OpenVPN 2.7_alpha3 -- Released 31 July 2025
The OpenVPN community project team is proud to release OpenVPN 2.7_alpha3. This is the third Alpha release for the feature release 2.7.0. As the Alpha name implies this is an early release build, it is not intended for production use.
Feature changes since 2.7_alpha2:
--dns-updownscript for macOS- Client-side support for PUSH_UPDATE handling
- Support for floating TLS clients when DCO is active (requires latest versions of DCO drivers)
- Use of user-defined routing tables on Linux
- PQE support for WolfSSL
Important bug fixes since 2.7_alpha2:
- Fix issue in handling DCO messages on Linux that could lead to various problems due to unhandled messages
- Fix issues with DHCP on Windows with tap driver
For a list of all changes see the git log.
Highlights of 2.7 include:
- Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server
- Improved Client support for DNS options
- Client implementations for Linux/BSD/macOS, included with the default install
- New client implementation for Windows, adding support for features like split DNS and DNSSEC
- Architectural improvements on Windows
- The
block-localflag is now enforced with WFP filters - Windows network adapters are now generated on demand
- Windows automatic service now runs as an unpriviledged user
- Support for server mode in win-dco driver
- Note: Support for the wintun driver has been removed. win-dco is now the default, tap-windows6 is the fallback solution for use-cases not covered by win-dco.
- The
- Improved data channel
- Enforcement of AES-GCM usage limit
- Epoch data keys and packet format
- Support for new upstream DCO Linux kernel module
- This release supports the new
ovpnDCO Linux kernel module which will be available in future upstream Linux kernel releases. Backports of the new module to current kernels are available via the ovpn-backports project.
- This release supports the new
- Client-side support for new
PUSH_UPDATEcontrol-channel message- This allows servers to send updates to options like routing and DNS config without triggering a reconnect.
- TLS 1.3 support with bleeding-edge mbedTLS versions
For details see Changes.rst
Windows MSI changes since 2.7_alpha3:
- Included dco-win driver updated from 2.5.9 to 2.6.2
- Adds float support
- Built against OpenSSL 3.5.1
- Included openvpn-gui updated to 11.55.0.0
- Fix Chinese localization for OpenVPN GUI
| Windows 64-bit MSI installer | GnuPG Signature | OpenVPN-2.7_alpha3-I004-amd64.msi |
| Windows ARM64 MSI installer | GnuPG Signature | OpenVPN-2.7_alpha3-I004-arm64.msi |
| Windows 32-bit MSI installer | GnuPG Signature | OpenVPN-2.7_alpha3-I004-x86.msi |
| Source archive file | GnuPG Signature | openvpn-2.7_alpha3.tar.gz |
For Community-maintained packages for Linux distributions see OpenVPN Software Repositories. Note that the Fedora Copr repositories have been moved to the @OpenVPN group account and that there are new repositories available on openSUSE Buildservice.
OpenVPN 2.6.14 -- Released 02 April 2025
The OpenVPN community project team is proud to release OpenVPN 2.6.14. This is a bugfix release containing one security fix.
For details see Changes.rst
Security fixes:
- CVE-2025-2704: fix possible
ASSERT()on OpenVPN servers using--tls-crypt-v2Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using--tls-crypt-v2can be made to abort with anASSERT()message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key. No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients. (Bug found by internal QA at OpenVPN Inc)
Bug fixes:
- Linux DCO: repair source IP selection for
--multihome(Qingfang Deng)
Windows MSI changes since 2.6.13:
- Built against OpenSSL 3.4.1
- Included openvpn-gui updated to 11.52.0.0
- Use correct
%TEMP%directory for debug log file. - Disable config in menu listing if its ovpn file becomes inaccessible (github openvpn-gui#729)
- Use correct
Note: Windows MSI was updated to I002 on June 19th. Changes in I002:
- Includes fix for CVE-2025-50054
- Built against OpenSSL 3.5.0
- Included openvpn-gui updated to 11.54.0.0
- Support for webauth in PLAP (Pre-Logon Access Provider) via QR code (github openvpn-gui#687)
- Improve French (fr) and Turkish (tr) localization for OpenVPN GUI
- Included dco-win driver updated to 1.3.1
Note: Windows MSI was updated to I003 on August 4th. Changes in I003:
- Built against OpenSSL 3.5.1
- Included openvpn-gui updated to 11.55.0.0
- Fix Chinese localization for OpenVPN GUI
- Included dco-win driver updated to 1.3.2
- Fix several rare crashes reported via Windows crash reporting
- Add float support
Note: Windows MSI was updated to I004 on August 6th. Changes in I004:
- Included dco-win driver updated to 1.3.3
- Fix for recursive routing behavior
| Windows 64-bit MSI installer | GnuPG Signature | OpenVPN-2.6.14-I004-amd64.msi |
| Windows ARM64 MSI installer | GnuPG Signature | OpenVPN-2.6.14-I004-arm64.msi |
| Windows 32-bit MSI installer | GnuPG Signature | OpenVPN-2.6.14-I004-x86.msi |
| Source archive file | GnuPG Signature | openvpn-2.6.14.tar.gz |
For Community-maintained packages for Linux distributions see OpenVPN Software Repositories.
OpenVPN 2.5.9 -- Released 15 February 2023
The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is a small bugfix release.
For details see Changes.rst
Windows MSI changes since 2.5.8:
- Build against OpenSSL 1.1.1t which contains several security fixes.
| Windows 64-bit MSI installer | GnuPG Signature | OpenVPN-2.5.9-I601-amd64.msi |
| Windows ARM64 MSI installer | GnuPG Signature | OpenVPN-2.5.9-I601-arm64.msi |
| Windows 32-bit MSI installer | GnuPG Signature | OpenVPN-2.5.9-I601-x86.msi |
| Source archive file | GnuPG Signature | openvpn-2.5.9.tar.gz |