Hi, Here's the summary of the previous community meeting.
--- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday, 2nd Sep 2010 Time: 18:00 UTC Planned meeting topics for this meeting were on this page: <https://community.openvpn.net/openvpn/wiki/Topics-2010-09-02> Next meeting next week, same place, same time. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> or with $ date -u SUMMARY Discussed the use of a relatively powerful Xen DomU (VM) which was offered to the project. Came up with a few ideas, e.g. using it as a test server (for "make test") or a backup server. Agreed that it's too powerful for use as a test server. -- Discussed Dazo's "Code clean-up - removing "dead" code" patchset: <http://thread.gmane.org/gmane.network.openvpn.devel/3941> This patchset removes very incomplete prototyping code that was originally inteded to add threading support to OpenVPN. Jamesyonan gave this patchset his ACK. -- Discussed the confusion generated by the "Client software -> Downloads" page and the "Client downloads" section on openvpn.net front page: <http://openvpn.net/index.php/openvpn-client/downloads.html> <http://openvpn.net> The problem is that "Windows Download" points to the new OpenVPN client which is not yet 100% compatible with the stock OpenVPN server - it's designed to work with Access Server. Mattock's plans for fixing are (for now) available here: <http://pastie.org/1134328> These plans had been approved earlier by Francis, James et al. They were also ok for everyone in the IRC meeting. Mattock will fix this issue right after sending this meeting summary. -- Dazo informed us that he has converted the old CVS tree from SF.net into a Git tree (openvpn-historical-cvs.git): <http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-historical-cvs.git;a=summary> -- Discussed OpenVPN 2.1.3 and forthcoming 2.2-beta3 release. Nobody has heard any complaints about 2.1.3, so 2.2-beta3 can be released now. James generated the 2.2-beta3 client installer for Windows during the meeting: <http://secure.openvpn.net/openvpn-2.2> Mattock smoketested this release on WinXP Home and it seemed to work ok. James was requested to make the 2.2-beta3 release a.s.a.p. -- Discussed the status of WinXP build VM. Currently Community VPN does not allocate static IPs, so accessing WinXP through the VPN is difficult. Mattock will fix this issue a.s.a.p. as it's holding back other tasks. -- Discussed setting up a test server for "make test" tests. Mattock agreed to setup a dedicated KVM VM for that job, using the latest stable OpenVPN version. The test suite could do things like: - send ICMP requests - send and receive data (and make sure the checksums match) Agreed that external dependencies (e.g. Python, hashing code) should be kept to the minimum. -- Discussed translation issues. Agreed that we depend on volunteer translators, so we can't just choose which additional languages to support. Also agreed that we should have translator documentation available somewhere (e.g. in the Wiki). As OpenVPN has a very large German-speaking userbase, mattock agreed to ask if they're interested in setting up a "German translation project". The focal point for the German community is here: <http://openvpn.eu> Agreed that the most important thing to translate is the man-page. Discussed the possibility of automatically notifying translators about changes to the man-page, e.g. using a Git hook that sends email. -- Discussed converting the man-page into DocBookXML format. Mattock agreed to create a Trac ticket about this (and did): <https://community.openvpn.net/openvpn/ticket/48> -- Discussed integrating Coverity code analysis service to our CI server (buildbot): <http://scan.coverity.com> This had been discussed in an earlier meeting and mattock had already agreed to do the integration: <https://community.openvpn.net/openvpn/ticket/23> Agreed that mattock is the best person to be the "project admin" when dealing with Coverity. --- Full chatlog as an attachment -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
(21:01:35) mattock: topic list: https://community.openvpn.net/openvpn/wiki/Topics-2010-09-02 (21:01:37) vpnHelper: Title: Topics-2010-09-02 â OpenVPN Community (at community.openvpn.net) (21:02:37) cron2: mattock: could you add "testing" to it? (21:02:46) mattock: does any of those topics need James? (21:02:57) mattock: cron2: what do you mean exactly? (21:03:10) cron2: someone mentioned a dedicated "openvpm testing server" VM, that could be used as default for t_client.rc in "make check" (21:03:26) mattock: oh yes (21:03:39) mattock: so somebody volunteered to offer a VM for us? (21:03:51) cron2: I think the thread cleanup stuff could benefit from James' attendance (21:04:07) cron2: mattock: I think raidz mentioned that you had something in the company (if I remember that right) (21:04:09) mattock: ok, I'll mail him then (21:04:14) cron2: or an old box, or something (21:04:30) mattock: ok, we probably have something ... does not need to be fancy I guess (21:04:44) dazo_afk è ora conosciuto come dazo (21:06:11) dazo: Sorry I'm late (21:06:18) ***dazo forgot about time a little bit (21:11:09) mattock: no probs, just sent mail to james... asking if he could come here and give your patch and