wiki:Downloads

OpenVPN 2.6.9 -- Released 12 February 2024

The OpenVPN community project team is proud to release OpenVPN 2.6.9. This is a bugfix release containing one security fix for the Windows installer.

For details see Changes.rst

Security fixes:

  • Windows Installer: fix CVE-2023-7235 where installing to a non-default directory could lead to a local privilege escalation. Reported by Will Dormann.

New features:

  • Add support for building with mbedTLS 3.x.x
  • New option --force-tls-key-material-export to only accept clients that can do TLS keying material export to generate session keys (mostly an internal option to better deal with TLS 1.0 PRF failures).
  • Windows: bump vcpkg-ports/pkcs11-helper to 1.30
  • Log incoming SSL alerts in easier to understand form and move logging from --verb 8 to --verb 3.
  • protocol_dump(): add support for printing --tls-crypt packets

User visible changes:

  • License change is now complete, and all code has been re-licensed under the new license (still GPLv2, but with new linking exception for Apache2 licensed code). See COPYING for details.

Code that could not be re-licensed has been removed or rewritten.

  • The original code for the --tls-export-cert feature has been removed (due to the re-licensing effort) and rewritten without looking at the original code. Feature-compatibility has been tested by other developers, looking at both old and new code and documentation, so there *should* not be a user-visible change here.
  • IPv6 route addition/deletion are now logged on the same level (3) as for IPv4. Previously IPv6 was always logged at --verb 1.
  • Better handling of TLS 1.0 PRF failures in the underlying SSL library (e.g. on some FIPS builds) - this is now reported on startup, and clients before 2.6.0 that can not use TLS EKM to generate key material are rejected by the server. Also, error messages are improved to see what exactly failed.

Notable bug fixes:

  • FreeBSD: for servers with multiple clients, reporting of peer traffic statistics would fail due to insufficient buffer space (Github: #487)

Windows MSI changes since 2.6.8:

  • Security fix, see above
  • Built against OpenSSL 3.2.0
  • Included openvpn-gui updated to 11.47.0.0
    • Windows GUI: always update tray icon on state change (Github: #669) (for persistent connection profiles, "connecting" state would not show)
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.9-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.9-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.9-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.9.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.8 -- Released 17 November 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.8. This is a small bugfix release fixing a few regressions in 2.6.7 release.

For details see Changes.rst

User visible changes:

  • Windows: print warning if pushed options require DHCP (e.g. DOMAIN-SEARCH) and driver in use does not use DHCP (wintun, dco).

Bug fixes:

  • SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF state (Github #449) - the new sanity check function introduced in 2.6.7 sometimes tried to use a NULL pointer after an unsuccessful TLS handshake
  • Windows: --dns option did not work when tap-windows6 driver was used, because internal flag for "apply DNS option to DHCP server" wasn't set (Github #447)
  • Windows: fix status/log file permissions, caused by regression after changing to CMake build system (Github: #454, Trac: #1430)
  • Windows: fix --chdir failures, also caused by error in CMake build system (Github #448)

Windows MSI changes since 2.6.7:

  • Included openvpn-gui updated to 11.46.0.0
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.8-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.8-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.8-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.8.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.7 -- Released 09 November 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.7. This is a bugfix release containing security fixes.

For details see Changes.rst

Security Fixes:

  • CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417)
  • CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. (Github #400, #417).

User visible changes:

  • DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco.
  • Remove OpenSSL Engine method for loading a key. This had to be removed because the original author did not agree to relicensing the code with the new linking exception added. This was a somewhat obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support.
  • add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6.
  • add warning to --show-groups that not all supported groups are listed (this is due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves).
  • --dns: remove support for exclude-domains argument (this was a new 2.6 option, with no backend support implemented yet on any platform, and it turns out that no platform supported it at all - so remove option again)
  • warn user if INFO control message too long, do not forward to management client (safeguard against protocol-violating server implementations)

New features:

  • DCO-WIN: get and log driver version (for easier debugging).
  • print "peer temporary key details" in TLS handshake
  • log OpenSSL errors on failure to set certificate, for example if the algorithms used are in acceptable to OpenSSL (misleading message would be printed in cryptoapi / pkcs11 scenarios)
  • add CMake build system for MinGW and MSVC builds
  • remove old MSVC build system
  • improve cmocka unit test building for Windows

Windows MSI changes since 2.6.6:

  • Included openvpn-gui updated to 11.45.0.0
    • Add clarity for error on missing management parameter. See GH #657
    • Improve "OpenVPN GUI" tooltip handling See GH #649
  • MSIs now use OpenSSL 3.1.4
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.7-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.7-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.7-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.7.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.6 -- Released 15 August 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.6. This is a small bugfix release.

