Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on libera.chat
Date: Wed 29th June 2022
Time: 10:30 CEST (9:30 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2022-06-29>
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron2, d12fk, dazo, djpig, lev, mattock, MaxF, ordex and plaisthos
participated in this meeting.
---
Noted that nothing of importance has happened on the 2.5 front. As
discussed in previous meeting the recent OpenSSL 1.1.1p release is not
relevant for OpenVPN.
---
Talked about 2.6. Noted that the essential DNS changes are now in. Also,
DCO review has progressed well.
---
Talked about the next hackathon. MaxF will request Fox-IT to provide an
answer in two weeks to question "can OpenVPN hackathon be hosted at
Fox-IT?" (in Delft, Netherlands). Privately we are prepared to wait
until end of July for the answer.
The backup location would be Helsinki, Finland. Lev has asked F-Secure
if they'd be willing to host the hackathon, but has not yet secured an
answer.
---
Worked on getting cron2's buildbot workers to connect to the new
buildmaster.
--
Full chatlog attached
(11:27:13) mattock2: hi
(11:27:59) djpig [~flicht...@lovelace.lichtenheld.com] è entrato nella stanza.
(11:28:41) djpig: yay, I remembered the meeting time ;)
(11:30:18) MaxF [~m...@cust-95-128-91-242.breedbanddelft.nl] è entrato nella
stanza.
(11:30:45) dazo: o/
(11:31:21) MaxF: \o
(11:31:41) mattock2: yes
(11:32:14) d12fk: hi
(11:32:31) djpig: moin
(11:33:41) cron2: yo
(11:35:02) cron2 ha scelto come argomento:
https://community.openvpn.net/openvpn/wiki/Topics-2022-06-29
(11:36:27) mattock2: sync up?
(11:37:02) cron2: we have quite a few topics from -01 and from -22 that were
not finished
(11:37:13) cron2: but anyway
(11:37:36) cron2: 2.5 -> nothing really interesting. Ordex found a bug that
looked bad but turned out "just a bug", so no need for a pressing release
(11:37:44) ordex: ay
(11:37:50) cron2: openssl released something new in 1.1.1*, which is also not
relevant for us
(11:38:58) cron2: anything else on 2.5?
(11:40:22) dazo: Don't think so
(11:40:47) cron2: so, master
(11:41:04) cron2: "the DNS things" are done, I think (thanks, d12fk)
(11:41:24) d12fk: well, started
(11:41:43) cron2: well, the "must have bits for 2.6", at least ;-)
(11:41:54) ***d12fk add checkmark
(11:41:55) plaisthos: moin moin
(11:42:09) lev__: guten tag
(11:42:51) cron2: djpig has been enormously helpful with reviews (THANKS) -
having a dangling ACK there really gets me moving :)
(11:43:30) ordex: wheee
(11:43:57) MaxF: I'm still waiting for a review on
https://patchwork.openvpn.net/patch/2502/
(11:43:58) vpnHelper`: Title: [Openvpn-devel,v4] Don't "undo" ifconfig on exit
if it wasn't done - Patchwork (at patchwork.openvpn.net)
(11:44:04) cron2: DCO is rolling again... now getting real in-depth reviews,
since we have manageable chunks again
(11:46:10) dazo: MaxF: I started looking into it .... and it requires a bit of
deep dive as these are mostly new code paths for me. But it's on my list
unless someone else is quicker than me
(11:46:35) ordex: I am also a candidate reviewer for that patch - but won't get
to it before we're done with dco, sorry
(11:46:41) dazo: I'm diving into more of the auth code path patches from
plaisthos as well.
https://patchwork.openvpn.net/project/openvpn2/list/?series=1580
(11:46:42) vpnHelper`: Title: OpenVPN 2 - Patchwork (at patchwork.openvpn.net)
(11:47:26) cron2: the MaxF patch is in ordex/cron2 land, I think, because we
did the current code when untangling v4/v6 config
(11:47:46) cron2: I think it looks good, but wanted to verify all the platform
interactions
(11:47:53) cron2: so I threw it to ordex :-)
(11:47:55) cron2: but anyway
(11:48:10) cron2: mattock2: can you verify that the build army is really
looking at the right repo?
(11:49:00) cron2: nothing was built (e.g. on "netbsd-81-i386-stable-master")
since May 31
(11:49:51) cron2: since the DCO and the "undo ifconfig" patch might possibly
break non-linux/non-freebsd platforms, it would be important to have the
builders back
(11:54:53) ordex: then?