ACK/NACK (21:11:19) dazo: :) (21:11:28) mattock: he's been pretty active in the IRC lately, so I don't want to push him too much :) (21:12:15) mattock: ok, shall we begin (21:12:18) mattock: ? (21:12:30) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2010-09-02 (21:12:32) vpnHelper: Title: Topics-2010-09-02 â OpenVPN Community (at community.openvpn.net) (21:12:39) dazo: shoot (21:12:43) cron2: ouch (21:12:47) dazo: heh (21:13:01) dazo: cron2: deflectors ... you need deflectors! (21:13:15) mattock: one topic not on the agenda... just received this mail: (21:13:19) mattock: "I have a XEN VPS in Seattle Washington that is dormat and has the ability to move 5.6tb a month (each way), could the project use a mirror or some other use for it? I t has 2 X 3.0 cpu and 1gig ram and 90+ gigs storage." (21:13:46) dazo: wow! (21:14:25) dazo: that could sounds like a candidate for a test server for us ... to use with cron2's test script (21:14:42) mattock: I guess we could use that... the guy says he's active on -devel list... and I've seen his email address somewhere (21:14:47) dazo: maybe some backup storage as well (21:14:55) cron2: backup + test server or so, sounds useful (21:15:13) dazo: we should also think about backing up stuff on sf.net regularly as well (21:15:39) jamesyonan [~jamesy...@c-76-120-71-74.hsd1.co.comcast.net] è entrato nel canale. (21:15:39) modalità (+o jamesyonan) da ChanServ (21:15:43) mattock: dazo: yes, good idea... (21:15:56) mattock: I can do SF.net backup, I got scripts ready (21:16:03) mattock: hi james! (21:16:04) dazo: cool! (21:16:09) jamesyonan: hi (21:16:12) dazo: \o/ (21:16:13) mattock: I'll put that to my long TODO list (21:16:24) mattock: what if we discuss the pthread patch first? (21:16:28) mattock: =now (21:16:29) dazo: good idea! (21:17:11) dazo: I was doing some review for JJK OpenVPN cookbook ... and I noticed he still believes OpenVPN 2.1 supports pthread .... (21:17:13) mattock: jamesyonan: what do you think about the patch: http://thread.gmane.org/gmane.network.openvpn.devel/3941 (21:17:16) vpnHelper: Title: Gmane Loom (at thread.gmane.org) (21:17:24) mattock: full topic list here: https://community.openvpn.net/openvpn/wiki/Topics-2010-09-02 (21:17:25) vpnHelper: Title: Topics-2010-09-02 â OpenVPN Community (at community.openvpn.net) (21:17:46) dazo: so I checked the source code, and found out that the code in the tree was rather useless in the current state ... and didn't even compile (21:18:40) dazo: so therefore, I suggest to rip out this code, as it has not been changed much at all ... and for OpenVPN 3.x we will anyway have to revisit threading, but then probably with a different approach (21:18:53) dazo: that is my motivation for these patches (21:20:05) mattock: sounds reasonable (21:20:17) jamesyonan: yes, this makes sense (21:20:27) dazo: and removing ~1000 lines of code, it cleans up the readability a bit (21:20:45) dazo: thx! I'll take that as an ACK :) (21:21:12) mattock: jamesyonan: was this pthread stuff dazo removed a dead end? (21:22:38) mattock: =could not have been made to work (21:23:18) jamesyonan: mattock: basically yes -- originally the thought was to incorporate more ambitious threading in 2.0, it just turned out to be simpler to run multiple processes instead of multiple threads (21:23:23) cron2: as far as I read the patch, it was some prototype work but far from complete (21:23:38) mattock: ok, then it's good to get rid of it (21:23:56) mattock: especially if there are 1000 lines of it :) (21:24:02) dazo: yeah :) (21:24:11) mattock: jamesyonan: before I forget, we got this: "Openvpn.net "Client software -> Downloads" page confusion" (21:24:30) cron2: dazo: regarding the patch, I think it's fine, I was just unsure regarding the general strategic direction (21:24:39) mattock: ok, so I already made a proposal about changing that page (21:24:54) mattock: which Francis approved (21:25:08) dazo: cron2: I fully understand :) not much to criticise when mainly removing code :) (21:25:33) cron2: oh, well, you could have been over-eager and remove important bits :) (but I didn't see anything) (21:25:35) dazo: mattock: also the front page ... you have direct download links there (21:25:57) dazo: cron2: good point :) (21:25:57) mattock: jamesyonan: can I edit the "Client software -> downloads page" myself and be sure nothing overwrites my modifications? (21:26:08) mattock: or is there some script at work there? (21:26:13) mattock: dazo: lemme check (21:26:25) dazo: I think the front page is the worst confusion (21:26:55) mattock: oh yes, true... (21:27:22) mattock: pretty bad, direct link to the .msi file (21:28:08) dazo: exactly ... and that's been biting IRC, forum and ML (21:28:11) mattock: it would be better if that "Windows Download" link would lead to the "client software -> downloads" page (21:28:13) jamesyonan: The only script-generated page I'm aware of is the community download page (21:28:34) mattock: jamesyonan: ok, I'll change the client downloads page as I proposed (21:28:50) mattock: for those who don't know my proposal: (21:28:54) dazo: mattock: I think the heading really needs to say: Access Server - Client download (21:29:09) dazo: on the front page (21:29:34) dazo: and maybe even a little thing with "Download community version" (21:30:10) mattock: something like this: http://pastie.org/1134328 (21:30:40) mattock: if that's ok, I can make the changes next week (21:30:49) mattock: and fix the link on the front page, too (21:31:01) mattock: to point to the full client download list page (21:31:11) jamesyonan: incidentally, we did fix the issue where the Access Server client was not properly importing pkcs12 certs/keys -- this fix will be in the next client build (21:31:26) mattock: neat! (21:32:04) mattock: what do you guys think about the revamped client downloads page? (21:32:11) dazo: mattock: +1 (21:32:29) cron2: mattock: looks ok to me, but I wonder about the windows 2000 bit. Didn't James build a separate bundle for w2k and "the rest"? (21:32:47) dazo: the biggest challenge in the community with those who pulls the wrong version is that they don't recognise how to configure the Windows client, compared to the OpenVPN-GUI version (21:32:58) dazo: cron2: good point! (21:33:02) mattock: cron2: yep, got to fix that (21:33:09) cron2: besides this, +1 (21:33:13) mattock: ok, good! (21:33:21) mattock: so everybody is fine with the new page -> me fix (21:33:29) dazo: \o/ (21:34:04) mattock: jamesyonan: got a proposal from a guy today: "I have a XEN VPS in Seattle Washington that is dormat and has the ability to move 5.6tb a month (each way), could the project use a mirror or some other use for it? I t has 2 X 3.0 cpu and 1gig ram and 90+ gigs storage." (21:34:21) mattock: if you have any ideas how to use the VM, let me know (21:34:49) jamesyonan: mattock: interesting, though I don't think we're bandwidth constrained right now (21:34:59) mattock: one option would be test server for "make test" (21:35:19) mattock: jamesyonan: true, but we're sometimes VM-bound :D (21:35:27) mattock: or constrained (21:35:52) mattock: anyways, I'm sure we find some use for it (21:36:43) ***dazo just pushed out openvpn-historical-cvs.git (code from the old CVS) ... purely for historical purpose (21:36:52) dazo: http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-historical-cvs.git;a=summary (21:36:54) vpnHelper: Title: SourceForge - openvpn/openvpn-historical-cvs.git/summary (at openvpn.git.sourceforge.net) (21:37:40) mattock: historical branch, nice! :) (21:38:02) dazo: it's a separate repository, to avoid messing things up completely :) (21:38:25) mattock: ok, shall we move on to 2.1.3 and 2.2-beta3? (21:38:29) dazo: +1 (21:38:36) mattock: I believe nobody has had any complaints about 2.1.3? (21:38:39) mattock: I've heard none (21:39:07) dazo: I checked with ecrist today as well, he has also not hear much ... except that it fixes the 2.1.2 issues .... (21:39:22) dazo: that's sounds like a success story to me (21:39:30) mattock: agreed (21:39:48) mattock: so could we release 2.2-beta3, then? (21:40:06) dazo: shall we send out an announcement re: 2.1.3? (21:40:18) mattock: there was something in 2.1.3 that needed to be merged to 2.2-beta branch... but that's taken care of already, right? (21:40:32) dazo: 2.2-beta3 is in proper shape (21:40:45) mattock: dazo: you mean to ask "does 2.1.3 work for you"? (21:41:03) mattock: and 2.2-beta3 windows building? all in order? (21:41:12) dazo: mattock: no, I mean to officially announce that 2.1.3 is now available and solves the issues found in 2.1.2 for Windows users (21:41:21) mattock: hmm, yes... (21:41:33) mattock: good idea, although it has been available for a while now from openvpn.net (21:41:43) dazo: mattock: 2.2-beta3 is up-to-date against 2.1.3 ... so I believe we're still waiting for Windows builds for 2.2-beta3 ... right? (21:42:22) mattock: oh yes, I created a 2.2-beta3 tarball: http://build.openvpn.net/downloads/releases/ (21:42:23) vpnHelper: Title: Index of /downloads/releases (at build.openvpn.net) (21:42:32) dazo: :) (21:42:45) krzee: sorry im late, was doing support stuffs (21:42:47) mattock: jamesyonan: when can we expect the initial Windows build for 2.2-beta3? (21:42:58) mattock: krzee: nice to have you here! (21:43:24) krzee: thx (21:43:58) mattock: regarding Windows build computer... it's in pretty good shape and in the community VPN (21:44:21) mattock: however, last week I started configuring static IPs for the VPN clients but did not finish the job (21:44:33) mattock: next week I'll finish what I started (21:44:43) dazo: cool! (21:44:46) mattock: after that we can start sharing accounts to the WinXP VM (21:44:58) dazo: 2.2-beta4 can be built by the community then ... (21:45:08) jamesyonan: mattock: I'm running the build now -- we'll know in a couple minutes if it works out-of-the-box (21:45:14) mattock: great! (21:45:17) cron2: dazo: signing? (21:45:20) dazo: cron2 and I was thinking about something earlier today ... (21:45:28) dazo: cron2: spot on! (21:45:50) dazo: how do we do it with signing of TAP drivers on the community builds? (21:46:25) mattock: a quick question about static client IP's... is using ccd's the only reliable way to do that? (21:46:27) dazo: we don't see it as reasonable to have the official signing keys for OpenVPN there ... so we're wondering if it's possible to acquire some community signing keys there (21:46:39) dazo: mattock: basically, yes (21:46:41) cron2: mattock: ccd or plugin (21:46:46) jamesyonan: the community builds have a signed TAP driver (21:46:51) krzee: mattock, no, client-connect is good too (21:47:21) cron2: jamesyonan: so we just import the TAP driver binary from you? (21:47:23) dazo: but we also do modify the TAP driver as well, from time to time ... cron2 got his IPv6 support patches for the TAP driver in beta2.2 (21:47:47) mattock: krzee: I'll look into that, thanks! (21:47:49) cron2: ... and if we need to work on the TAP driver, James need to compile a new set :) (21:48:18) dazo: of course, it's not that often we change that ... yet ... but when people begin to chime in with bugs, we definitely need to look at that (21:48:24) jamesyonan: cron2: yeah, I can provide a directory of pre-built TAP drivers (21:48:40) cron2: coolk (21:48:50) dazo: that's worth a shot to start with ... lets see how that works out! (21:49:14) dazo: jamesyonan: out of curiosity ... what does such a signing key cost? (21:49:34) jamesyonan: ~ $450/year (21:49:42) dazo: per year ... wow .... (21:50:13) mattock: and lots of pain to get through the bureaucracy, I think :) (21:50:24) mattock: if it's "MS approved" (21:50:31) dazo: I see (21:50:52) mattock: jamesyonan: did the build succeed? (21:50:56) dazo: heh (21:51:02) dazo: patience is a virtue :-P (21:51:18) cron2: impatience gets things done :) (21:51:20) jamesyonan: yes, it looks like it succeeded -- just a second and I will push the exe it to a URL (21:51:27) cron2: \o/ (21:51:27) krzee: cant we continue using the same driver and just rebuild the rest of it on the VM? (21:51:31) mattock: excellent! (21:51:42) krzee: (unless its actually a change to the driver) (21:51:46) mattock: krzee: we should be able to (21:51:47) cron2: krzee: as long as nobody works on the TAP driver... :-) (21:51:50) cron2: (yes) (21:52:02) dazo: krzee: not when we update the TAP code ... cron2 got is IPv6 goodies there (21:52:04) krzee: ooooo right (21:52:20) ***krzee parades cron2 on his shoulders (21:52:30) dazo: of course, if cron2 has done his job properly ... he won't need to touch that code again ;-) (21:52:37) ***cron2 hopes (21:52:45) ***dazo hopes too (21:52:47) ***krzee crosses fingers (21:54:31) dazo: jamesyonan: if there were any compiler warnings ... please pass them over so we can have a look at them (21:54:51) jamesyonan: does this build have TAP driver source code changes compared to 2.1.x? (21:54:56) mattock: do we want people on -users ml to test James' build before making the official release? (21:55:00) dazo: jamesyonan: yes, it does (21:55:07) mattock: jamesyonan: yep, cron2's stuff (21:55:25) jamesyonan: dazo: ok, I'll need to tweak the build scripts a bit then (21:55:35) cron2: mattock: no. it's a beta. the whole point is to get people to test the result :-) (21:56:02) mattock: oh yes, we decided that earlier :D (21:56:02) dazo: jamesyonan: can you send me a patch ... or mail me the changed files, and I'll make sure they get commited (21:56:08) jamesyonan: sure (21:56:22) cron2: jamesyonan: we need to bump the version number so the openvpn.exe knows "earlier version that <x> do not have IPv6" (21:57:37) cron2: the current code assumes that "9.7" is the first version with IPv6 (I bumped that in my branch, your latest version is 9.6) (21:59:28) mattock: cron2: regarding the test server... what kind of horsepower does it need? (22:00:07) mattock: I mean, would something in Pentium 120Mhz class do the trick? :) (22:00:12) cron2: mattock: this depends on the number of tests going on :-) - a single test does something like "establish openvpn tunnel, send 1000 ping packets, close tunnel" (22:00:30) mattock: nothing fancy, then (22:00:36) cron2: a P120 might be a bit slow in the crypto handshake, tho (22:00:55) dazo: gee ... my mobile phone is more powerful .... (22:01:18) mattock: true... I'm just thinking that a very low resource KVM VM would be best (22:01:21) cron2: I run my tests against a SheevaPlug (1.2GHz ARM CPU) (22:01:33) mattock: max 256MB RAM and a fews gigs of diskspace (22:01:38) cron2: yep (22:01:56) mattock: the server that was offered to us today is _way_ overpowered (22:02:15) mattock: I'll ask Andrew if he could generate a small VM for "make test" use (22:02:45) dazo: nah, if it's open to the public as an open test server ... I see no problem with that ... it makes it easier to provide a test suite we can expect people to use before submitting patches to us (22:04:18) mattock: dazo: nah to what? :P (22:04:20) dazo: cron2: I was thinking about the test script ... 