixes. * *Updated: data format v3 / epoch data keys* Implementation in user space in OpenVPN2 and OpenVPN3 are both done now. Developing support for epoch data keys in DCO Linux was waiting for linux upstreaming. That is now done, so development can start. Developing support for epoch data keys in DCO Windows is unblocked - to be picked up by lev when he is able. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 11 June 2025: * *Updated: Changes to community pages on main website* Company is finetuning new design together with lev, ordex, and novaflash. Expected to be published in the next few weeks. Rough idea (not updated with latest adjustments) is visible herehttps://crashed.computer/new.png * *Updated: forums situation* The current forums are not maintained, not working well, and flooded with spam. We have a contributor (minx) with web development experience willing to set up something new, but migrate the old forum contents. To the question where the instance should be hosted, community indicates it should be under the community AWS infrastructure. To the question what authentication system should be used, community indicates it should just be the built-in system from the forum solution itself. * *New: (embargo) security issue* CVE to be registered yet. We'll do just an updated build for 2.6 to address this issue. And 2.7 can get an alpha-2 release that includes the fix for this issue. Estimated delivery date 18 june 2025. * *Updated: Release 2.7* OpenVPN 2.7 alpha2 expected 18 june 2025 (includes embargoed security issue fix). For the DNS related changes, the macOS DNS script and the compatibility code is yet to be merged. For the DCO related changes, Windows server support is done, epoch data keys being worked on in both Linux and Windows. For the live route updates changes, it is likely that this will not make it into 2.7. * *Updated OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: weekend of 25 and 26 october. Where: Napoli, Italy. Meeting room: giaan found a location, pricing to be determined/approved. Hotel: giaan will take a look into this. Beer: yes. T-shirts: yes. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 13 August 2025: * *Updated: Release 2.7* DCO for Windows multipeer statistics driver part is done - userspace part is waiting review. The FreeBSD patch for float was merged, should show up in 14.4 probably. The tentative plan for release is now: August 20: beta1 September 3: release candidate 1 September 17: stable release These are some known remaining tasks: Epoch data keys for Linux DCO and Windows DCO - can be done in a minor release after 2.7.0. Small fix to check message id/acked ids too when doing sessionid cookie checks - should go into 2.7.0. PUSH_UPDATE review and server-side support - cron2 wants to discuss changes. mi prefix handling, int/uint fixes, and the new 'real route' gateway handling * *Updated: OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: 25 and 26 october (saturday and sunday), with travel days on the friday before and monday after. Where: Napoli, Italy. Meeting room:https://www.hotelparadisonapoli.it/en/home-page.aspxsponsored by company. Hotel: Paradiso Napoli Hotel. Beer: yes. T-shirts: yes. Should send out invites. To include people like jan just, reynir, kristof, syzzer, max, rein, selva, perhaps leon from netgate who contributed multipeer to dco-win. novaflash will make a draft, let cron2 review it, then send it out to some peeps. If we forgot anyone we can forward a copy after. * *Updated: Github repo for open sourced MCP project* MCP is a protocol that AI agents can speak, like a universal API, so that if other programs also speak MCP, then AI can work with it. Company is going to do some MCP project to work with CloudConnexa, maybe in the future Access Server. They want to open source this and ask for a repo to publish it in. This is a bit similar to this project;https://github.com/OpenVPN/terraform-provider-cloudconnexawhich was started elsewhere but got published to open source. Seems like community has no objections to this, so will relay that approval back to company. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] IRC community meeting summary
Sorry, that's on me. We apparently do not have someone that will take over meeting summaries when I'm unavailable. Kind regards, Johan Draaisma On 9/11/25 11:45, tincantech wrote: At this crucial time, OpenVPN 2.7 launch, where are the meeting summaries? For those of us that are not prepared to tolerate libera IRC network. Thank you. Sent with Proton Mail secure email. On Wednesday, 27 August 2025 at 13:54, Johan Draaisma wrote: > Meeting summary for 27 August 2025: > As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. > Kind regards, > Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] Invitation: OpenVPN community meetup 2025
Hello OpenVPN enthusiasts! Every year the OpenVPN community organizes a meeting to get together in real life and discuss important topics for the future of the OpenVPN software - the OpenVPN Community Meetup. We welcome all people that can contribute in one way or another to the community. If you intend to join, please let us know by responding to this mail, either on the mailing list or privately. It's free to join - but of course you have to arrange your own travel and hotel. Oh, and if you want a cool free OpenVPN t-shirt when you attend, be sure to add your t-shirt size to the wiki page: https://community.openvpn.net/Meetups/2025-Naples When? October 25th (Saturday) and 26th (Sunday). Where? Naples, Italy. The exact meeting location is the "Sala Procida" meeting room in "Hotel Paradiso". What? We have a community meeting wiki page (https://community.openvpn.net/Meetups/2025-Naples) where we will gather topics and you are welcome to suggest items to discuss or present there. Topics like code improvements, features, enhancements, future developments, possible collaborations, and so on. And more informally, to hang out together and get to know each other a bit, preferably with (non-alcoholic) beer! The format is one where we meet up in a meeting room arranged for this purpose, and have the opportunity to discuss all sorts of topics, and get to know each other's technical backgrounds. In the past various features have been hashed out in detail at these meetings, giving people a chance to talk face-to-face and work things out more easily and quickly. And afterwards there is opportunity to eat and drink and get to know each other a bit better. Who? All that contribute in some way! We will have of course a lot of the developers that contribute code, but also people that contribute in other ways. We receive security reports from cybersecurity experts and welcome their insights and presence as well. We would welcome anyone that can contribute in some way to making OpenVPN better. Please let us know if you'll join! Thank you! Greetings from the OpenVPN community.