Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 8th December 2021
Time: 14:00 CET (12:00 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2021-12-08>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron2, dazo, d12fk, lev, mattock, MaxF, novaflash, plaisthos, rob0 and
syzzer participated in this meeting.
---
Talked about getting IPv6 to community.openvpn.net. There has been no
progress on this front.
---
Talked about OpenVPN 2.5.5. MaxF found out that OpenVPN release/2.5 and
master segfault if mbedtls is compiled without blowfish support. He'll
provide a patch for this that will be included in 2.5.5.
Due to the above decided to postpone 2.5.5 release to Wednesday 15th
December 2021.
---
Decided that cron2 will send the US-bound hackathon T-shirts to
novaflash who can ship them to the US.
--
Full chatlog attached
15.00.05) d12fk: hi
(15.00.35) rob0: it's That Time Again
(15.00.44) novaflash [~novafl...@185-227-75-241.dsl.cambrium.nl] è entrato
nella stanza.
(15.02.18) mattock: hi!
(15.02.46) novaflash: ugh
(15.02.51) cron2: gu
(15.04.25) cron2 ha scelto come argomento:
https://community.openvpn.net/openvpn/wiki/Topics-2021-12-08
(15.04.48) cron2: shall we start with something simple? ipv6 to community?
(15.05.22) novaflash: that'll take a long time, we're still in the process of
getting a community-only infrastructure. it's a slow process.
(15.05.55) cron2: not sure this is answering the same question
(15.06.10) novaflash: oh sorry. i thought it was about the community
infrastructure like forums and such.
(15.06.18) mattock: ha
(15.06.23) cron2: "ipv6 to community" is as simple as checking the "[X] yes,
ipv6" checkmark on cloudflare, for openvpn.net
(15.06.31) novaflash: okay. same thing.
(15.06.33) cron2: but The Company is afraid
(15.06.41) mattock: yes
(15.06.46) novaflash: ya hence we need to get our own community infrastructure
(15.06.51) cron2: forums.openvpn.net has IPv6 address
2600:1f1c:702:ae00:57df:e63:fbd0:a360
(15.06.58) cron2: it's not an *infrastructure* issue
(15.07.08) novaflash: semantics
(15.07.09) cron2: it's Massive Corporate Silliness
(15.07.31) novaflash: i'll pass that along to andrew;-)
(15.07.37) plaisthos: yeah, fear of the "enable ipv6" button
(15.07.39) cron2: you could run communit wherever you want, if Corp does not
allow the checkbox item on cloudflare to be set, because We Have Doubts,
community won't have ipv6
(15.08.02) lev__: hello
(15.08.02) cron2: novaflash: feel free to quote me on that :-)
(15.08.07) MaxF: hello!
(15.08.14) cron2: hi maxf, lev__
(15.08.17) mattock: hi
(15.09.41) mattock: ok, next topic?
(15.09.43) cron2: are ordex, dazo, d12fk joining?
(15.09.52) cron2: next topic would be 2.5, me thinks
(15.09.54) novaflash: i think ordex is on a public holiday
(15.10.25) ***rob0 is not a fan of cloudflare, at least not for everything
(15.11.12) d12fk: cron2: I was the first here ;-)
(15.11.41) ***cron2 polishes his glasses
(15.11.51) novaflash: i just pinged dazo, he'll be joining shortly
(15.11.55) d12fk: ordex: has a public holiday
(15.11.56) cron2: oh, yeah, a d12fk has appeared! in a blinding flash of light!
(15.12.01) dazo: sorry, I'm here ... forgot about time
(15.12.30) novaflash: yes time is something that slips my mind too. space too
sometimes. sometimes both at the same time and then the universe is gone.
(15.12.52) rob0: I hate it when that happens.
(15.12.57) cron2: tried to join a meeting today... first, wrong timezone (DE
vs. UK). Then, right time, still no meeting. Meeting was yesterday...
(15.13.10) cron2: so yeah, I know what you mean
(15.14.16) cron2: 2.5?
(15.15.03) mattock: the famous upcoming 2.5.5
(15.16.45) lev__: yeah I guess we're ready for it
(15.17.09) lev__: there were quite a few changes/bugfixes in openvpn and gui
since 2.5.4
(15.17.28) syzzer: cool. any new bugs too?
(15.17.29) mattock: yep
(15.19.42) cron2: not sure if anyone tested last week's installer, since it was
not announced...
(15.19.58) mattock: I think wiscii tested it, but I could be wrong
(15.20.57) MaxF: I still have a patch that I would like to get into 2.5. The
one where OpenVPN deletes IP addresses on exit even with --ifconfig-noexec
(15.21.16) cron2: yeah, sorry. I got plaisthos'ed
(15.21.34) cron2: (to plaisthos someone = swamp in 20+ patches :-) )
(15.21.36) novaflash: that sounds uncomfortable
(15.21.41) MaxF: yeah, I saw that too
(15.22.23) cron2: turning that around - I saw you looking at 7/9 v2 of the
"cipher" patchset. Any good? :-)
(15.25.41) cron2: ok, back to 2.5 - so, either we do 2.5.5 soonish
("tomorrow"), and merge MaxF's patch into 2.5.6, or we delay another week
(15.25.55) MaxF: looked good to me. Then I had a segfault while running the
unit tests, then I found that that happens too with the latest master
(15.26.01) MaxF: so I'm looking into that now
(15.26.31) cron2: "standard unit tests" or your own test rig?
