| Version | Change log |
| OpenVPN 2.6.17 I001 Nov 29, 2025 |
Security fixes: CVE-2025-13751: Windows/interactive service: fix erroneous exit on error that could be used by a local Windows users to achieve a local denial-of-service Bug fixes: Windows/interactive service: improve service pipe robustness against file access races (uuid) and access by unauthorized processes (ACL). upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper to 1.31, fixing a parser bug |
| OpenVPN 2.6.16 I001 Nov 18, 2025 |
Security fixes: CVE-2025-13086: Fix memcmp check for the hmac verification in the 3way handshake. This bug renders the HMAC based protection against state exhaustion on receiving spoofed TLS handshake packets in the OpenVPN server inefficient. Bug fixes: fix invalid pointer creation in tls_pre_decrypt() - technically this is a memory over-read issue, in practice, the compilers optimize it away so no negative effects could be observed. Windows: in the interactive service, fix the "undo DNS config" handling. Windows: in the interactive service, disallow using of "stdin" for the config file, unless the caller is authorized OpenVPN Administrator Windows: in the interactive service, change all netsh calls to use interface index and not interface name - sidesteps all possible attack avenues with special characters in interface names. Windows: in the interactive service, improve error handling in some "unlikely to happen" paths. auth plugin/script handling: properly check for errors in creation on $auth_failed_reason_file (arf). for incoming TCP connections, close-on-exec option was applied to the wrong socket fd, leaking socket FDs to child processes. sitnl: set close-on-exec flag on netlink socket ssl_mbedtls: fix missing perf_pop() call (optional performance profiling) |
| OpenVPN 2.6.15 I001 Nov 18, 2025 |
Highlights of this release include: Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server Improved Client support for DNS options: Client implementations for Linux/BSD, included with the default install New client implementation for Windows, adding support for features like split DNS and DNSSEC Architectural improvements on Windows: The block-local flag is now enforced with WFP filters Windows network adapters are now generated on demand Windows automatic service now runs as an unprivileged user Support for server mode in win-dco driver Note: Support for the wintun driver has been removed. win-dco is now the default, tap-windows6 is the fallback solution for use-cases not covered by win-dco. Improved data channel: Enforcement of AES-GCM usage limit Epoch data keys and packet format Support for new upstream DCO Linux kernel module: This release supports the new ovpn DCO Linux kernel module which will be available in future upstream Linux kernel releases. Backports of the new module to current kernels are available via the ovpn-backports project. Windows MSI changes since 2.6.14: Built against OpenSSL 3.5.0 Included openvpn-gui updated to 11.53.0.0 Support for webauth in PLAP (Pre-Logon Access Provider) via QR code (github openvpn-gui#687) |
Total downloads
65
Last month's downloads
0
Last week's downloads
1
... proud to present our latest software review - OpenVPN Connect for iOS, a product of OpenVPN Technologies, Inc. This powerful app is designed to ... an individual who values online privacy and security, OpenVPN Connect for iOS is the perfect choice for ...
Top Download Club website has come across a life-changing software for all Mac OS X users! Developed by Pritunl, this software has revolutionized the way we connect to virtual private networks (VPNs) through its advanced features. Pritunl for Mac OS X ...
... to install, and available on various platforms, including Windows. Say goodbye to geo-blocked content and hello to unlimited online freedom with NordVPN. Join the millions of satisfied users who trust NordVPN for their online security and privacy. ...