(11:55:19) cron2: dunno, the mattock thing happend
(11:57:03) cron2: I intend to spend a few more hours on DCO this afternoon, and
then close to no time on Thu, Fri, Sat - grandparent things,
kid[1]->birthday_party(), that stuff
(11:57:16) mattock: cron2: you have not migrated your buildbot workers to the
new master yet
(11:57:31) cron2: mattock: there are no instructions what I have to do
(11:57:44) mattock: you have the VPN configs for all of those?
(11:57:47) cron2: no
(11:57:58) cron2: I have a single VPN config for "me personally", I think
(11:58:04) mattock: let me check the VPN situation first
(11:58:30) cron2: so the old build master is dead now?
(11:59:03) mattock: no, it is not dead
(11:59:07) mattock: you can still push there
(11:59:21) mattock2 ha abbandonato la stanza (quit: Read error: Connection
reset by peer).
(11:59:24) mattock: the DNS is missing, but the IP can certainly be figured out
with some effort
(12:00:00) mattock: I have created configs for you *BSD workers
(12:00:10) mattock: I'll copy those to new build.openvpn.net in your home
directory
(12:00:11) mattock: ok?
(12:00:26) cron2: cool
(12:02:25) cron2: and then, instructions, for dummies, please :)
(12:03:36) cron2: ah
(12:03:36) mattock: can you log in with SSH on build.openvpn.in (via VPN)? Your
home directory will get created at that point
(12:03:57) ***cron2 rolls eyes
(12:04:08) mattock: pam_mkhomedir I think
(12:04:13) mattock: standard stuff with FreeIPA
(12:05:31) cron2: that's not the primary issue, "ssh using vpn" is, like if I
haven't enough openvpn sessions running on this host
(12:06:04) mattock: you only need this to get the vpn configs, based on what
you told about your usage patterns
(12:06:49) mattock: I can send GPG email if that is preferable, it was proven
to work
(12:06:59) cron2: ipv6 to community-vpn is broken again
(12:07:04) mattock: what?
(12:07:09) cron2: 2022-06-29 11:07:03 UDP link remote:
[AF_INET6]2a05:d014:dfc:5f02:b39:8ac8:9ae:f699:1194
(12:07:11) cron2: and then, nothing
(12:07:24) mattock: something is breaking it then
(12:07:33) mattock: "something" that is not a person
(12:07:41) mattock: very odd
(12:07:51) cron2: it is ping6'ing fine, just not openvpn'ing
(12:07:56) mattock: hmm
(12:07:59) mattock: ok
(12:08:35) mattock: let me check, maybe again some PR pending which resulted in
a temporarily incorrect configuration
(12:08:39) cron2: meh, now I have the VPN, but this machine does not have the
key I need
(12:09:16) cron2: but it's not accepting the key anyway
(12:09:47) cron2: am I talking to the right machine?
(12:09:56) cron2: gert.doring@10.7.39.137
(12:10:01) mattock: wrong
(12:10:33) cron2: this is what DNS is giving me
(12:11:00) cron2: ah *sigh* global DNS has build.openvpn.in with different
address
(12:11:08) mattock: that's wrong DNS then (the DNS situation is really crappy,
Cloudflare has copies of internal DNS records and it seems we're not going to
get rid of it)
(12:11:11) mattock: yes
(12:11:19) djpig ha abbandonato la stanza.
(12:11:36) cron2: oh the fun
(12:11:49) mattock: yeah, years of hacks piled on top of each other
(12:11:51) cron2: now, I have the key, the IP, and the machine kicks me out
after successful auth
(12:12:03) mattock: let's try buildbot-host.openvpn.in then
(12:12:07) mattock: there you _do_ have access
(12:12:17) mattock: that one does _not_ have an entry in Cloudflare
(12:12:30) plaisthos: mattock: should we make an ops ticket to fix the
cloudflare dns?
(12:13:02) cron2: logged in to buildbot-host...