1000 ICMP requests .. what if we also do some netcat stuff, send 128KB of data ... and compare a SHA256 checksum of the transferred data, to make sure the tunnel can do more useful stuff too? (22:04:48) cron2: dazo: yes, that was sort of the next steps to do (22:04:53) krzee: dazo, +1 (22:05:12) cron2: wget an URL defined in the .rc file, md5sum, compare to sum defined in the .rc (22:05:27) dazo: mattock: I meant, if we have a 100% open test server ... where whichever who pulls down our code can run a test against ... then it's good to have some horse power on the server ... to make sure it won't break down if too many tries at the same time (22:05:34) cron2: the tricky bit is "make this portable" and "make it easy to setup the server" (22:06:10) mattock: dazo: ok, I was thinking about the same... and I don't think many people will be building from source simultaneously. (22:06:15) cron2: right now, the test suite runs one test that will fail if multiple clients connect at the same time ("does *this* IP address show in 'ifconfig -a' after connection?") - but it's optional (22:06:43) dazo: cron2: gotcha ... what about some clever python code? .... I don't think that server should be allowed to be used to access the Internet ... then we suddenly get a brigade of Chinese guys using it for more "useful" stuff ... (22:06:46) mattock: dual core dedicate server with 90GB might be an overkill (22:07:05) cron2: dazo: I actually think we should "get" *and* "put" something over the tunnel, to make sure no MTU issues bite (22:07:08) mattock: and I'd rather not use the "make test" server for anything useful, as it's kind of high risk use (22:07:20) cron2: dazo: python where? on the client? very much no-go (22:07:21) mattock: anything _other_ stuff, that is (22:07:52) cron2: mattock: yes, the test server should really be "static, stand-alone, if it gets broken, just copy the last VM snapshot over again" (22:07:56) dazo: mattock: that server can run the latest stable OpenVPN server .... to make sure it is more, well, stable ... (22:08:26) mattock: ok, so a simple KVM VM it is, then (22:08:28) dazo: of course, that won't help IPv6 testing until that's in a stable branch, though (22:08:31) cron2: dazo: we don't require python in the build process yet (unless building for windows) and most non-linux platforms do not have it, so requiring it for testing is not so good (22:09:20) dazo: cron2: ahh ... I thought *BSD might have jumped unto that bandwagon already ... but, yeah, I hear you in regards to Solaris (22:09:55) cron2: no python on a stock openbsd, netbsd, freebsd, or solaris... (22:10:03) mattock: btw. we only have one topic left after this: "Translations" (22:10:04) cron2: worse, I can't do python :) (22:10:04) dazo: well, but we got a C compiler available ... writing something nice and easy in C, that should be portable enough :) (22:10:07) krzee: requiring it in optional testing is fine (22:10:24) cron2: krzee: NACK (22:10:26) dazo: krzee: we're thinking about making it part of a more mandatory testing (22:10:26) krzee: in a test that is part of make or something, agreed (22:10:31) krzee: gotchya (22:10:35) jamesyonan: ok, build is ready + TAP driver bundle: http://secure.openvpn.net/openvpn-2.2/ (22:10:36) vpnHelper: Title: Index of /openvpn-2.2 (at secure.openvpn.net) (22:10:40) cron2: jamesyonan: cool! (22:11:02) dazo: anyone got Windows available to give it a whirl? (22:11:10) cron2: dazo: compile a test "TCP get, TCP put, compare md5" code sounds like an interesting idea, yes (22:11:11) mattock: none here... (22:11:42) jamesyonan: I incremented TAP version to 9.8 (22:11:54) cron2: jamesyonan: what is 9.7? (22:11:55) mattock: actually I do have a Windows box here, takes a few mins (22:12:26) dazo: eek ... does that mean that we might have some issues with the OpenVPN binary making use of the new tap driver? (22:12:30) jamesyonan: TAP driver version for 2.1.3 is 9.7 (22:12:45) cron2: dazo: especially md5sum/sha is also something that's not available "out of the box" everywhere, but the test program can link openssl and get the hash functions (22:13:04) cron2: jamesyonan: ok, I'll adapt the test in my code - it currently assumes that "9.7 will know about IPv6". (22:13:29) dazo: cron2: I already have decent BSD licensed SHA512 calc code available ... pure C, no dependencies at all (22:13:32) cron2: dazo: I don't think so. The version number is only checked for "minimum requirements" (22:13:45) dazo: cron2: oh, good ... (22:13:48) ***dazo breathes again (22:14:00) cron2: dazo: tun.c, look for TAP_WIN32_MIN_MAJOR (22:14:06) ***dazo looks (22:15:24) dazo: yeah, looks good (22:15:45) cron2: I'll update my check to check for 9.8+ and commit that to ipv6_payload (22:15:53) dazo: perfect! (22:16:42) mattock: installing 2.2-beta3 on WinXP home (22:16:59) dazo: mattock: do you have consensus re: 2.2-beta3 and test server? (22:17:09) dazo: we only have translation left on the agenda (22:18:09) mattock: test server: ask for a KVM VM from Andrew (22:18:26) mattock: 2.2-beta3... I guess the only question is the release date (22:18:43) mattock: I'll test it from WinXP to community VPN and see how it goes (22:19:26) mattock: jamesyonan: could you put 2.2-beta3 packages to the community software download page? (22:19:41) dazo: mattock: if that installs and seems to work at first glance .... ship it! ... just to announce it :) (22:19:44) mattock: tarball/zip is here: http://build.openvpn.net/downloads/releases/ (22:19:46) vpnHelper: Title: Index of /downloads/releases (at build.openvpn.net) (22:20:05) mattock: windows logo test failed, but I guess that's fine (22:20:36) dazo: windows logo test? (22:21:11) krzee: please please please change the front page of openvpn.net to be more clear about what they are downloading, every day people download the client, and dont know it is for access server (22:21:13) mattock: yeah, I think that means the executable has not been given official blessing from MS (22:21:19) jamesyonan: we need to