This is the official OpenVPN Connect client software for Windows workstation platforms developed and maintained by OpenVPN Inc. This is the recommended client program for the OpenVPN Access Server to enable VPN for Windows. The latest version of OpenVPN for Windows is available on our website.
If you have an OpenVPN Access Server, it is recommended to download the OpenVPN Connect client software directly from your own Access Server, as it will then come pre configured for use for VPN for Windows. The version available here contains no configuration to make a connection, although it can be used to update an existing installation and retain settings.
sha256 signature: 58973ceba1dfb77ac98977f264b5aebe4ca094c17ada72c4d2767d2a2c7607c5
For Windows 7, 8, 8.1, and 10.
A 32 bits version is also available:
Download OpenVPN Connect v3 for 32 bits
sha256 signature: bfd176271cca8c1e7fae446621a985388bf55d023668af8e5dcec9ec4560dd85
Previous generation OpenVPN Connect V2 is available here:
sha256 signature: f65dd0ea784dd63632be64f89b1f83d51c199fd7319888883780cb9e975c325a
For Windows 7, 8, 8.1, and 10.
Our latest line of OpenVPN for Windows (OpenVPN Connect) software available for the major platforms features a new and improved user interface, making the experience of installing and using the OpenVPN for Windows software a snap. With an easy to use import feature you can import profiles straight from your OpenVPN Access Server or just import a saved profile from disk.
Frequently Asked Questions
Yes, you may continue to use both v2 and v3 on the same connect device and import the profiles desired into each. If you like, you can run either one or both.
No, the client cannot connect to multiple servers at once. It does support multiple connection profiles, giving you the option to switch easily from one server to the next, but you can only be connected to one at a time. This is by design, to prevent unexpected traffic paths when connecting to multiple VPN servers at the same time. If you are a system administrator and you require a complex setup where multiple connections are active at the same time, there is the option to use the open source community OpenVPN client software available from our website.
The OpenVPN client v1 was called “OpenVPN Desktop Client” and is no longer available. It is also not safe to use this anymore as it hasn’t been maintained for many years. It was replaced with the OpenVPN client v2. The OpenVPN client v2 is called “OpenVPN Connect Client” and has been in use for many years. It is still available from our website. You can download it from the direct link new the top of this page. The OpenVPN client v3 is called “OpenVPN Connect” and is the latest generation of our software. It is available on our website as a beta version. It is also offered in the OpenVPN Access Server client web interface itself.
This is the official OpenVPN Connect software for Windows workstation platforms developed and maintained by OpenVPN Inc. This is the recommended client program for the OpenVPN Access Server. The latest versions are available on our website. If you have an OpenVPN Access Server, you can download the OpenVPN Connect client software directly from your own Access Server, and it will then come pre-configured for use. The version available here contains no configuration to make a connection, although it can be used to update an existing installation and retain settings.
- Download the MSI file
- Open and start the setup wizard.
- Give permissions to install on your Windows OS.
- Complete the OpenVPN Connect Setup Wizard.
- The OpenVPN logo displays in your tray (bottom right) with DISCONNECTED status.
- Click on the icon to start the Onboarding Tour.
- Review how to import a profile from a server by entering the Access Server Hostname and credentials or uploading a profile from your computer.
- Agree to the data collection use and retention policies after reviewing them.
- Import a profile, either from the server or from file.
- Navigate to your OpenVPN Access Server client web interface.
- Login with your credentials.
- Select ‘OpenVPN Connect for Windows’.
- Wait until the download completes, and then open it (specifics vary depending on your browser).
- Click Run to start the installation process.
- Click Yes to approve the privilege escalation request.
- Wait until the installation process completes.
- In the system tray, the OpenVPN Connect Client is now ready for use.
- From the OpenVPN Connect UI, choose “Import from Server”.
- Enter your Access Server Hostname, Title, Port (optional), and your credentials–username and password.
- Click Add.
- If you choose to Import autologin profile, it is less secure, but you won’t need to re-enter credentials.
- Choose “Import from File”.
- Drag and drop a .OVPN file or click on Browse to navigate to the location on your computer.
- The message displays that the profile is successfully imported and displays the hostname and the title. You can change the title if desired.
- Click on Add to complete the import.
Layer 2 bridging (TAP) is no longer supported. Switch over to TUN Mode to resolve this issue.
OpenVPN Access Server starts with a self-signed certificate. With this, you will receive warnings from your web browser about the site not being secure as well as a certificate error when importing a profile with the Connect Client. You can simply override the warnings or add an exception for your web browser. To resolve this, you can set up a DNS host name that resolves to the public address of your Access Server and install a valid SSL certificate that corresponds to that DNS host name. Going forward, you would use that hostname to access your server instead of the IP address. This is also the recommended method as validated SSL certificates can only ever function with a valid public DNS hostname.
Your Access Server Hostname is the address at which your Access Server can be reached. For example it could be https://vpn.yourcompany.com/. If a DNS hostname is not set up, it is also possible to specify the IP address where your Access Server. For example: https://126.96.36.199 Your credentials are your username and password. You may need to get that information from your Access Server administrator if you don’t know it.
Title is the name for the profile. It is automatically defined as the username with the hostname or IP address(example: user1@hostname). It differentiates between multiple profiles. You can define it manually as well. The title can be anything you want just so you can see which profile is which.
