Difference between revisions of "OpenVPN/IRC meetings/Topics-2010-03-18"

From Secure Computing Wiki
Jump to: navigation, search
 
(3 intermediate revisions by one other user not shown)
Line 8: Line 8:
 
# '''Old patches/issues'''
 
# '''Old patches/issues'''
 
## [http://thread.gmane.org/gmane.network.openvpn.user/29251 Removing support for old autotools in OpenVPN?]
 
## [http://thread.gmane.org/gmane.network.openvpn.user/29251 Removing support for old autotools in OpenVPN?]
 +
##* No complains, lots of workarounds. Mattock suggests ACK.
 
## [http://thread.gmane.org/gmane.network.openvpn.devel/3351/ UTF-8 man-page patch]
 
## [http://thread.gmane.org/gmane.network.openvpn.devel/3351/ UTF-8 man-page patch]
 +
##* Works on all tested Linux distros, old (2) or modern (3). Mattock suggests ACK.
 
## [[OpenVPN/802.1Q_--passtos_patch|802.1Q --passtos patch]]
 
## [[OpenVPN/802.1Q_--passtos_patch|802.1Q --passtos patch]]
 +
##* No test reports from users yet
  
# '''Possible bugs'''
+
# '''Possible bugs/issues'''
 
## Jan Just Keiser's potential man-page/openvpn problem (private response to [http://thread.gmane.org/gmane.network.openvpn.devel/3351/ this mail])  
 
## Jan Just Keiser's potential man-page/openvpn problem (private response to [http://thread.gmane.org/gmane.network.openvpn.devel/3351/ this mail])  
 +
## [http://thread.gmane.org/gmane.network.openvpn.devel/3261 Linux tun/tap performance issues]
 +
## [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574164 Assertion fails in socket.c:429 in p2p mode due to Debian ipv6 patch]
  
 
# '''sf.net trackers'''
 
# '''sf.net trackers'''

Latest revision as of 06:09, 18 March 2010

  1. Community comments
    1. Implement a solution for deprecating warnings like:
      • "WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page)."
      • "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"
      • Suggestion: Introduce a new configure option to allow filtering of different start-up warnings.
        • Do not remove all messages by one entry, but add a possibility to filter each message separately. This way newer warnings will be shown and needs to be disabled explicitly.

  1. Old patches/issues
    1. Removing support for old autotools in OpenVPN?
      • No complains, lots of workarounds. Mattock suggests ACK.
    2. UTF-8 man-page patch
      • Works on all tested Linux distros, old (2) or modern (3). Mattock suggests ACK.
    3. 802.1Q --passtos patch
      • No test reports from users yet
  1. Possible bugs/issues
    1. Jan Just Keiser's potential man-page/openvpn problem (private response to this mail)
    2. Linux tun/tap performance issues
    3. Assertion fails in socket.c:429 in p2p mode due to Debian ipv6 patch
  1. sf.net trackers
    1. bug? wrong CN in client-disconnect with username-as-common-name
    2. --win-sys env
    3. Should multiple usages of options result in warnings?
    4. buffer.{h,c} isn't defensively programmed (SECURITY?)
    5. OpenVPN will not connect through certain HTTP proxies
    6. [tiny] typo in HOWTO on http://www.openvpn.net/ - 'mimimal'