Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 12th January 2022
Time: 10:30 CET (9:30 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2022-01-12>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron2, d12fk, mattock, ordex and plaisthos participated in this meeting.
---
D12k said his DNS patch will be arriving as a GitHub PR shortly after
the meeting. Plaishos will take a look at at the PR when it is ready.
---
Mattock now has new production buildmaster running in a new, shiny
community VPC, but it is not accessible from the outside. The next step
is to add OpenVPN server to the VPC to grant access to buildbot workers
and people who need access. Mattock will provide new OpenVPN configs for
cron2 and wiscii when the server is ready.
Noted that the Windows buildbot worker does not yet run connectivity
tests for the MSI installers it creates and signs. Adding that support
should be fairly straightforward however, given mattock semi-automated
Windows-based testing with Powershell earlier.
---
Talked about IPv6 on community.openvpn.net. Nothing has happened on that
front, but fortunately IPv6 is gaining traction globally and there might
eventually be progress on this as well.
--
Full chatlog attached
(11.18.29) cron2: I'm fighting IPSEC VPN, so might be a tad late
(11.24.21) mattock: install OpenVPN instead
(11.31.15) mattock: hello
(11.31.45) mattock: any young and enthusiastic software developers here today?
(11.31.53) mattock: or if not young, at least enthusiastic?
(11.32.09) ordex: hi
(11.32.56) d12fk: hello
(11.33.15) d12fk: cron2: what are you fighting with?
(11.33.39) d12fk: mattock: can serve with being here at least ;-)
(11.33.50) mattock: d12fk: that is enough :)
(11.34.11) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2022-01-12
(11.34.18) mattock: pure copy and paste that agenda
(11.34.21) cron2: now!
(11.35.22) cron2: d12fk: migrating corporate customer VPN from "IKEv1 on
Netscreen" to "IKEv2 on Fortigate", with all the possible crap out there, like
"Cisco ASA" or "opnsense"...
(11.35.40) cron2: *this* episode was "a pre-shared key starting with
0x<hexdigits>"
(11.36.05) cron2: which netscreen and opnsense interpret as, well, "hex digits
describing the key" and fortinet just takes verbatim as "it is a key that
starts with 0, x, ..."
(11.36.41) d12fk: have not seem many binary PSKs
(11.36.50) d12fk: *seen
(11.37.02) cron2: neither have I, so that came unexpected...
(11.37.13) ordex: how was 'x' interpreted? o-o
(11.37.19) ordex: just ascii ?
(11.37.34) cron2: just ascii on the FG side, so "key mismatch"
(11.37.47) ordex: indeed
(11.38.35) cron2: so, agenda :-)
(11.39.04) d12fk: off agenda, I can announce that the --dns PR will appear
shortly after this meeting
(11.39.10) cron2: nice
(11.39.30) cron2: my plate is full with buffers
(11.40.18) d12fk: yeah no rush
(11.40.34) mattock: update on my part: production buildbot exists in a new,
shiny community VPC, but is still unreachable due to lack of openvpn server
(11.40.43) mattock: so openvpn server is the next step for me
(11.41.40) cron2: ok. Will this be transparent to the build clients (same
credentials, same hostname) or do they need new configs?
(11.42.09) plaisthos: I will take a lok at the dns pr after I am done with xkey
patch set
(11.43.01) mattock: cron2: I think I'll create a completely new openvpn + CA
for that - otherwise I'd need to upgrade and migrate other stuff over to the
new AWS first
(11.43.33) cron2: okay
(11.43.35) mattock: I can create new client configs for you
(11.44.03) cron2: yes, please (and for wiscii, don't think anyone else
non-mattock runs a buildslave today)
(11.44.15) mattock: yep
(11.48.28) mattock: anything else for today or was this one the shortest
meeting ever? :)
(11.49.17) d12fk: the ipv6 for community question needs to be answered
(11.49.21) cron2: I wonder how to proceed with Lev's windows build patches
(11.49.46) cron2: https://patchwork.openvpn.net/patch/2214/ and
https://patchwork.openvpn.net/patch/2215/
(11.50.03) mattock: d12fk: yep, no progress on IPv6 front
(11.50.09) cron2: I can merge that ("it's not touching code, so I am not very
concerned") but having an actual test would be good...
(11.51.30) d12fk: don't we run a windows buildslave?