(15.26.40) cron2: it doesn't break for me, so I must do something wrong :)
(15.26.41) plaisthos: MaxF: that should not happen. Do you have the segfault?
(15.26.53) MaxF:
assert_string_equal(mutate_ncp_cipher_list("BLOWFISH-CBC", &gc), "BF-CBC");
(15.26.59) plaisthos: but I mainly tested the full patch set and not each on
its own
(15.27.29) plaisthos: MaxF: that is mbed TLS specific
(15.27.32) MaxF: I think this needs an if (have_blowfish) before it
(15.27.35) cron2: "master" is buildbot-tested, and no crash there...
(15.27.39) plaisthos: what mbed TLS version do you use?
(15.27.42) cron2: maybe mbedTLS 3?
(15.27.53) plaisthos: mbed TLS 3 will definitively break there
(15.28.05) plaisthos: or an mbed TLS without BF support
(15.28.24) MaxF: it's not mbed TLS 3, but we compile it without blowfish support
(15.28.37) plaisthos: MaxF: yes. That is the compile without blowfish
(15.28.51) plaisthos: MaxF: do you want to send a patch with if (have_blowfish)
guard?
(15.28.57) cron2: please
(15.29.04) plaisthos: or should I?
(15.29.17) MaxF: I'll be done in just a moment!
(15.31.28) plaisthos: but it is unrelated to the patchset and exists ever since
that unit test was introduced :)
(15.31.32) MaxF: this is testing that ciphers are translated correctly. Is
there anything else we should check for mbedtls, besides blowfish?
(15.31.59) MaxF: plaisthos No, you added that line in the patch set ;)
(15.32.38) MaxF: git blame doesn't lie
(15.32.51) plaisthos: MaxF: I added it but not in *this* patchset
(15.32.52) plaisthos: :)
(15.33.07) plaisthos: MaxF: I think the rest of the ciphers is already guarded
(15.33.25) plaisthos: and we assume AES-256-CBC and AES-256-GCM to be always
there
(15.33.50) plaisthos: you could debate aboutr AES-256-CBC but OpenVPN requires
AES-256-GCM to be always present nowadays
(15.36.02) MaxF: I didn't mean that we need additional guards. I was just
wondering if BLOWFISH-CBC to BF-CBC is the only translation we need to test
(15.39.11) plaisthos: MaxF: check cipher_name_translation_table
(15.39.26) plaisthos: you could test for existance of { "CAMELLIA-256-CFB",
"CAMELLIA-256-CFB128" }
(15.39.32) plaisthos: and use that
(15.44.13) MaxF: well, we don't have that either in our build... but maybe it
doesn't even make sense to run unit tests with our build of mbedtls
(15.45.07) MaxF: still, since we're already checking (have_blowfish), I'll
submit a patch for that
(15.48.35) plaisthos: MaxF: yeah it is not important to check that
(15.51.49) dazo: next topic?
(15.52.12) cron2: we're in 2.5, and have no answer on "when to release 2.5.5"
(15.52.45) syzzer: Once MaxF's fix is in?
(15.52.57) cron2: that is one possible answer, so "next week", then
(15.53.06) cron2: mattock: which day?
(15.53.25) mattock: any
(15.53.34) cron2: pick one
(15.53.35) mattock: I don't have any particular preferences
(15.53.43) mattock: let me roll a dice
(15.53.49) cron2: so you get a 2.5.5 tag that day's morning
(15.53.50) mattock: wednesday?
(15.53.54) cron2: okay
(15.54.36) cron2: so, T-Shirts. Have you corp people decided who wants the big
box with the Corp T-Shirts?
(15.54.48) mattock: mm
(15.55.04) mattock: novaflash: do you know who we should tease with T-shirts?
(15.55.20) ***novaflash runs away
(15.55.30) ***novaflash slowly comes back
(15.55.39) novaflash: okay i suppose either you or me should handle that huh
(15.55.42) mattock: well, I've sent T-shirts to the U.S. in the past and it
"seemed to work"
(15.55.48) mattock: years ago
(15.56.00) mattock: not sure if customs things have changed since then
(15.56.02) novaflash: yeah sending stuff to america now require online
registration and stuff but it's all still doable
(15.56.12) novaflash: i did it when i sent hard disks to rob0
(15.56.18) novaflash: filled with viruses of course
(15.56.20) mattock: ah, you have recent experience!
(15.56.22) mattock: I see a victim here
(15.56.30) mattock: I nominate novaflash
(15.56.32) mattock: :D
(15.56.33) novaflash: yeah send it to me and i'll figure something out
(15.56.46) novaflash: i do have to go in a minute or so, another meeting coming
up, but i can send details
(15.56.52) cron2: okay. Please mail me your address, I'll see if I can post it
tomorrow
(15.57.02) cron2: I need to leave now as well, meeting coming up, coffee empty
(15.57.34) mattock: let's end this thing
(15.57.47) cron2: *wave*
(15.58.05) d12fk: adios
(15.58.21) mattock: bye!
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
