OpenVPN Security Advisory: Dec 14, 2018
Action needed: Important update for OpenVPN Access Server

GnuPG Public Key

All current OpenVPN (OSS) source packages and Windows installers have been signed with the Security mailing list GPG key:

If you have intentionally downloaded an old version of OpenVPN and the signature does not match with this key, please read this article really carefully.

Verifying file signatures

Signature verification can be performed by PGP or GnuPG once you have the correct key in your trusted keyring:

$ gpg --import keyname.asc
$ gpg -v --verify [.asc file]

Make sure you have the corresponding OpenVPN package in the same directory. GnuPG signature files for OpenVPN file releases are available on the download page.