(12:13:10) mattock: cron2: great, I'll copy the files there then
(12:13:34) mattock: plaisthos: I can just ask petri to get rid of those
particular entries
(12:13:50) mattock: "fixing cloudflare" on a general level is not going to
happen it seems
(12:13:55) plaisthos: mattock: it would be better to update them
(12:14:03) plaisthos: so all DNS server give back the same results
(12:14:28) mattock: nobody will need build.openvpn.in in cloudflare, nor
patchwork.openvpn.in, or any other new community VPC stuff
(12:14:29) cron2: "no result if not VPN" would at least have a clear statement
(12:14:40) mattock: better not to have duplicate and potentially contradictory
DNS entries
(12:14:44) plaisthos: otherwise you end up with strange situation where dns
resolution fails sometimes
(12:15:01) mattock: especially because we can't automate the cloudflare part
"because of things"
(12:15:20) mattock: the .in addresses are not supposed to resolve unless one is
connected to a VPN (e.g. community VPN)
(12:16:37) mattock: I'm not sure why VPN config was wrong, but now all the code
is in and the changes should stick
(12:16:52) plaisthos: which brings its own bag of problems since we don't
really support split dns in our community clients
(12:18:57) mattock: cron2: the vpn configs are now in your home dir on
buildbot-host
(12:19:39) mattock: once you have them I will fix the VPN server config for
good (old problems had appeared, caused by unmerged (un-ACKed) feature branches
combined with "other necessary changes")
(12:19:57) cron2: v6 vpn is still not working
(12:20:17) cron2: tarball is there, thanks
(12:20:26) mattock: I will fix it once you've copied the files
(12:20:44) cron2: done
(12:20:46) mattock: ok
(12:23:20) cron2: (we should formally close the meeting, I think, and exclude
those last 20 minutes from the meeting notes...)
(12:23:31) cron2: unless there is something else for the group?
(12:23:41) MaxF: can we talk about the hackathon?
(12:23:48) cron2: please!
(12:23:57) mattock: +1
(12:24:34) MaxF: What kind of internet setup do you need? They're asking if we
can just use the guest wifi for internet access
(12:25:13) ordex: as long as it allows some outgoing VPN, mail, web and git, we
are normally good, I think
(12:25:25) cron2: what ordex says
(12:25:41) cron2: adding - tongue-in-cheek - that if it has no IPv6, I will
complain all the time :-)
(12:25:42) ordex: the hackathon is not throughput intense
(12:25:47) ordex: :D
(12:26:05) MaxF: hm, I need to check what the firewall rules are on the guest
network then
(12:26:31) MaxF: I'm on the internal network and I have to use a webclient for
external IRC, after all...
(12:27:30) MaxF: and how long do we stay in the evening?
(12:28:12) ordex: normally we leave "by dinner time" and don't really go back
after dinner
(12:28:25) ordex: this is what I have seen in the past
(12:28:51) MaxF: ok, that shouldn't be a problem then
(12:29:22) MaxF: last thing, do you have a deadline for when we need to tell
you if we can host it?
(12:29:38) ordex: normally it's more the other way around: we are told what's
the time constraint and see if it works :)
(12:30:57) cron2: in munich, we had something like "on wednesday and friday,
the cleaning time comes at 19:00, so you need to be out by then" (or so)
(12:31:03) MaxF: sorry, was that an answer to my previous question ("how long
do we stay?") or did you misunderstand my last one?
(12:31:19) MaxF: what I meant was, when do you need a definitive answer if we
can host the hackathon?
(12:31:42) cron2: that was the answer for "how long do we stay" :) - when we
need to leave, we go, and if we are hungry before that, we leave earlier
(12:32:07) cron2: having a definite answer before (picking a date from the air)
"end of July" would be best
(12:32:22) ordex: MaxF: same, I Was talking about the 'how long do we stay'
(12:32:27) cron2: because then it's holiday time and finding other options will
be harder
(12:32:52) ordex: yap
(12:32:55) MaxF: end of July, but earlier is better, right?
(12:32:58) d12fk: I think we aim at November again, so there is time
(12:33:49) cron2: MaxF: yes
(12:34:20) cron2: d12fk: backup location seems to be Helsinki, and that should
be more like "October"...
(12:34:53) ordex: mattock: did you manage to get some ideas of who could help
in HEL?
(12:36:09) mattock: lev asked / was supposed to ask if F-Secure could host us
again
(12:38:27) lev__: I asked but haven't got a response (yet)
(12:39:45) mattock: ok
(12:40:16) lev__: July is quiet here
(12:43:49) cron2: anything else on hackathon, or meeting?
(12:44:48) d12fk: MaxF: how long you think do you need to get an answer?
(12:46:28) MaxF: d12fk I have no idea, I just asked again and what I got back
was "when do you need an answer?". So that's what I asked you
(12:46:34) mattock: :)
(12:47:01) cron2: :)
(12:47:01) mattock: let's do "in two weeks we need an answer" and be prepared
to accept an answer by end of July :)
(12:47:34) mattock: (fyi: confusing build.openvpn.in DNS entry removed from
cloudflare)
(12:47:37) MaxF: haha, sounds good!
(12:47:53) cron2: *like*
(12:48:18) d12fk: all right then =)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