___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 10 September 2025: * *Updated: OpenVPN community meetup 2025* https://community.openvpn.net/openvpn/wiki/CommunityMeetup2025 When: 25 and 26 october (Saturday and Sunday), with travel days on the Friday before and Monday after. Where: Naples, Italy. Meeting room:https://www.hotelparadisonapoli.it/en/home-page.aspx Hotel: Paradiso Napoli Hotel. Beer: yes. T-shirts: yes. Invites were sent to openvpn-devel and some selected individuals. If we missed anyone please reach out. Current status is we have asked Matt the designer to come up with a t-shirt design. * *Updated: Release 2.7* OpenVPN 2.7 beta1 was released on 4th of September. The intention is to follow up with OpenVPN 2.7 beta2 on 18th of September. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 27 August 2025: * *Updated: Release 2.7* DCO for Windows multipeer statistics driver part is done - userspace part is waiting review. The FreeBSD patch for float was merged, should show up in 14.4 probably. Planned release date for 2.7 beta1 updated to September 4th. These are some known remaining tasks: lev is working on broken "bytecount" functionality when using Windows DCO in server mode. Epoch data keys for Linux DCO and Windows DCO can be done in a minor release after 2.7.0. However ralf_lici is already looking into adding it into the Linux DCO right now. PUSH_UPDATE review and server-side support - cron2 wants to discuss changes. mi prefix handling, int/uint fixes, and the new 'real route' gateway handling. * *New: wolfSSL license changed from gplv2 to gplv3* The release notes of wolfSSL indicate the license changed to GPLv3. This basically makes wolfSSL incompatible in regards to licensing with OpenVPN. plaisthos will open an issue with them to either remove OpenVPN support or give a solution to remain licensing compatible. maxf has reached out to wolfSSL about this, and will wait a bit before adding a warning to README.wolfssl about this licensing incompatibility. * *Updated: t_server and t_client testing framework* mattock reports progress on building automated testing environment for really old OpenVPN versions. This covers tests for versions going back to 2.2. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 17 September 2025: * *Updated: Release 2.7* OpenVPN 2.7 beta2 was planned for 18th of September but will be shifted to early next week instead. Reason is there's some concern and discussion about a recently merged bit of code that must be cleared up first. * *Updated: wolfSSL license changed from gplv2 to gplv3* The release notes of wolfSSL indicate the license changed to GPLv3. This basically makes wolfSSL incompatible in regards to licensing with OpenVPN. We reached out to WolfSSL and we got back a response indicating that other parties have also expressed similar concerns and an exception may be considered. We're giving them time to figure out this exception. * *New: small change to merge procedure* cron2 mentioned that the mail archive site mail-archive.com has been acting up and some patch messages not even arriving there. That undermines the idea we have that you can always go back to the mail archive to see discussions on patches there. On top of links to mail archives cron2 will also include in the commit messages links to the review platform Gerrit that we use. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 24 September 2025: * *Closed: cve.mitre.org deprecation notice* The MITRE CVE site we are linking to for all CVE record references has a deprecation notice. Instead cve.org is being advised as the site to use from now on. All identified links on main website and community wiki have been updated to the new URL. * *Updated: Release 2.7* For OpenVPN 2.7 beta2 we're working on solving an issue for code that was merged but not released yet. The solution for that is ready, and the tentative release date is now 25 September. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 1 October 2025: * *Updated: Release 2.7* OpenVPN 2.7 beta2 was released 25 September. It looks like next up will be a beta3, after which a stable release is expected. * *New, closed: verify signature page* During the revamp of the community pages on the main openvpn.net website the instructions on how to verify the GPG signature was lost. We brought it back under the community.openvpn.net wiki's downloads page here;https://community.openvpn.net/Downloads/Verify%20signature * *New, closed: gerrit updated* Gerrit review system was updated. If there are any issues please let uddr35 know on IRC. * *Updated: wolfSSL license changed from gplv2 to gplv3* The release notes of wolfSSL indicate the license changed to GPLv3. This basically makes wolfSSL incompatible in regards to licensing with OpenVPN. We reached out to WolfSSL and we got back a response indicating that other parties have also expressed similar concerns and an exception may be considered. We are still waiting for a resolution, it has been several weeks now. We reached out again to wolfSSL. If there is no resolution by 15th of October, then we will proceed with our OpenVPN 2.7 release plans without wolfSSL