update the download page generation script for 2.2beta (22:21:20) dazo: ahh (22:21:32) mattock: krzee: that's been taken care of... I'll fix that on monday (22:21:34) dazo: krzee: that's been discussed ... and mattock got a plan :) (22:21:39) krzee: cool (22:21:57) mattock: krzee: check this out http://pastie.org/1134328 (22:22:04) krzee: i remember it discussed last week, since its another meeting since i mentioned it again ;) (22:22:12) mattock: that's what the "client software -> downloads" page would look like (22:22:28) mattock: and the "Windows download" link on openvpn.net front page would lead to that page, too (22:23:11) krzee: werd (22:23:21) krzee: sorry to hijack the subject (22:23:36) mattock: hmm... does somebody know how OpenVPN-GUI is supposed to work? (22:23:43) jamesyonan: dazo: here is the diff of what I needed to change to build : http://secure.openvpn.net/openvpn-2.2/diff.txt (22:23:55) mattock: I get an icon to tray but nothing else, no configuration window (22:24:01) mattock: or GUI (22:24:21) jamesyonan: I've gotta run in 5 minutes (22:24:30) dazo: jamesyonan: perfect! I'll merge it into beta2.2 immediately .... the TAPBINSRC ... is that something which will be consistent for the 2.2 release? (22:24:31) mattock: ok, no probs (22:25:26) cron2: dazo: TAPBINSRC sounds like something useful for the windows VM - 2.1 rebuilds grab the precompiled driver from tap_dist, 2.2 builds grab from tap_dist-2.2 (22:25:38) jamesyonan: TAPBINSRC should be consistent (22:25:46) cron2: mattock: there's basically just "connect", "look at log" and "open editor window", if I remember right (22:26:03) cron2: it will auto-load all *.ovpn files that are found in some directory (22:26:20) dazo: jamesyonan: cron2: thx! Then I'll make sure I won't change that when merging in 2.1 stuff (22:26:23) jamesyonan: all you need to do is point TAPBINSRC at the precompiled driver bundle (22:26:38) mattock: hmm... I'll uninstall 2.2-beat3 and try 2.1.3 (22:26:44) mattock: to see if it works ok (22:27:14) dazo: cron2: it makes sense then to put that change into the feat_ipv6_wintap branch, and merge that in further, don't you think? (22:27:26) dazo: that includes allmerged as well (22:27:29) cron2: dazo: yes (22:28:36) cron2: (and I need to pull in that branch as well, to make sure all branches with "changed tap driver" have the same code in them) (22:28:58) dazo: cron2: correct! (22:30:00) mattock: ...rebooting to see if that makes a difference (22:32:21) mattock: ok, got to do some digging first (22:32:31) mattock: should we discuss translations? (22:32:33) mattock: last topic (22:33:30) mattock: as cron2 pointed out, we're at the mercy of volunteer translators :P (22:33:43) krzee: i would think german is the most important to do... since there are SOOOO many germans using ovpn (22:33:52) krzee: seem to be a highly security minded population (22:34:05) mattock: yep, openvpn.eu is full of german openvpn users (22:34:19) krzee: is there a list of stuff to translate? (22:34:29) cron2: krzee: there's just so many of us :) (22:34:48) mattock: however, I don't think _we_ should do the translation if we can avoid it... (22:34:58) dazo: krzee: they even give out CD's with OpenVPN installs when you cross the border Germany here in Europe ... (22:35:24) mattock: besides, only one(?) of us who could do it is cron2 :D (22:35:47) dazo: how did cron2 say it .... (22:35:52) dazo: " we're at the mercy of volunteer translators" (22:35:53) krzee: i live in a spanish speaking country... (22:36:18) ***cron2 is not good at "computer text in german", I find english messages shorter and more to the point (22:36:20) mattock: dazo: that was I adapting cron2's words :)... (22:36:23) cron2: too much exposure to computers (22:36:26) dazo: I would say that German, Spanish and Russian are important languages ... but also Chinese (22:36:41) mattock: perhaps we should ask openvpn.eu guys if they want to setup a "German translation project" with our help (22:36:42) krzee: if i was given a sheet of english stuff, i could translate it to spanish (22:37:01) dazo: cron2: no matter which text being translated from English to German ... it's always 74% longer :-P (22:37:29) dazo: krzee: cool! you could start with the man page ;-) (22:37:39) krzee: oh hell no! (22:37:39) krzee: LOL (22:37:44) dazo: :-D (22:37:51) mattock: what should we translate? (22:37:54) krzee: google translate for the win (22:38:12) mattock: my proposal is: "stuff most people look at _and_ that does not change often" (22:38:42) dazo: seriously, man page is the most important documentation, I would say ... *and* it would probably spot discrepancies between the man page and the real world as well (22:39:17) dazo: the man page do change, though ... so that would require some kind of "alert list" whenever openvpn.8 is changed (22:39:55) mattock: how could we implement an alert list? (22:40:40) dazo: well, for now, it's me who formally accepts community changes into the tree ... so that would be me (22:41:13) mattock: could we get automatic notifications? a git hook or something? (22:41:31) dazo: yeah, that's my next thought (22:41:46) dazo: would then probably need to run on sf.net servers though (22:41:59) dazo: or another server I would also push