For details see Changes.rst

User visible changes:

  • OCC exit messages are now logged more visibly See GH #391.
  • OpenSSL error messages are now logged with more details (for example, when loading a provider fails, which .so was tried, and why did it fail) See GH #361.
  • print a more user-friendly message when tls-crypt-v2 client auth fails
  • packaging now includes all documentation in the source tarball

New features:

  • set WINS server via interactive service - this adds support for "dhcp-option WINS 192.0.2.1" for DCO + wintun interfaces where no DHCP server is used. See GH #373.

Windows MSI changes since 2.6.5:

  • Included openvpn-gui updated to 11.44.0.0
  • MSIs now use OpenSSL 3.1.2
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.6-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.6-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.6-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.6.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.5 -- Released 13 June 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.5. This is a small bugfix release.

For details see Changes.rst

User visible changes:

  • tapctl (windows): generate driver-specific names (if using tapctl to create additional tap/wintun/dco devices, and not using --name). See GH #337.
  • interactive service (windows): do not force target desktop for openvpn.exe - this has no impact for normal use, but enables running of OpenVPN in a scripted way when no user is logged on (for example, via task scheduler). See GH openvpn-gui#626

Windows MSI changes since 2.6.4:

  • MSIs now use OpenSSL 3.1.1

Debian/Ubuntu packages in OpenvpnSoftwareRepos are now available for arm64.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.5-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.5-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.5-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.5.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.4 -- Released 11 May 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.4. This is a small bugfix release.

For details see Changes.rst

Note:

  • License amendment: all new commits fall under a modified license that explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - see COPYING for details. Existing code will fall under the new license as soon as all contributors have agreed to the change - work ongoing.

Feature changes:

  • DCO: support kernel-triggered key rotation (avoid IV reuse after 232 packets). This is the userland side, accepting a message from kernel, and initiating a TLS renegotiation. As of 2.6.4 release, only implemented in FreeBSD kernel.

Windows MSI changes since 2.6.3:

  • Rebuilt included tap-windows driver with the correct version of the old Windows 7 driver, removing a warning about unsigned driver on Windows 7 installation. See GH openvpn-build#365.
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.4-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.4-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.4-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.4.tar.gz

For Community-maintained packages for Linux distributions see OpenvpnSoftwareRepos

OpenVPN 2.6.3 -- Released 13 April 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.3. This is a small bugfix release.

For details see Changes.rst

Feature changes:

  • Windows: support setting DNS domain in configurations without GUI and DHCP (typically wintun or windco drivers), see GH openvpn#306.

Windows MSI changes since 2.6.2:

  • Several Windows-specific issues fixed:
  • MSIs are now built against OpenSSL 3.1.0.
  • Update included openvpn-gui to 11.41.0.0
    • This update removes the ability to change the password of a private key from the GUI. This was a niche feature which caused a direct dependency of GUI on OpenSSL. Use openssl.exe directly if you need to edit a private key.

Note: Windows MSI was updated to I002 on April 26th. Changes in I002:

  • The GPG subkey for creating the .asc files for the downloads has been updated. You might need to re-download or update the GPG key if verifying the signatures.
  • Fix the encoding of some documentation/sample files included in the installer. See GH openvpn-build#358
  • Update include tap-windows6 driver to 9.25.0
    • Fixes a problem with sending small non-IP packets (e.g. PPPoE) over the VPN connection. See GH tap-windows6#158
    • Fixes occasional TCP performance degradation on Windows Server 2022 See GH tap-windows6#147
    • Note: The new driver is only used on Windows 10 and newer. We can't rebuild drivers for Windows 7/8 since Microsoft doesn't support the signing mechanism anymore. We include the previous driver version to still allow installation on Windows 7/8.
  • Update included openvpn-gui to 11.42.0.0
    • Fixes a problem with passphrase prompt was sometimes not displayed. See GH openvpn-gui#619
    • Adds "Password Reveal" feature which allows you to see passwords while entering them.

Note: Windows MSI was updated to I003 on April 27th. Changes in I003:

  • Update include tap-windows6 driver to 9.26.0
    • Revert fix for occasional TCP performance degradation on Windows Server 2022 (GH tap-windows6#147) since users reported BSODs in some (undetermined) scenarios.
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.3-I003-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.3-I003-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.3-I003-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.3.tar.gz

OpenVPN 2.6.2 -- Released 24 March 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.2. This is mostly a bugfix release with some improvements.