Choosing this option allows you to import an autologin profile with the address and credentials for your Access Server, then simply start the connection with the tap of a button. You would not need to re-enter credentials each time you connect. The autoprofile itself contains an embedded secure certificate that identifies and authorizes your connection automatically. It is an optional setting on the OpenVPN Access Server that the administrator of the server can choose to make available to you. If you find you cannot import the autologin profile, your administrator may not have allowed autologin through user permissions.
During investigation of a vulnerability called VORACLE, it was found that using compression to make the data that goes through the VPN tunnel smaller, and thus faster, has an adverse effect on security. To learn more about this see our security notification on our website regarding the VORACLE attack vulnerability. In order to protect our customers, we are disabling compression by default. Some servers of the open source variety can be configured in such a way that the client must do compression, or else the client may not connect successfully. In such a case, you should get the server updated to disable compression. But we understand that this is not always possible, and you may need to be able to connect to such a server. In that event you can go into the settings and re-enable compression.
- OpenVPN Connect v3 supports Windows 7, Windows 8, Windows 8.1 and Windows 10.
- OpenVPN Connect v2 supports Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10.
- For Windows XP, you’ll need to get an open source client from the Open Source Community.
Downloading and installing
Release Notes v3
- Added support for deep linking and web authentication using system web browser
- Minor changes for Web Auth flow
- Added reporting UV_APP_VER values to the VPN server
- Implemented a new way of profile bundling (distribution of MSI and profile as separate files)
- Fixed an issue where an OpenVPN server could not be reached if it was not reachable through the default gateway
- Fixed an issue where a large amount of routes pushed to the VPN client would cause the client to fail
- Fixed issues with the display of the application version
Release date: 26 August, 2020
- Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server
- Fixed not prompting user for certificate approval under certain conditions
- Updated Wintun driver to v0.8.1 that contains a patch for a driver update issue
- Added installer routine that ensures presence of a particular Windows hotfix on Windows 7 machines (KB2921916)
Release date: 13 July, 2020
- This is now a stable release and no longer considered beta software
- As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH)
- Switchover from Mbed TLS library to OpenSSL library
- Support of TLS 1.3 version
- Support signing with RSA-PSS signatures during TLS handshake
- Update of OpenVPN3 library to OpenVPN core 3.5.6 version
- Optional WinTun driver is available during installation
- Implemented possibility to run VPN connection as system service
- Improved stability and performance
- Fixed a failure of installation process on some operating systems with non-English localization
- Implemented a fix for a security issue related to the location of installation files (CVE-2020-9442)
- New profile import flow with WebAuth support
- Added EULA license during installation
- Added .ovpn file association
- Added possibility to connect without external certificate when the client certificate is not required
- Fixed connection with DUO authentication service
- Fixed connection via server-locked profile with 2FA
- Fixed proxy basic authentication
- Fixed issue with long client-side scripts
- Fixed issue with unquoted path privilege escalation reported by Yogesh Prasad (CVE-2014-5455)
- New unified UI with 2 color scheme options
- Dropped support of MD5 algorithm
- Disabled tunnel compression by default (could be enabled back in the app settings)
- Ability to add proxies for connection from within the app
- Ability to manage external certificates directly from within the app (except in Windows 7 for the moment)
- Separate screen with extended statistics of connection session
- Log File with options to pause/resume, clear and save logs for sharing
- Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.
- Ability to create connect and disconnect shortcuts.
Release Notes v2
Release date: October 22, 2020
- Added support for tls-crypt (v1 and v2)
Release date: May 27, 2020
- Resolved an issue where DNS records were not being deleted properly in some rare cases.
Release date: April 29, 2020
- Resolved some issues on Windows with driver signing.
Release date: April 15, 2020
- Added multi-factor support for the dynamic challenge/response model.
- Updated TAP driver to latest version and signed with latest driver signing certificate.
- Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222)
- Improved round-robin DNS server exclusion route handling.
- Resolved a problem where ’empty credentials’ error could occur.
- Resolved some various other minor stability issues.
Release date: January 22, 2020
- Resolved an issue where DNS records were not being deleted properly in some rare cases.
- Resolved a problem with saving connection profiles when using a Windows username that contains non-latin characters.
Release date: March 11, 2019
- Signed this build with a new software publisher EV certificate valid until 23-2-2022, as the old certificate had expired.
- Resolved a problem where reconnect would fail on a round-robin DNS hostname as server address in combination with full-tunnel redirection.
Release date: December 11, 2018
- Added DHCP option PROXY_AUTO_CONFIG_URL capability for proxy auto configuration (PAC) in the operating system. It is now possible to do for example:
- push “dhcp-option PROXY_AUTO_CONFIG_URL (url to proxy PAC settings file)”
- DNS default suffix pushed by the VPN server should now have priority when the client already had a DNS default suffix set locally.
Release date: April 18, 2018
- Fixed launch issue on some older Windows platforms when Microsoft Visual C++ redistributable wasn’t present
- Fixed and improved platform and client version reporting to the server
Release date: March 22, 2018
- mbedTLS: fix incompatibility with PKI created by OpenSSL 1.1
- mbedTLS: add support for ECDSA
- mbedTLS: updated to fix CVE-2018-0487 vulnerability.
- Issue OpenVPN client showing ‘no VPN servers’ when a connection profile with an excessively long server host name was loaded is now fixed.
- TLS key refresh (TLS soft reset) connection interruption when using –opt-verify is now fixed.