-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, 19 May 2021 14:31, Samuli Seppänen <sam...@openvpn.net> wrote: > Hi, > > Here's the summary of the IRC meeting. > > -------------------------------------------- > > COMMUNITY MEETING > > Place: #openvpn-meeting on irc.freenode.net > Date: Wed 19th May 2021 > Time: 14:00 CET (12:00 UTC) > > Planned meeting topics for this meeting were here: > > https://community.openvpn.net/openvpn/wiki/Topics-2021-05-19 > > Your local meeting time is easy to check from services such as > > http://www.timeanddate.com/worldclock > > SUMMARY > > cron2, dazo, d12fk, lev, mattock, ordex, plaisthos and syzzer > participated in this meeting. > > > ---------------------------------------------------------------------------------------------------- > > Talked about removing --no-replay option. Noted that it was to be > removed in 2.5, but we backpedaled on that decision and forgot to change > our documentation. It was also noted that that option changes the wire > format. > > Noted that --cipher none --auth none and --no-replay are quite > intertwined. Getting rid of these options would be good from security > perspective, but it was also noted that plain-text OpenVPN tunnels do > have some advantages over the alternatives like GRE tunnels. > > Summarizing the discussion: > > 1. OpenVPN 2.6: reject configs where --no-replay is used without --auth > none. > > 2. OpenVPN 2.7: remove --no-replay > 3. Add clear warnings to 2.5 and 2.6 about 1) and 2) > > Noted that mattock buildbot setup is shaping up nicely. There are a ton > of workers and code and data are quite well separated. Mattock is now > working on limiting concurrent builds on the docker host, then moving on > to t_client tests. > WRT --no-replay There is also --mute-replay-warnings, which you all seem to have over-looked. Perhaps this message could be changed (crypto.c:338): msg(D_REPLAY_ERRORS, "%s: bad packet ID (may be a replay): %s -- " "see the man page entry for --no-replay and --replay-window for " "more info or silence this warning with --mute-replay-warnings", error_prefix, packet_id_net_print(pin, true, gc)); Remove the reference to --no-replay soon. Just a thought. R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgpTRkACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ30bAgAk6bSZLaE73TDgkhlkhX5dTkLe6Lx4zAal1ADnS3tluqXJIlg IP16FNKbh+ZGahCBh4ICzEJvPwbI12F+hba0QwQpQOUiN0k00yvNxGuPpc8H q1YmasQvst4cFKJGqESR4gVe2hZx/JQT7ZLisWVPO3Je1roACOx/PNtRWG3F 36/zWFTwY7qqpbHrbfOgYV3/6hdvAArn//ki/Mu1DTPVOLu9v6n947nkcA7n /WBGY+IUp4heUQoNmNxkbT/SokVmx6bwgvMwpAF04PKWiLwGFcKxKsRHO6yw /AdxLouR77cRW3Jfu/WjiipXyU+H8LZAfa4UyRA2kQHf+99acRw4/Q== =+xci -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