support. As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 9 October 2024: * *Updated: DCO and Linux upstreaming, API change* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex is collecting feedback on*patchset version 8*. Plan is to send v9 after collecting feedback./ /During meetup it was discussed that if the patchset does not make it into the kernel before 2.7 we should update the out-of-tree module to match the new API anyway. So that 2.7 supports the new API and we need no or minimal further changes to work with the eventual in-tree version./ * *Updated: buildbot improvements* /djpig reports that the first arm64 architecture buildbot agent now works. We can add more workers as required./ /mattock has a patch to split the mails for different project to different mail addresses./ /The idea is to split openvpn3 and openvpn3-linux out so it doesn't go to openvpn-builds@ ML anymore./ /Instead we could create a openvpn3-builds@ ML. djpig will look into that./ * *Updated: t_server_null improvements* /The tests against latest git master server against older openvpn client versions are almost done./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 16 October 2024: * *Updated: DCO and Linux upstreaming, API change* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex sent in*patchset version 9*. Current status seems to be that discussion about DCO internals are over, and it's now about API stuff./ /During meetup it was discussed that if the patchset does not make it into the kernel before 2.7 we should update the out-of-tree module to match the new API anyway. So that 2.7 supports the new API and we need no or minimal further changes to work with the eventual in-tree version./ * *Updated: DCO windows multi-peer* /Got two peers talking to eachother with parallel iperf sessions./ /Need to implement userspace parts, a few more ioctls (set and delete). But there's progress./ * *Updated: multi-socket patch series* /4 preparation work patches are acked and waiting merge process./ /Patchset v5 will be sent in soon./ * *New: where next community meeting* /Italy or Spain have been mentioned./ /Beer: yes./ /T-shirts: yes./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 30 October 2024: * *Updated: DCO and Linux upstreaming, API change* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex sent in*patchset version 11*. Awaiting feedback./ * *Updated: DCO windows multi-peer* /Kernel-side stuff looks to be mostly done. Currently look into user-space stuff and some proper locking and memory management (refcounters etc)./ * *Updated: multi-socket patch series* /4 preparation work patches were merged. Now it's on to the real patch series./ * *Updated: data format v3 / epoch data keys* /plaisthos has written a new draft for new key handling for the data channel based on discussions in Karlsruhe./ /Seehttps://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /The current state is that the work for it is done but not yet sent in - plaisthos indicates he wants to test and implement it with openvpn3 before submitting it to openvpn2./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 23 October 2024: * *Updated: data format v3 / epoch data keys* /plaisthos has written a new draft for new key handling for the data channel based on discussions in Karlsruhe./ /Seehttps://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /Requesting feedback from community to review./ * *Updated: DCO and Linux upstreaming, API change* /Upstreaming DCO to Linux is proceeding, it is in review stage at the moment./ /ordex sent in*patchset version 9*. Got some small feedback, a v10 will be sent in this week./ * *Updated: buildbot improvements* /cron2 requests that we pretty please have a mingw build in gerrit. djpig indicates next week should be possible./ /mattock has a patch to split the mails for different project to different mail addresses. The idea is to split openvpn3 and openvpn3-linux out so it doesn't go to openvpn-builds@ ML anymore./ /Instead we could create a openvpn3-builds@ ML. djpig will look into that./ * *Updated: DCO windows multi-peer* /Getting closer - kernel side stuff seems to be getting near to completion. Will look at user-space part next./ * *Updated: multi-socket patch series* /There were some issues building on Windows and some buildbot failures pointed out by djpig when merging the preparation work patches./ /These will be addressed in follow-up patches that are underway now./ /And then we'll move on to the real patch series./ * *Updated: push_update / live route updates* /There were some clarification questions which resulted in the decision we should add a few clarifying words to the RFC./ /Implementation for OpenVPN v2 will be looked at by ordex and his team./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] IRC community meeting summary
Meeting summary for 6 November 2024: * *Updated: DCO windows multi-peer* /Kernelspace looks done, now working on userspace stuff. It listens for incoming clients and attempts handshake. Still a bit of work to do./ * *Updated: multi-socket patch series* /This has been rebased and comments addressed, waiting for another review./ * *Updated: data format v3 / epoch data keys* /Some comments from syzzer came in and were addressed on the RFC addition for epoch keys:/ /Seehttps://github.com/OpenVPN/openvpn-rfc/pull/5 <https://github.com/OpenVPN/openvpn-rfc/pull/5>./ /plaisthos is working to implement it in openvpn3 first./ * *Updated: push_update / live route updates* /Lev added some clarifying comments to the push_update section in the RFC, as per popular demand./ /Implementation of push_update for OpenVPN v2 will be looked at by ordex and his team./ * *New: TLS-exporter in mbedtls* /Needed for TLS 1.3 support with openvpn and mbedtls - TLS-exporter currently missing in mbedtls./ /maxf reports he's making some progress on implementing this./ As always you're welcome to join at #openvpn-meeting on Libera IRC network every Wednesday at 14:00 Central European Time. Kind regards, Johan Draaisma ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
