Here's an update on OpenVPN progress for the last two months...

1.3.1 appears to be very stable and there haven't been a lot of new patches 
recently, though having said that there are certainly a few, most notably a 
minor patch to enable NetBSD support, and better support for intermediate CAs.


The current wish list stands as follows:

(1) Forking server support
(2) Automatic Secure MTU discovery
(3) IPv6 endpoints or IPv6 over tun device
(4) Windows port

While none of these (with perhaps the exception of the last :) is rocket 
science, all require some work, and given that OpenVPN has reached a nice 
stability plateau, I'd like to hear your opinions on future directions in the 
development effort.


I'd also like to bring to your attention the fact that the OpenVPN project is 
now accepting donations.  Please consider a small donation (such as $20) if you 
are actively using OpenVPN and possibly more if you are deriving significant 
utility from the software.  Right now I am "between jobs" and therefore don't 
have as much time as I'd like to spend on open source, but with enough support 
from the user community I hope to forge ahead on more of the wish list.  Having 
said that, I'd like to emphasize that OpenVPN has been a team effort with many 
individuals now cited in the change log or offering support on the lists.  
Still, there's a lot of less glamorous work required to keep an open source 
project alive, such as merging contributions, testing on multiple platforms, 
documentation, releases, web site and mailing list admin, tech support, 
answering questions, keeping up to date with libraries, staying on top of 
security issues, trying to figure out whether problem reports ar!
e bugs or operator error, etc. etc.  Those all add up to a significant time 
commitment, and bear in mind that even a small donation can go a long way 
towards funding this kind of work.

If you would like to donate, you can do so via pay-pal:

I you have deeper pockets and want to make a more dramatic gesture, you might 
even consider hiring me :)  My resume is here:


While there hasn't been a great deal of development activity over the past two 
months, there are a small number of low-impact patches waiting in the queue 
that I'd like to release.

Here's the change log:

* Added SSL_CTX_set_client_CA_list call
  to follow the canonical form for TLS initialization
  recommended by the OpenSSL docs.  This change allows
  better support for intermediate CAs and has no impact
  on security.
* Added build-inter script to easy-rsa package, to
  facilitate the generation of intermediate CAs.
* Ported to NetBSD (Dimitri Goldin).
* Fixed minor bug in easy-rsa/sign-req.  It refers to
  openssl.cnf file, instead of $KEY_CONFIG, like all
  other scripts (Ernesto Baschny).
* Added --days 3650 to the root CA generation command
  in the howto to override the woefully small 30 day
  default (Dominik 'Aeneas' Schnitzer).
* Added paypal links to website for project donations.
* Configured sourceforge mailing lists to require
  admin approval for non-member posts to reduce spam.

If you have time, are using TLS, and especially if you are using an 
intermediate CA, I would encourage you to test this beta and verify that the 
first point in the change log does not cause problems.

Download beta:


In other news, openvpn-users got its first spam the other day.  While spam 
certainly has not been a big problem here, I want to be as proactive as 
possible in keeping these lists from becoming spam vectors, so I've 
reconfigured the lists to require admin approval for non-member posts.  I'm 
willing to be the admin on this as long as it doesn't become a big time sink, 
and you can make life easier for me by subscribing before you post.

James Yonan
OpenVPN Project Leader

Reply via email to