Skip to content

Release history

openvpn releases

OpenVPN is an open source VPN daemon

Back to tool Latest release

All releases

7 shown

v2.7.4 Breaking risk
Breaking changes
  • Removed `--enable-strict` and `--enable-strict-options` configure flags
Full changelog

Bugfixes:

  • using --dns server ... style configs on Windows with win-dco would
    lead to erroneously enabling "DnsSecValidationRequired : True", possibly
    breaking VPN DNS resolution. Pushing --dns server ... dnssec no
    can be used as a workaround until clients can be updated.
    (Github: openvpn#1024)
  • correct comments in the --dns-up-down platform scripts relating to
    dns_server_..._dnssec values.
  • fix release-only build of pkcs11-helper vcpkg port, do not try to
    install files from debug build.
  • mbedTLS builds will now provide a proper error message if a
    tls-group statement with no valid groups is encountered
    (used to run into SSL handshake failure later on).
  • --enable-strict and --enable-strict-options configure flags have
    been removed (because they did not actually do anything anymore)

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.3...v2.7.4

View release on GitHub
v2.7.3 Bug fix

Minor fixes and improvements.

Full changelog

Bugfixes:

  • in combination with --management-query-passwords, setups using
    --auth-user-pass file or inline auth-user-pass would no longer
    use the configured passwords and prompt on the management interface
    instead (OpenVPN GUI would then provide an empty user/password prompt)
    (Github: openpvn#1021).

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.2...v2.7.3

View release on GitHub
v2.7.2 Security relevant
Security fixes
  • CVE-2026-40215: TLS handshake race condition leading to packet data leakage
  • CVE-2026-35058: Server ASSERT on malformed packet with valid tls-crypt-v2 key
Notable features
  • Management interface base64-encoded multiline password support
Full changelog

Security fixes:

  • CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
  • CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key

New features:

  • management interface: permit input of very long passwords in
    base64-encoded multiline format. Signal support to management
    clients via "management version 6".

User-visible Changes:

  • improve error messages on --verify-x509-name failures
  • improve error logging when overlong username or passwords can not
    be written to TLS buffer

Bugfixes:

  • when using a config file with inlined username and no password,
    fix prompting for the password from management interface.
  • Windows: fix DNSSEC flag handling - this got never applied due to
    a bad comparison being always false.
  • Windows: fix deinstallation progress bar on adapter deletion.

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.1...v2.7.2

View release on GitHub
v2.6.20 Security relevant
Security fixes
  • CVE-2026-40215: TLS handshake race condition leading to packet data leakage
  • CVE-2026-35058: Server ASSERT on malformed packet with valid tls-crypt-v2 key
Full changelog

Security fixes:

  • CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
  • CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key

Bugfixes:

  • management: stop periodic bytecount output on mgmt client disconnection
  • FreeBSD: make DCO work on systems with no IPv4 support
  • FreeBSD: fix compilation with --enable-async-push on FreeBSD 15
  • Linux: make DCO work on big endian architectures (MIPS, PowerPC)
  • Windows: fix deinstallation progress bar on adapter deletion.
  • Linux: fix problem with DCO kernel notifications getting lost, leading
    to overcounting of number of connected clients and general confusion
    between kernel and userland regarding peer status (Github #900, #918,
    #931, #919, #945) - this is a backport of the fixes in 2.7 plus the
    infrastructural changes around DCO needed to support it.

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.6.19...v2.6.20

View release on GitHub
v2.7.0 New feature
Breaking changes
  • Wintun driver support removed; win-dco is now default
Notable features
  • Multi-socket server support
  • Improved DNS with split DNS and DNSSEC
  • Windows service runs as unprivileged user
View release on GitHub
v2.6.19 Security relevant
Security fixes
  • Management interface authentication bypass where --management-forget-disconnect and --management-signal could execute before password auth (ZeroPath finding)
View release on GitHub

Beta — feedback welcome: [email protected]