For details see Changes.rst

Feature changes:

  • implement byte counter statistics for DCO Linux (p2mp server and client)
  • implement byte counter statistics for DCO Windows (client only)
  • --dns server <n> address ... now permits up to 8 v4 or v6 addresses

Important note for Linux DCO users:

  • New control packets flow for data channel offloading on Linux: 2.6.2+ changes the way OpenVPN control packets are handled on Linux when DCO is active, fixing the lockups observed with 2.6.0/2.6.1 under high client connect/disconnect activity. This is an INCOMPATIBLE change and therefore an ovpn-dco kernel module older than v0.2.20230323 (commit ID 726fdfe0fa21) will not work anymore and must be upgraded. The kernel module was renamed to "ovpn-dco-v2.ko" in order to highlight this change and ensure that users and userspace software could easily understand which version is loaded. Attempting to use the old ovpn-dco with 2.6.2+ will lead to disabling DCO at runtime.

Windows MSI changes since 2.6.1:

  • Update included openvpn-gui to 11.39.0.0
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.2-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.2-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.2-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.2.tar.gz

OpenVPN 2.6.1 -- Released 8 March 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.1. This is mostly a bugfix release with some improvements.

For details see Changes.rst

Feature changes:

  • Dynamic TLS Crypt: When both peers are OpenVPN 2.6.1+, OpenVPN will dynamically create a tls-crypt key that is used for renegotiation. This ensure that only the previously authenticated peer can do trigger renegotiation and complete renegotiations.
  • CryptoAPI (Windows): support issuer name as a selector. Certificate selection string can now specify a partial issuer name string as "--cryptoapicert ISSUER:<string>" where <string> is matched as a substring of the issuer (CA) name in the certificate.

Note: configure now enables DCO build by default on FreeBSD and Linux. On Linux this brings in a new default dependency for libnl-genl (for Linux distributions that are too old to have a suitable version of the library, use "configure --disable-dco")

Windows MSI changes since 2.6.0:

  • Update included ovpn-dco-win driver to 0.9.2
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.1-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.1-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.1-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.1.tar.gz

OpenVPN 2.5.9 -- Released 15 February 2023

The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is a small bugfix release.

For details see Changes.rst

Windows MSI changes since 2.5.8:

  • Build against OpenSSL 1.1.1t which contains several security fixes.
Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.5.9-I601-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.5.9-I601-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.5.9-I601-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.5.9.tar.gz

OpenVPN 2.6.0 -- Released 25 January 2023

The OpenVPN community project team is proud to release OpenVPN 2.6.0. This is a release with some major new features.

For details see Changes.rst

Changes since RC2:

Windows MSI changes since RC2:

  • Included openvpn-gui updated to 11.37.0.0. See CHANGES.rst.
  • DCO driver is now included as a installer module (msm) so that other products (like OpenVPN Connect) can share the DCO installation.

Note: Windows MSI was updated to I003 on January 26th. Changes in I003:

  • Fix installation on Windows 7
  • Fix broken tray icon menu with single profile (regression in openvpn-gui 11.36.0)

Note: Windows MSI was updated to I004 on February 6th. Changes in I004:

  • Update included ovpn-dco-win driver to 0.9.0. Fixes an issue that breaks Windows boot on some machines. See OpenVPN/ovpn-dco-win#24.
  • Update included easy-rsa to 3.1.2

Note: Windows MSI was updated to I005 on February 15th. Changes in I005:

  • Update included ovpn-dco-win driver to 0.9.1.
  • Built against OpenSSL 3.0.8 which includes several security fixes.

New features and improvements in 2.6.0 compared to 2.5.8:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
  • OpenSSL 3 support, which is now the default on Windows.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
  • Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
  • Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Updated easy-rsa3 bundled with the installer on Windows.

On Windows DCO will be used by default for client connections unless the configuration contains settings that are not DCO compatible, such as compression. DCO support on Linux requires an additional kernel module to be installed, this is available from our software repositories for Linux, and is also available for OpenVPN3 Linux client.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6.0-I005-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6.0-I005-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6.0-I005-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6.0.tar.gz

OpenVPN 2.6_rc2 -- Released 12 January 2023

The OpenVPN community project team is proud to release OpenVPN 2.6_rc2. This is a release with some major new features and currently in beta (you can also download the stable release should you require it).

For details see Changes.rst

Changes since RC1:

  • add rate limiter for incoming "initial handshake packets", enabled by default with a limit of 100 packets per 10 seconds. This change makes OpenVPN servers uninteresting as an UDP reflection DDoS engine.
  • report CONNECTED,ROUTE_ERROR to management GUI if connection to server succeeds but not all routes can be installed (Windows and Linux/Netlink only, so far)
  • Various bugfixes, see Changes.rst

Windows MSI changes since RC1:

  • Included openvpn-gui updated to 11.35.0.0. See CHANGES.rst.
    • New feature: Support the CONNECTED,ROUTE_ERROR management message (see above)
  • Fix some issues related to upgrading:
    • "Run on logon" option not preserved when updating from 2.5 to 2.6
    • Fix check for running service when upgrading from old NSIS installations

Debian packages changes since RC1:

  • Packages for Debian bookworm are now available.

