| Version | Change log |
| OpenVPN 2.6.14 I001 May 30, 2025 |
Highlights of this release include: Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server Improved Client support for DNS options: Client implementations for Linux/BSD, included with the default install New client implementation for Windows, adding support for features like split DNS and DNSSEC Architectural improvements on Windows: The block-local flag is now enforced with WFP filters Windows network adapters are now generated on demand Windows automatic service now runs as an unprivileged user Support for server mode in win-dco driver Note: Support for the wintun driver has been removed. win-dco is now the default, tap-windows6 is the fallback solution for use-cases not covered by win-dco. Improved data channel: Enforcement of AES-GCM usage limit Epoch data keys and packet format Support for new upstream DCO Linux kernel module: This release supports the new ovpn DCO Linux kernel module which will be available in future upstream Linux kernel releases. Backports of the new module to current kernels are available via the ovpn-backports project. Windows MSI changes since 2.6.14: Built against OpenSSL 3.5.0 Included openvpn-gui updated to 11.53.0.0 Support for webauth in PLAP (Pre-Logon Access Provider) via QR code (github openvpn-gui#687) |
| OpenVPN 2.6.13 I001 Jan 16, 2025 |
Feature changes: on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER to server - while highly OS specific this is still helpful to keep track of OS versions used on the client side (#637) Windows: protect cached username, password and token in client memory (using the CryptProtectMemory() windows API) Windows: use new API to get dco-win driver version from driver (newly introduced non-exclusive control device) (OpenVPN/ovpn-dco-win#76) Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds ("console prompting also has no timeout") (#649) Security fixes: improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleading error messages. Notable bug fixes: FreeBSD DCO: fix memory leaks in nvlist handling (#636) purge proxy authentication credentials from memory after use (if --auth-nocache is in use) |
| OpenVPN 2.6.12 I001 Jul 18, 2024 |
Bug fixes: the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script. Strip those before testing the command buffer (github #568). Also, add unit test. Http-proxy: fix bug preventing proxy credentials caching (trac #1187) Windows MSI changes since 2.6.11: Built against OpenSSL 3.3.1 Included openvpn-gui updated to 11.50.0.0 Update Italian language (github #696) |
| OpenVPN 2.6.11 Jun 24, 2024 | |
| OpenVPN 2.6.10 Mar 20, 2024 | |
| OpenVPN 2.6.9 Feb 13, 2024 | |
| OpenVPN 2.6.8 Nov 19, 2023 | |
| OpenVPN 2.6.7 Nov 10, 2023 | |
| OpenVPN 2.6.6 Aug 18, 2023 | |
| OpenVPN 2.6.5 Jun 14, 2023 |
