Changes between Initial Version and Version 1 of ProtocolCompatibility

07/24/14 14:40:15 (4 years ago)
Samuli Seppänen

Migrated content from


  • ProtocolCompatibility

    v1 v1  
     1While OpenVPN has evolved quickly since its initial release in March 2002, all reasonable efforts have been made to preserve protocol compatibility across different OpenVPN versions.
     3Several changes, however, have been made since version 1.1.0 that could affect compatibility.
     5These notes assume that you are using OpenVPN 1.1.0 or later. Versions before 1.1.0 should be considered experimental.
     7In version 1.3.0, the default --udp-mtu was changed from 1500 to 1300. If you want a 1.3.0 or later version of OpenVPN to talk to a 1.1.x or 1.2.x version, you should explicitly use --udp-mtu on both sides of the connection rather than depending on defaults.
     9In version 1.5.x, the TLS-mode options string format was changed. This change will only affect you if you are using TLS-based security. Version 1.5.x is fully compatible with 1.4.x. Version 1.5.x can talk to 1.3.x, but you must use the --disable-occ flag on the 1.3.x peer. Version 1.5.x cannot talk with 1.2.x or earlier using TLS.
     11In version 1.5.x, if you are using a TAP-style tunnel, the following default is used to simplify the configuration of ethernet bridging: --tun-mtu 1500 --tun-mtu-extra 32. If you are bridging to a 1.4.x peer or earlier, you should explicitly state the preceding options on the 1.4.x peer.
     13In version 1.5.x, the Red Hat /etc/init.d/openvpn file has been changed to not enable IP forwarding by default (this was construed as being overly presumptuous for default behavior). IP forwarding can be easily enabled in a script or --up file with the command:
     15echo 1 > /proc/sys/net/ipv4/ip_forward
     17In version 1.5.x, --udp-mtu was renamed to --link-mtu since OpenVPN now supports both the UDP and TCP protocols for the tunnel transport layer. --udp-mtu will still be supported for compatibility.
     19In version 1.5.x, --verb 5 is now a debugging level. For normal usage, --verb 4 should be considered an upper bound.
     21In version 1.6.0 and up, the config file parser supports shell-escapes by preceding a character with a backslash. If you want to pass a backslash character itself, you must use two consecutive backslashes.
     23In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default. In 1.x the default is --link-mtu 1300 for tun interfaces and --tun-mtu 1500 for tap interfaces, with --mssfix disabled).
     25Also in verson 2.0, when using TLS, --key-method 2 is now the default. Use --key-method 1 on the 2.0 side to communicate with 1.x.
     27Starting with version 2.0-beta12, OpenVPN has adopted a consistent approach to string remapping to prevent trusted or semi-trusted peers from sending maliciously crafted strings. The details are discussed in the String Types and Remapping section of the [wiki:Openvpn20ManPage man page].
     29Starting with version 2.0-beta17, OpenVPN's default port number has been changed from 5000 to 1194 per an official port assignment by IANA in November 2004.
     31Copyright © 2002-2008 by OpenVPN Technologies, Inc. <>. OpenVPN is a trademark of OpenVPN Technologies, Inc.