changes to (22:42:06) mattock: and SF.net git hooks are pretty limited (22:42:56) dazo: I know there is some support for mailing there ... and that should be enough .... the hook itself is just a little bash script (22:43:10) dazo: so if the changed file == 'openvpn.8' -> send mail (22:44:12) mattock: dazo: and you had several git clients you use to push stuff to SF.net? (22:44:33) dazo: mattock: yeah, I'm doing stuff from two different computers (22:45:13) mattock: where would the list of translators be stored? or could we expect them to be active and follow the development themselves? (22:45:41) dazo: mattock: I would have them saved in a file on the SF.net server ... and Cc -devel list (22:46:05) mattock: ok (22:46:05) dazo: in fact, it could most probably be stored in a git config file (22:46:39) mattock: what do you think about asking openvpn.eu guys about the manual page translation? (22:46:42) mattock: into german (22:46:51) dazo: sure! (22:47:02) mattock: ok, I can do it, shouldn't take long (22:47:30) dazo: I'm just thinking if someone should get the challenge to move the man page over to a better format ... which could easily be converted into a man page ... and making translations more easy (22:47:47) ***dazo thinks in the lines of DocBookXML format (22:47:50) mattock: hmm, yes... would make sense (22:48:14) mattock: and docbook could be converted to other formats, too... I think (22:48:22) dazo: yes, indeed (22:48:47) ***dazo is using Publican (front-end to DocBookXML) for his eurephia documentation (22:49:05) mattock: perhaps this is worth a Trac ticket (22:49:18) mattock: something a non-coder can help with (22:49:29) dazo: And if someone doing the translations have the capacity of looking into getting this into DocBook ... well, I'll rejoice! (22:49:58) dazo: (man, that was a bad sentence ... but it's getting late now) (22:50:14) mattock: I think having a list of stuff people can help with would be good (22:50:21) dazo: agreed (22:50:37) mattock: e.g. list of Trac tickets and a link from openvpn.net and/or community.openvpn.net (22:51:17) mattock: put it to my TODO list :D (22:51:31) mattock: I wonder why I never run out of stuff to do (22:51:51) mattock: anyways, I think we've covered pretty much everything (22:51:59) mattock: anything else? (22:52:14) dazo: to quote one of the Realtime kernel developers .... "TODO lists should grow, if they shrink it's a sign I'm getting senile" (22:52:16) mattock: I'll test the WinXP build of 2.2-beta3 (22:52:39) mattock: hmm, then I'm definitely not senile (22:52:41) mattock: ;) (22:52:45) dazo: :) (22:53:13) mattock: I may be able to send the summary tomorrow... if not, then by Monday (22:53:35) dazo: I've not had time to complete the patches for the new plug-in API ... jamesyonan asked me to provide the new feature as well (X509 certificate chains) ... and I got another idea for a few more improvements ... so I'll look at that in the near future (22:54:04) mattock: sounds good (22:54:13) dazo: mattock: I cannot join the meeting next week (travelling again), and probably also not the following one - unless something surprisingly good happens :) (22:54:30) cron2: dazo: I have something I want to discuss with you (22:54:39) dazo: cron2: shoot! :) (22:54:49) ***dazo hides while cron2 aims (22:54:53) mattock: dazo: ok, no problem (22:55:05) cron2: as far as I have seen, you haven't pull-push'ed my branch in a while, waiting for ACK on the OpenBSD/IPv6 changes (22:55:09) cron2: right? (22:55:47) dazo: cron2: right ... and I'm wondering about upgrading your status to the same level as I give jamesyonan no requirements of having his patches ACKed (22:56:18) dazo: cron2: I'm considering to pull in your stuff, as is ... but that's also because you are active here and I don't think you will hide too quickly :) (22:56:57) cron2: that's what I wanted to suggest: since this goes to its own branch anyway, it would certainly be good to get feedback (so I'll continue to send the patches to the list), I think the potential breakage is low, and it's more useful to have it in there to see whether collisions occur (22:57:07) dazo: having that said ... I'm really wondering what to do with JJO's code base ... we have a potential issue with it breaking --multihome support ... I decline to merge that into a beta branch until this has been sorted out (22:57:38) dazo: (^^ that would be beta2.3) (22:57:50) cron2: I'd suggest "my changes to feat_ipv6_payload go in right away, other patches require an ACK" :-) (22:58:12) dazo: mattock: jamesyonan: do you have any thing against that? (22:58:50) dazo: cron2: on issue is also that it's not that many who have followed the code IPv6 development .... for various reasons, so you are our IPv6 expert now (22:58:51) cron2: and I don't really know yet how we tackle 2.3 - someone needs to review the ipv6_payload stuff, to make sure everything is in line, no weak code spots (mem leaks, overruns, the usual) (23:00:19) dazo: mattock: jamesyonan: can we run the allmerged code base through coverity at some point? to get some automatic review of the code base, especially focusing on cron2's code? (23:00:52) cron2: that sounds interesting (23:00:57) dazo: iirc - openvpn tech got a coverity license, so that might