The OpenVPN community project team is proud to release OpenVPN
2.5-rc1. Source code and Windows installers can be downloaded from our
download page:


Debian and Ubuntu packages are available in the official apt repositories:


On Red Hat derivatives we recommend using the Fedora Copr repository:


This release includes a number of fixes to OpenVPN. On the Windows side
there are several changes:

- The MSI installer now bundles EasyRSA 3, a modern take on OpenVPN CA

- OpenVPN GUI can now be run as admin without breaking Wintun with the
"Always use interactive service by default" checkbox.

- Windows performance is increased by enabling compile-time
optimizations for OpenVPN and OpenSSL.

OpenVPN 2.5 is a new major release with many new features:

    Client-specific tls-crypt keys (--tls-crypt-v2)
    Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
data channel
    Improved Data channel cipher negotiation
    Removal of BF-CBC support in default configuration
    Asynchronous (deferred) authentication support for auth-pam plugin
    Deferred client-connect
    Faster connection setup
    Netlink support
    Wintun support
    IPv6-only operation
    Improved Windows 10 detection
    Linux VRF support
    TLS 1.3 support
    Support setting DHCP search domain
    Handle setting of tun/tap interface MTU on Windows
    HMAC based auth-token support
    VLAN support
    Support building of .msi installers for Windows
    Allow unicode search string in --cryptoapicert option (Windows)
    Support IPv4 configs with /31 netmasks now
    New option --block-ipv6 to reject all IPv6 packets (ICMPv6)

More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:


For generic help use these support channels:

    Official documentation:
    Wiki: <>
    Forums: <>
    User mailing list: <>
    User IRC channel: #openvpn at

Please report bugs and ask development questions here:

    Community bug tracker: <>
    Developer mailing list: <>
    Developer IRC channel: #openvpn-devel at (requires
Freenode registration)

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

David Sommerseth (4):
      man: Add missing --server-ipv6
      man: Improve --remote entry
      sample-plugins: Partially autotoolize the sample-plugins build
      build: Fix make distclean/distcheck

Gert Doering (11):
      Fix handling of 'route remote_host' for IPv6 transport case.
      Replace 'echo -n' with 'printf' in tests/
      Fix description of --client-disconnect calling convention in manpage.
      Handle NULL returns from calloc() in sample plugins.
      Fix --show-gateway for IPv6 on NetBSD/i386.
      socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes
      Fix netbits setting (in TAP mode) for IPv6 on Windows.
      If IPv6 pool specification sets pool start to ::0 address, increment.
      Add demo plugin that excercises "CLIENT_CONNECT" and "CLIENT_CONNECT_V2" 
      Fix combination of --dev tap and --topology subnet across multiple 
      Preparing release 2.5_rc1

Lev Stipakov (1):
      msvc: better support for 32bit architecture

Selva Nair (2):
      Add a remark on dropping privileges when --mlock is used
      Allow --dhcp-option in config file when windows-driver is wintun

Vladislav Grishenko (1):
      Fix fatal error at switching remotes (#629)

Attachment: pEpkey.asc
Description: application/pgp-keys

Openvpn-announce mailing list

Reply via email to