push-peer-info v23x

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
cron2
Developer
Posts: 24
Joined: Tue Jan 12, 2010 8:08 pm

Re: push-peer-info v23x

Post by cron2 » Sun May 04, 2014 9:03 am

debbie10t wrote: Proposed patch to implement push-peer-info fully:
http://community.openvpn.net/openvpn/ch ... 03494f0792
  • Make push-peer-info visible in "normal" per-instance environment.
    [..]
    It is expected to be included in version 2.4.x (No official release date is available at this time).
Well. Let me give you the (until now) "official developer statement" on this.

- the patch has been merged into git master, and if you run a git master server, you get these (and other) benefits
- our policy for 2.3.x is "bugfixes, and stuff that is important for long-term client compatibility" - which normaly excludes "new features". Exceptions from the "no new features" rules have been the TLS version negotiation (because we expect 2.3.x to be around for a very long time, and this is necessary), and also the SSL library version printing (ditto).

Stuff that did *not* go into 2.3 are the new dual-stack code (very intrusive), the new compression framework (lot of new code, not as well tested yet), and the reporting of push-peer-info stuff via logfile / environment variables (the patch referenced above).

I still think it should not go into 2.3.x - it is new code that is in a fairly sensitive area, and while I do trust it, it has not been tested as well as 2.3.x in general. Clients do not need that code, and I see 2.3.x as "this is what clients will use".

You need the code on the server side, but on the server, it's much easier to run something special - either a git master checkout, or 2.3.4 source + this patch, etc. - than to update thousands of clients. I run git master on 3 different production systems, and except for some of the more obscure features, it has been extremely well-behaving most of the time.

OTOH, you use Windows, and it's not easy to compile OpenVPN yourself there (besides the fact that it does not compile at all right now on WIN32, oops) - would it be sufficient if Samuli would publish something like weekly builds for "master on windows"? Like we do on FreeBSD with the "openvpn-devel" port... so people that want some of the new features can use a weekly snapshopt, and the rest can rely on maximum stability in 2.3.x

(As for the 2.4 release date: well, the plan was "Q1 2014". It got delayed by various reasons, mostly because Heiko is not having enough time to push forward the new interactive service for windows...)
Top
Post Reply

Return to “Scripting and Customizations”