The OpenVPN community project team is proud to release OpenVPN 2.4.6. It
can be downloaded from here:


This is primarily a maintenance release with minor bugfixes and
improvements, and one security relevant fix for the Windows Interactive
Service. Windows installer includes updated OpenVPN GUI and OpenSSL. The
bundled tap-windows6 driver includes one security fix.

Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:


Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers

A summary of all included changes is available here:


A full list of changes is available here:


Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:


The new OpenVPN GUI features are documented here:


Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:
Wiki: <>
Forums: <>
User mailing list: <>
User IRC channel: #openvpn at

Please report bugs and ask development questions here:

Bug tracker and wiki: <>
Developer mailing list: <>
Developer IRC channel: #openvpn-devel at (requires
Freenode registration)

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

David Sommerseth (1):
      management: Warn if TCP port is used without password

Gert Doering (3):
      Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
      Fix potential double-free() in Interactive Service (CVE-2018-9336)
      preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

Gert van Dijk (1):
      manpage: improve description of --status and --status-version

Joost Rijneveld (1):
      Make return code external tls key match docs

Selva Nair (3):
      Delete the IPv6 route to the "connected" network on tun close
      Management: warn about password only when the option is in use
      Avoid overflow in wakeup time computation

Simon Matter (1):
      Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Steffan Karger (1):
      Check for more data in control channel

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites,!
Openvpn-announce mailing list

Reply via email to