(11.52.39) mattock: d12fk: not at the moment
(11.52.57) mattock: the new buildmaster will have a MSVC buildbot worker
(11.53.32) d12fk: ah the new one is not active, yet
(11.53.51) d12fk: my bad
(11.53.52) mattock: no
(11.54.07) cron2: will it also install the result and test it?
(11.54.20) mattock: at the moment it only produces signed msi packages
(11.54.39) mattock: but adding tests should not be too difficult
(11.55.36) mattock: I have powershell code (which broke some time ago, but
should be easily fixable) for testing with openvpn-gui, openvpn.exe in cmd.exe
and openvpnserv2.exe
(11.55.59) mattock: so connecting to t_client server is very much a possibility
(11.56.44) cron2: cool
(11.59.34) mattock: anything else?
(11.59.52) d12fk: shirts
(12.00.07) cron2: I still wonder how to proceed with lev's patches
(12.00.36) cron2: and yeah, shirts, I need to send stuff (got de-prioritized
around christmas)
(12.01.42) d12fk: yeah just wanted to bring it back to memory
(12.02.36) cron2: the box is sitting right outside my "home office" door, so
quite prominently in the way :-)
(12.03.11) d12fk: ok as long as you trip over it from time to time, shirts will
happen =)
(12.04.01) mattock: I would not bet on it, knowing "community + IPv6" :D
(12.04.35) cron2: I wouldn't hold T-Shirts hostage for someone else's failure
to accept IPv6...
(12.04.46) d12fk: put IPv6 in a box in front of your office door =P
(12.04.51) mattock: no, I meant that tripping over does not guarantee that
things get done :D
(12.04.55) cron2: (JFTR, Google shows now more than 50% of traffic towards
Google being IPv6)
(12.05.04) cron2: ((from the US, that is))
(12.05.12) mattock: that's a lot
(12.05.29) d12fk: yeah it ahppens naturally as most providers assign a v6 prefix
(12.05.29) mattock: maybe 2022 is the year of IPv6
(12.05.52) d12fk: ... and the linux desktop
(12.05.55) mattock: it annoyes me that I have to pay 3€/month for a static
public IPv4 address in Hetzner Cloud
(12.06.01) mattock: so I welcome IPv6 there
(12.06.02) cron2: use IPv6
(12.06.05) cron2: :)
(12.06.15) mattock: I do, but people who visit that IP do not
(12.06.48) mattock: anyhow, it will unfortunately take a while before IPv4 can
be turned off
(12.06.53) d12fk: there's v4 to v6 brokers
(12.07.55) mattock: yeah, I used one in the past for community/forums
(12.07.57) cron2: one could argue that they should have a word with their
ISPs... :-)
(12.10.19) d12fk: as long as v4 gets more and more expensice it s only a matter
of time
(12.10.49) mattock: +1
(12.14.06) ordex: many providers are already moving towards v6, because they
just don't have enough v4
(12.14.16) ordex: and share one v4 with quite some users
(12.14.27) ordex: so hopefully...the trend will continue
(12.14.53) mattock: ok, any real topics left? :)
(12.14.59) cron2: ordex: is anything happening in .it, finally?
(12.15.08) ordex: nope
(12.15.10) cron2: bah
(12.15.11) ordex: only Sky
(12.15.20) ordex: started from scratch and so deployed v6 all over the place
(12.15.29) ordex: Fastweb (larger ISP) provides 6rd
(12.15.41) ordex: but TelecomItalia (THE main ISP) still has no v6
(12.16.07) ordex: smaller ISPs are moving to v6 though...not sure what will
happen in the future
(12.16.31) ordex: (simply because smaller ISPs have no choice as they don't
have enough v4 and they are also expensive)
(12.16.52) cron2: that is the weird part, Deutsche Telekom was actually the
first "large scale" ISP here in the market that had IPv6 in DSL and mobile...
(12.18.08) d12fk: yeah, I'm on a DTAG DSL reseller line and I only get v4 via
DSLite
(12.19.22) d12fk: mattock: I think we're done
(12.20.12) becm [~b...@55d4ffdb.access.ecotel.net] è entrato nella stanza.
(12.20.18) cron2: yeah, nobody willing to say anything on lev's patches...
(12.20.54) d12fk: vcpkg is still scaring me
(12.21.09) d12fk: *away
(12.22.31) mattock: ok I'll eat now, so meeting adjourned
(12.27.04) d12fk: o/
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
