On 01/02/2019 00:01, Tom Hughes wrote: > On 31/01/2019 22:44, David Sommerseth wrote: > >> This new client shares the same code base the OpenVPN Connect (proprietary) >> clients uses as well as the OpenVPN for Android when switching to use the >> OpenVPN 3 backend. The OpenVPN 3 code base is a rewrite in C++ and makes use >> of the more modern features of C++11. > > So what does this mean for the server? Currently client and server > are the same program but it sounds like this is a pure client so does > that mean client support will be removed from the current program to > make it server only? or that there will be a new server? Yes, this is a pure client. But it is mostly backwards compatible with OpenVPN 2.x servers. The most noticeable missing features are support for TAP devices and the lack of --fragment. TAP support is not planned, as all VPN APIs on mobile devices and even the Unified Windows Platform (UWP) API does only support TUN mode. Users depending on TAP may continue to use OpenVPN 2.x for a long time forward, but should start considering to switch to routed TUN in the future. The --fragment features is troublesome. It is unfortunately needed in some networks, but it is a quite heavy feature to implement - especially when this is not too often needed. This feature basically needs to do a lot of a similar task you'll find in the TCP stack, and in particular packet reassembly and keep track of packets received - and then the chunking of packets into new sizes. We are investigating better solutions to --fragment, both in the company and within the community. Our ideal goal would be that --fragment would no longer needed and the OpenVPN protocol itself would figure out how to solve this issue when it occurs. There are more options which are unsupported (if you test your configuration with the openvpn2 front-end provided in the openvpn3 package, you'll notice soon enough). We will backport those options which makes sense and has a real use case (like --verify-x509-name). But the overall idea is to try to reduce the quite enormous amount of options available in OpenVPN 2.x. -- kind regards, David Sommerseth OpenVPN Inc _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