New features and improvements in 2.6.0 compared to 2.5.8:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
  • OpenSSL 3 support, which is now the default on Windows.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
  • Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
  • Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Updated easy-rsa3 bundled with the installer on Windows.

On Windows DCO will be used by default for client connections unless the configuration contains settings that are not DCO compatible, such as compression. DCO support on Linux requires an additional kernel module to be installed, this is available from our software repositories for Linux, and is also available for OpenVPN3 Linux client.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6_rc2-I002-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6_rc2-I002-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6_rc2-I002-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6_rc2.tar.gz

OpenVPN 2.6_rc1 -- Released 28 December 2022

The OpenVPN community project team is proud to release OpenVPN 2.6_rc1. This is a release with some major new features and currently in beta (you can also download the stable release should you require it).

For details see Changes.rst

Changes since Beta 2:

  • Officially deprecate NTLMv1 proxy auth method in 2.6. Will be removed in 2.7.
  • Support unlimited number of connection entries and remote entries.
  • New management commands to enumerate and list remote entries.
  • Various bugfixes, see Changes.rst

Windows MSI changes since Beta 2:

  • Included openvpn-gui updated to 11.34.0.0. See CHANGES.rst.
    • New feature: Connections active on exit/logout are now automatically restarted in the next session of the GUI
  • Windows installers are now built with Visual Studio 17 2022 (previously built with VS 16 2019)

New features and improvements in 2.6.0 compared to 2.5.8:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
  • OpenSSL 3 support, which is now the default on Windows.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
  • Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
  • Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Updated easy-rsa3 bundled with the installer on Windows.

On Windows DCO will be used by default for client connections unless the configuration contains settings that are not DCO compatible, such as compression. DCO support on Linux requires an additional kernel module to be installed, this is available from our software repositories for Linux, and is also available for OpenVPN3 Linux client.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6_rc1-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6_rc1-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6_rc1-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6_rc1.tar.gz

OpenVPN 2.6_beta2 -- Released 15 December 2022

The OpenVPN community project team is proud to release OpenVPN 2.6_beta2. This is a release with some major new features and currently in beta (you can also download the stable release should you require it).

For details see Changes.rst

Changes since Beta 1:

  • Transport statistics (bytes in/out) for DCO environments. Currently only for Windows clients and FreeBSD servers. Other platforms will be fixed in next release.
  • Various bugfixes, see Changes.rst

Windows MSI changes since Beta 1:

  • Included openvpn-gui updated to 11.33.0.0. See CHANGES.rst.
  • Update included pkcs11-helper so it can load pkcs11 providers from outside of its own install directory.
  • Add legacy provider for included OpenSSL so that the workarounds documented for old ciphers work on Windows.

New features and improvements in 2.6.0 compared to 2.5.8:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
  • OpenSSL 3 support, which is now the default on Windows.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
  • Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
  • Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Updated easy-rsa3 bundled with the installer on Windows.

On Windows DCO will be used by default for client connections unless the configuration contains settings that are not DCO compatible, such as compression. DCO support on Linux requires an additional kernel module to be installed, this is available from our software repositories for Linux, and is also available for OpenVPN3 Linux client.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6_beta2-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6_beta2-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6_beta2-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6_beta2.tar.gz

OpenVPN 2.6_beta1 -- Released 2 December 2022

The OpenVPN community project team is proud to release OpenVPN 2.6_beta1. This is a release with some major new features and currently in beta (you may find stable release should you require it).

For details see Changes.rst

There were a number of new features and improvements:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux, and FreeBSD.
  • OpenSSL 3 support, which is now the default on Windows.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay-packet state exhaustion attacks.
  • Added --peer-fingerprint mode for a more simplistic certificate setup and verification.
  • Added Pre-Logon Access Provider support to OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Updated easy-rsa3 bundled with the installer on Windows.

On Windows DCO will be used by default for client connections unless the configuration contains settings that are not DCO compatible, such as compression. DCO support on Linux requires an additional kernel module to be installed, this is available from our software repositories for Linux, and is also available for OpenVPN3 Linux client.

Windows 64-bit MSI installerGnuPG SignatureOpenVPN-2.6_beta1-I001-amd64.msi
Windows ARM64 MSI installerGnuPG SignatureOpenVPN-2.6_beta1-I001-arm64.msi
Windows 32-bit MSI installerGnuPG SignatureOpenVPN-2.6_beta1-I001-x86.msi
Source archive fileGnuPG Signatureopenvpn-2.6_beta1.tar.gz
Last modified 5 weeks ago Last modified on 02/12/24 14:56:36