Release Notes for OpenVPN Connect on Windows

DCO driver updated to version 1.3.1.

Minor improvements and fixes.

Fixed "Allow using local DNS resolvers" setting issue.

OpenVPN was upgraded to version 3.11.1.

OpenSSL and several other code libraries were also updated.

The connector service was updated to version 1.2, with additional connection settings. Refer to Use OpenVPN Connect v3 on Windows in Service Daemon Mode.

Fixed an issue where the connection wouldn't restore after switching networks in service daemon mode.

Implemented pre-connection checks to ensure network drivers and the system service are installed and running, and not used by other services.

Minor fixes and improvements.

Added support of "Global Config" feature that allows configuring the app settings, importing profiles, and creating proxies by applying the single file. Refer to Global Configuration File Support for Windows.

Fixed an issue when software update notifications for OpenVPN Connect aren't shown to the user.

Fixed an issue when username, passwords, and certs, aren't correctly saved if they're saved on the Imported Profile screen.

Small fixes and improvements.

Updated information exchange for CloudConnexa users.

Introduced a new dialog for profiles with ‘auth-nocache’ and ‘auth-user-pass’ directives.

Minor fixes and improvements.

Application can't be installed on Windows 7 or 8.

Implemented Device Posture Checks feature.

Added Forced Re-authentication support.

Enhanced DNS stability and productivity (support for new DNS option).

Connection through proxy with basic auth is now only allowed with "insecure" security level.

Updated TAP and DCO network drivers.

Introduced support for external EC (elliptic serves signature algorithms) certificates.

Certificate validation added on Import and Connection (not allowed to import or connect with expired certificates).

Renamed the Allow IPv6 setting to Block IPv6 to more clearly reflect its behavior.

External certificates are non-exportable.

Updated the Import Profiles screen.

Introduced UV_UUID reporting in service mode.

Application Installer now blocks the process on unsupported OS versions.

Other minor fixes and improvements.

Fixed ELECTRON_RUN_AS_NODE vulnerability (CVE-2023-7245). Reported by Mykola Grymalyuk (RIPEDA Consulting).

Improved web authentication dialog.

Fixed issue with environment variable in GUI.

Fixed issue with empty Device ID reported to VPN server.

Fixed issue when a system browser doesn't open during authentication with AS SAML on clean installed Windows 11.

Fixed UI issues in High Contrast mode.

Dropped official support for Windows 8 (may still work but no support is provided for it anymore).

Promoted DCO feature to stable (no longer in beta).

Fixed security issue CVE-2023-4863 by updating relevant libraries.

Fixed regression where DNS zones were not applied correctly.

Improved handling of unwanted 0.0.0.0/0 route added by Windows operating system.

Updated handling of browser-based authentication - embedded browser and OPEN_URL no longer supported.

Fixed issue where some antivirus solutions could trigger a false positive report.

Added support for "all" OS type (Windows and macOS) of environment variables for Access Server.

Fixed connectivity issue using Dual-Stack IPv6/IPv4.

Fixed issue where "pull" directive was incorrectly marked as incompatible option.

Fixed issue where password input could lose focus.

Various bug fixes and user experience improvements.

Added OpenVPN Data Channel Offload (DCO) support.

Added support for environment variables for Access Server.

Added ARM platform support via compatibility mode.

Added "Security Level" setting.

Updated OpenVPN 3 library to version 3.8.0.

Updated OpenSSL library to version 3.0.8.

Removed onboarding screens.

Fixed security issue CVE-2022-3761 with checking web certificates during import process. Thanks to Mr. Ka Lok Wu of the Chinese University of Hong Kong for reporting this..

Fixed a bug when importing profile from a server with Let’s Encrypt certificate.

Fixed the issue with numeric pad enter button not working.

Fixed the issue with the installation process related to a lockfile present in TEMP folder.

Various bug fixes and user experience improvements.

Updated information exchange for CloudConnexa users.

OpenSSL updated to 1.1.1n (to address CVE-2022-0778).

Minor change for Web Authentication in a system browser.

Added import using Web Authentication in system browser.