help with a basic review (23:01:54) dazo: http://scan.coverity.com/ .... hmmmm (23:02:04) vpnHelper: Title: :: scan.coverity.com : Accelerating Open Source Quality : (at scan.coverity.com) (23:04:15) dazo: OpenVPN is already in this loop (23:04:54) kisom: heh, samba has more lines of code than PHP (23:04:59) kisom: didn't expect that (23:05:40) dazo: Oh, I'm not surprised ... the NMB/SMB/SMB2/CIFS stuff is pretty complex .... especially when "simulating" an Active Domain server (23:06:03) dazo: or "pretending to be an AD server", is probably more correct (23:06:40) cron2: so how do we get the results? (23:07:02) dazo: a project admin needs to sign in, to get access ... (23:07:13) ***dazo suggest mattock to be our project admin in this case (23:07:29) mattock: more stuff to the todo-list? :) (23:07:42) cron2: mmmh (23:07:51) dazo: always! need to make sure you stay sane! (23:07:52) cron2: 18 unchecked issues (23:08:56) mattock: dazo: you mean "project admin" when dealing with coverity? (23:10:22) dazo: mattock: well, to get the results and to provide them to us .... you're the closest one of us to be an official representative for OpenVPN (23:10:31) cron2: +1 (23:10:33) mattock: yeah, makes sense (23:10:49) cron2: and then figure out how to run different versions through this - 2.2-beta*, -allmerged (23:10:56) dazo: exactly (23:11:06) mattock: I can do it... in fact, the coverity stuff is on my todo list already (23:11:11) cron2: great (23:11:13) mattock: too much to do, too little time (23:11:21) mattock: so it boils down to priorization :) (23:11:26) dazo: :) (23:12:03) cron2: tell me about that :-) - $daughter is going to wake up in about 20 minutes and then $wife will insist that I go to bed as well (to avoid waking up $daughter after she got fed) (23:12:25) dazo: if you strip the $daugther part and leave $wife ... you have my situation in about 20min :-P (23:12:55) cron2: heh :-) - so let's call it a day, go ahead with our respective TODO lists, and have a good night :-)) (23:13:02) dazo: +1 (23:13:03) dazo: :) (23:13:35) mattock: cron2: +1 (23:13:46) mattock: just got Windows client (2.1.3) to work on WinXP (23:13:54) mattock: now I'll remove 2.1.3 and try 2.2-beta3 (23:14:08) mattock: forgot how painful working in Windows can be... (23:14:55) dazo: I discovered a new function in Wine today ... "Wine Boot" ... after having run it, it makes newly started applications believe Windows have just been restarted :-P (23:15:28) mattock: that's nasty! :) (23:16:10) dazo: yeah :) (23:16:26) ***cron2 is fairly sure that openvpn will not work under wine (23:16:28) mattock: wine has become pretty impressive (23:17:10) dazo: cron2: yeah, the issue is the TAP driver .... except of that, it do run ... it can even connect (23:17:21) cron2: wow (23:17:30) dazo: but it stops when it can't read/write to a TAP device (23:17:39) cron2: unsurprisingly :-) (23:17:44) dazo: :) (23:17:54) mattock: one more reboot and my Windows testing is complete :) (23:18:21) dazo: $ wine .wine/drive_c/Program\ Files/OpenVPN/bin/openvpn.exe --version (23:18:21) dazo: wine: cannot find L"C:\\windows\\system32\\wineboot.exe" (23:18:21) dazo: err:process:start_wineboot failed to start wineboot, err 2 (23:18:21) dazo: OpenVPN 2.2-beta3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Sep 2 2010 (23:18:21) dazo: Originally developed by James Yonan (23:18:22) dazo: Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net> (23:18:24) dazo: $ ./configure --enable-strict --prefix=/c/src/openvpn-2.2-beta3/windest MAN2HTML=true --with-ssl-headers=/c/src/openvpn-2.2-beta3/../openssl.mingw/openssl-0.9.8o/include --with-ssl-lib=/c/src/openvpn-2.2-beta3/../openssl.mingw/openssl-0.9.8o/out --with-lzo-headers=/c/src/openvpn-2.2-beta3/../lzo-2.02/include --with-lzo-lib=/c/src/openvpn-2.2-beta3/../lzo-2.02 --with-pkcs11-helper-headers=/c/src/openvpn-2.2-beta3/../pkcs11-helper/usr/loc (23:18:29) dazo: al/include --with-pkcs11-helper-lib=/c/src/openvpn-2.2-beta3/../pkcs11-helper/usr/local/lib (23:18:31) dazo: Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LOAD_LIBRARY USE_LZO USE_PKCS11 USE_SSL (23:20:40) mattock: ok, 2.2-beta3 works on Windows XP Home (23:20:52) dazo: cool! (23:21:04) cron2: cool! (23:21:04) mattock: I can browse Trac through the VPN (23:21:11) cron2: hooray! (23:21:14) cron2: go release! (23:21:20) dazo: for sure! (23:22:12) dazo: hmm ... I just realise that it seems like there is no --plugin support at all in Windows ... (23:22:40) mattock: jamesyonan: could you push out 2.2-beta3 as soon as possible? installer seems to work at least on WinXP home (23:22:47) dazo: hmm (23:22:58) ***dazo must have misread the configure.ac (23:23:01) mattock: dazo: is that a regression? or just standard behavior (23:23:11) dazo: mattock: not sure at all, to be honest (23:23:43) dazo: mattock: I don't think it's a regression ... I see that --plugin is available in the binary ... but I don't know if it works (23:23:57) mattock: ok, good (23:24:37) dazo: ahh ... I misread the configure.ac ... and I see now that the eurephia feature is only enabled for non-Windows (23:24:40) mattock: ok, got to get some sleep now, nice meeting again! (23:24:49) dazo: +1 (23:24:57) mattock: bye! (23:25:02) dazo: bye (23:25:08) cron2: byw
