On 08/03/2019 08:40, free...@tango.lu wrote: > Hello, > > As it was stated by the DEVs that the bridged networking will be removed from > OpenVPN in the future I think that will leave a lot of us who were using this > with looking for cheap OpenSource alternatives because sooner or later if a > software becomes out of date with security vulnerabilities ppl are forced to > switch even if it's perfectly working like a ZX80 calculator. Let's not go > into why do DEVs think that layer2 bridges are bad just discuss (maybe better) > currently available OpenSource alternatives.
First of all, OpenVPN 2.x will live for a long time to come. TAP mode will not be removed from OpenVPN 2.x. OpenVPN 3.x on the other hand does not have TAP (thus implicitly no bridging support). The OpenVPN core components are also GPL. So if we slow down the pace, others can definitely chime in and ensure the project lives even longer. In practice, OpenVPN 2.x is essentially community driven these days. The company involvement is here to ensure that OpenVPN 2 and OpenVPN 3 does not diverge so much that they become completely incompatible on the feature sets they should and need to be compatible (meaning: a connection can be established and network traffic can pass). We don't say there are no real use cases for TAP/bridging, there are definitely some use cases. But they are few and the vast majority of our users gets around with routed TUN just fine, mostly even with better performance. In addition, bridging in Windows is very different from all other platforms and it is only well tested and mostly used on Linux and *BSD. No mobile platforms even supports TAP devices (only TUN) and even the VPN API in the Unified Windows Platform (UWP) does not account for anything else than layer 3 traffic (in essence: TUN mode). And IIRC, the utun driver in macOS also only supports TUN mode. There will always be someone who will say this is the wrong choice. But I think it is wrong for a minor group of users to demand features for their use cases when the vast majority of the users can live quite fine without these features. We are also NOT saying any attempt implementing TAP mode in OpenVPN 3 will be rejected cart blanc. To those of you who feel strongly about TAP mode lacking in OpenVPN 3: Step up, take responsibility and implement the support. Get changes ready for review and help drive the project forward. But don't expect this to be implemented "by magic" because you want it. On the flip side, I also don't say we will accept any patches just like that - they need to be reviewed and have proper code quality, good ways to test the features, etc to be accepted. This is how open source work. We share the work, we work on the pieces we find interesting. And we collaborate within communities to help drive projects move forward. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