Added reporting of UUID device identifier as UV_UUID parameter.

Resolved a bug when importing CloudConnexa profiles.

Changed Web Auth flow to use external browser for authentication.

Updated OpenSSL library to 1.1.1 version.

Added support of local DNS resolvers.

Added Device ID on Settings page.

Added Confirmation Dialogs setting.

Fixed UI issues on Windows 11.

Various bug fixes and improvements.

Resolved a security issue related to OpenSSL configuration (CVE-2021-3613) reported by Xavier Danest.

Updated OpenVPN 3 library to 3.6.2 version.

Added captive portal detection: OpenVPN Connect notifies the user when a device is connected to a network with a captive portal enabled. This functionality is enabled by default and can be managed on the Settings screen in the app.

Added network loss detection: the VPN connection goes to a “pause” state when a network connection is lost, and automatically resumes the VPN session when the network is up.

Added command line interface. Refer to Manage OpenVPN Connect from the Command Line (Windows) or Manage OpenVPN Connect from the Command Line (macOS).

Changes to software update functionality:

Added support for PKCS11 hardware tokens. Refer to Connect and Authorize Hardware Tokens.

Replaced reconnect on reboot setting with launch options. A user can choose multiple options: startup application after OS reboot, connect with the latest connected profile, or connect only if a connection was active during the reboot (previously, behavior of “Reconnect on Reboot” setting).

Added external certificates on Windows 7: OpenVPN Connect supports importing and assigning an external PKCS12 identity to a profile for connection in Windows 7.

Added an Advanced Settings section. Settings that can break connectivity are hidden in the Advanced Settings section on the Settings screen.

Added colorful tray icons. The OpenVPN Connect tray icon with a color indication of connection state can be enabled on the Settings screen (default behavior on Windows 7 and Windows 8).

Removed the "force AES-CBC cipher" legacy compatibility option.

Various bug fixes and UX improvements.Release notes for 3.2.3 (1851)

Added support for deep linking and web authentication using system web browser.

Removed optional wintun driver support.

Minor changes for Web Auth flow.

Added reporting UV_APP_VER values to the VPN server.

Implemented a new way of profile bundling (distribution of MSI and profile as separate files).

Fixed an issue where an OpenVPN server could not be reached if it was not reachable through the default gateway.

Fixed an issue where a large number of routes pushed to the VPN client would cause the client to fail.

Fixed issues with the display of the application version.

Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server.

Fixed not prompting user for certificate approval under certain conditions.

Updated Wintun driver to v0.8.1 that contains a patch for a driver update issue.

Added installer routine that ensures presence of a particular Windows hotfix on Windows 7 machines (KB2921916).Release notes for 3.2.0 (1064)

As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH).

Switchover from Mbed TLS library to OpenSSL library.

Support of TLS 1.3 version.

Support signing with RSA-PSS signatures during TLS handshake.

Update of OpenVPN3 library to OpenVPN core 3.5.6 version.

Optional WinTun driver is available during installation.

Implemented possibility to run VPN connection as system service.

Improved stability and performance.

Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).

Fixed a failure of installation process on some operating systems with non-English localization.

Implemented a fix for a security issue related to the location of installation files (CVE-2020-9442).

New profile import flow with WebAuth support.

Added EULA license during installation.

Added .ovpn file association.

Added possibility to connect without external certificate when the client certificate is not required.

Fixed connection with DUO authentication service.

Fixed connection via server-locked profile with 2FA.

Fixed proxy basic authentication.

Fixed issue with long client-side scripts.

Fixed issue with unquoted path privilege escalation reported by Yogesh Prasad (CVE-2014-5455).

New unified UI with 2 color scheme options.

Dropped support of MD5 algorithm.

Disabled tunnel compression by default (could be enabled back in the app settings).

Ability to add proxies for connection from within the app.

Ability to manage external certificates directly from within the app (except in Windows 7 for the moment).

Separate screen with extended statistics of connection session.

Log File with options to pause/resume, clear and save logs for sharing.

Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.

Ability to create connect and disconnect shortcuts.