winget install --id OpenVPNTechnologies.OpenVPNAbout OpenVPN
OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.
What's new in 2.7.401
Bugfixes: - using --dns server ... style configs on Windows with win-dco would lead to erroneously enabling "DnsSecValidationRequired : True", possibly breaking VPN DNS resolution. Pushing --dns server ... dnssec no can be used as a workaround until clients can be updated. (Github: openvpn#1024) - correct comments in the --dns-up-down platform scripts relating to dns_server_..._dnssec values. - fix release-only build of pkcs11-helper vcpkg port, do not try to install files from debug build. - mbedTLS builds will now provide a proper error message if a tls-group statement with no valid groups is encountered (used to run into SSL handshake failure later on). - --enable-strict and --enable-strict-options configure flags have been removed (because they did not actually do anything anymore) For details see Changes.rst Windows Client: Community MSI installer for Windows client can be found at Community Downloads. Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki. Full Changelog: https://github.com/OpenVPN/openvpn/compare/v2.7.3...v2.7.4
Version history
| Version | Updated | Notes |
|---|---|---|
| 2.7.401 | Unknown | Bugfixes: - using --dns server ... style configs on Windows with win-dco would lead to erroneously enabling "DnsSecValidationRequired : True", possibly breaking VPN DNS resolution. Pushing --dns server ... dnssec no can... |
| 2.7.301 | Unknown | Bugfixes: - in combination with --management-query-passwords, setups using --auth-user-pass file or inline auth-user-pass would no longer use the configured passwords and prompt on the management interface instead (OpenV... |
| 2.7.201 | Unknown | Security fixes: - CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances - CVE-2026-35058: fix server ASSERT() on receiving a... |
| 2.7.101 | Unknown | New features: - Add a new username-only flag argument to --auth-user-pass which will now make OpenVPN only query for username and send a dummy password to the server. This is only useful if auth schemes are used on the s... |
| 2.7.017 | Unknown | Highlights of 2.7 - Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server - Improved Client support for DNS options - Client implementations for Linux/BSD/macOS, included with th... |
| 2.7.016 | Unknown | Highlights of 2.7 - Multi-socket support for servers -- Handle multiple addresses/ports/protocols within one server - Improved Client support for DNS options - Client implementations for Linux/BSD/macOS, included with th... |
| 2.6.1901 | Unknown | Release notes |
| 2.6.1701 | Unknown | Security fixes: - CVE-2025-13751: Windows/interactive service: fix erroneous exit on error that could be used by a local Windows users to achieve a local denial-of-service Bug fixes: - Windows/interactive service: improv... |
| 2.6.1601 | Unknown | Release notes |
| 2.6.1501 | Unknown | Release notes |
| 2.6.1404 | Unknown | Security fixes: - CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message b... |
| 2.6.1402 | Unknown | Security fixes: - CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message b... |
| 2.6.1401 | Unknown | No notes |
| 2.6.1301 | Unknown | No notes |
| 2.6.1201 | Unknown | No notes |
| 2.6.1101 | Unknown | No notes |
| 2.6.1001 | Unknown | No notes |
| 2.6.901 | Unknown | No notes |
| 2.6.801 | Unknown | Bug fixes / Code cleanup ------------------------ - SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF state (Github #449) - the new sanity check function introduced in 2.6.7 sometimes tried to use a NULL... |
| 2.6.701 | Unknown | Antonio Quartulli (1): dco: fix crash when --multihome is used with --proto tcp Arne Schwabe (8): Mock openvpn_exece on win32 also for test_tls_crypt Add warning for the --show-groups command that some groups are missing... |