Skip to content

openvpn

VPN & Tunnels

OpenVPN is an open source VPN daemon

Track releases GitHub Website
C Latest v2.7.4 · 1mo ago Security brief →

Features

  • Provides a secure VPN tunneling daemon
  • Supports building and installation from source tarballs
  • Includes sample configuration files and scripts for setup

Recent releases

View all 7 releases →
v2.7.4 Breaking risk
Breaking changes
  • Removed `--enable-strict` and `--enable-strict-options` configure flags
Full changelog

Bugfixes:

  • using --dns server ... style configs on Windows with win-dco would
    lead to erroneously enabling "DnsSecValidationRequired : True", possibly
    breaking VPN DNS resolution. Pushing --dns server ... dnssec no
    can be used as a workaround until clients can be updated.
    (Github: openvpn#1024)
  • correct comments in the --dns-up-down platform scripts relating to
    dns_server_..._dnssec values.
  • fix release-only build of pkcs11-helper vcpkg port, do not try to
    install files from debug build.
  • mbedTLS builds will now provide a proper error message if a
    tls-group statement with no valid groups is encountered
    (used to run into SSL handshake failure later on).
  • --enable-strict and --enable-strict-options configure flags have
    been removed (because they did not actually do anything anymore)

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.3...v2.7.4

View release on GitHub
v2.7.3 Bug fix

Minor fixes and improvements.

Full changelog

Bugfixes:

  • in combination with --management-query-passwords, setups using
    --auth-user-pass file or inline auth-user-pass would no longer
    use the configured passwords and prompt on the management interface
    instead (OpenVPN GUI would then provide an empty user/password prompt)
    (Github: openpvn#1021).

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.2...v2.7.3

View release on GitHub
v2.7.2 Security relevant
Security fixes
  • CVE-2026-40215: TLS handshake race condition leading to packet data leakage
  • CVE-2026-35058: Server ASSERT on malformed packet with valid tls-crypt-v2 key
Notable features
  • Management interface base64-encoded multiline password support
Full changelog

Security fixes:

  • CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
  • CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key

New features:

  • management interface: permit input of very long passwords in
    base64-encoded multiline format. Signal support to management
    clients via "management version 6".

User-visible Changes:

  • improve error messages on --verify-x509-name failures
  • improve error logging when overlong username or passwords can not
    be written to TLS buffer

Bugfixes:

  • when using a config file with inlined username and no password,
    fix prompting for the password from management interface.
  • Windows: fix DNSSEC flag handling - this got never applied due to
    a bad comparison being always false.
  • Windows: fix deinstallation progress bar on adapter deletion.

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.1...v2.7.2

View release on GitHub
v2.6.20 Security relevant
Security fixes
  • CVE-2026-40215: TLS handshake race condition leading to packet data leakage
  • CVE-2026-35058: Server ASSERT on malformed packet with valid tls-crypt-v2 key
Full changelog

Security fixes:

  • CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
  • CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key

Bugfixes:

  • management: stop periodic bytecount output on mgmt client disconnection
  • FreeBSD: make DCO work on systems with no IPv4 support
  • FreeBSD: fix compilation with --enable-async-push on FreeBSD 15
  • Linux: make DCO work on big endian architectures (MIPS, PowerPC)
  • Windows: fix deinstallation progress bar on adapter deletion.
  • Linux: fix problem with DCO kernel notifications getting lost, leading
    to overcounting of number of connected clients and general confusion
    between kernel and userland regarding peer status (Github #900, #918,
    #931, #919, #945) - this is a backport of the fixes in 2.7 plus the
    infrastructural changes around DCO needed to support it.

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.6.19...v2.6.20

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
14,030
Forks
3,335
Languages
C Shell M4
View on GitHub Homepage Documentation

Install & Platforms

Platforms
linux macos windows

Similar tools

Gluetun VPN client
strongSwan
docker-wireguard
Magento Open Source
openproject

Open source alternatives

docker-wireguard
Firezone

Beta — feedback welcome: [email protected]