Release Notes for OpenVPN Connect on Windows
SHA 256 checksums
File Name | SHA256SUM |
---|---|
x64: openvpn-connect-3.5.1.3946_signed.msi | ffd922b8afbcaf62079131d663e3eefb63ef173ad6cee6877b9d4945db43a7cf |
x32: openvpn-connect-3.5.1.3946_signed_x86.msi | a3ec4ae45d960b9188174cc6184f192927419469e9f828d5669ccc66bc4bb724 |
3.5.1 (3946)
Release date:
Oct 17, 2024
Updated information exchange for CloudConnexa users.
Introduced a new dialog for profiles with ‘auth-nocache’ and ‘auth-user-pass’ directives.
Minor fixes and improvements.
Notice
Release date: Jul 18, 2024
Application can't be installed on Windows 7 or 8.
Implemented Device Posture Checks feature.
Note
Businesses can now ensure that only devices that meet certain security standards access the network. This can help protect the network from unauthorized access and malware infections.
Added Forced Re-authentication support.
Enhanced DNS stability and productivity (support for new DNS option).
Connection through proxy with basic auth is now only allowed with "insecure" security level.
Updated TAP and DCO network drivers.
Introduced support for external EC (elliptic serves signature algorithms) certificates.
Certificate validation added on Import and Connection (not allowed to import or connect with expired certificates).
Renamed the Allow IPv6 setting to Block IPv6 to more clearly reflect its behavior.
External certificates are non-exportable.
Updated the Import Profiles screen.
Introduced UV_UUID reporting in service mode.
Application Installer now blocks the process on unsupported OS versions.
Other minor fixes and improvements.
Notice
Release date: Feb 8, 2024
Fixed ELECTRON_RUN_AS_NODE vulnerability (CVE-2023-7245). Reported by Mykola Grymalyuk (RIPEDA Consulting).
Improved web authentication dialog.
Fixed issue with environment variable in GUI.
Fixed issue with empty Device ID reported to VPN server.
Fixed issue when a system browser doesn't open during authentication with AS SAML on clean installed Windows 11.
Fixed UI issues in High Contrast mode.
Notice
Release date: Dec 7, 2023
Dropped official support for Windows 8 (may still work but no support is provided for it anymore).
Promoted DCO feature to stable (no longer in beta).
Fixed security issue CVE-2023-4863 by updating relevant libraries.
Fixed regression where DNS zones were not applied correctly.
Improved handling of unwanted 0.0.0.0/0 route added by Windows operating system.
Updated handling of browser-based authentication - embedded browser and OPEN_URL no longer supported.
Notice
Release date: Aug 24, 2023
Fixed issue where some antivirus solutions could trigger a false positive report.
Notice
Release date: Aug 17, 2023
Added support for "all" OS type (Windows and macOS) of environment variables for Access Server.
Fixed connectivity issue using Dual-Stack IPv6/IPv4.
Fixed issue where "pull" directive was incorrectly marked as incompatible option.
Fixed issue where password input could lose focus.
Various bug fixes and user experience improvements.
Notice
Release date: Jul 10, 2023
Added OpenVPN Data Channel Offload (DCO) support.
Added support for environment variables for Access Server.
Added ARM platform support via compatibility mode.
Added "Security Level" setting.
Updated OpenVPN 3 library to version 3.8.0.
Updated OpenSSL library to version 3.0.8.
Removed onboarding screens.
Fixed security issue CVE-2022-3761 with checking web certificates during import process. Thanks to Mr. Ka Lok Wu of the Chinese University of Hong Kong for reporting this..
Fixed a bug when importing profile from a server with Let’s Encrypt certificate.
Fixed the issue with numeric pad enter button not working.
Fixed the issue with the installation process related to a lockfile present in TEMP folder.
Various bug fixes and user experience improvements.
Notice
Release date: Feb 16, 2023
Updated information exchange for CloudConnexa users.
Notice
Release date: Mar 22, 2022
OpenSSL updated to 1.1.1n (to address CVE-2022-0778).
Minor change for Web Authentication in a system browser.
Notice
Release date: Mar 9, 2022
Added import using Web Authentication in system browser.
Added reporting of UUID device identifier as UV_UUID parameter.
Notice
Release date: Dec 16, 2021
Resolved a bug when importing CloudConnexa profiles.
Notice
Release date: Nov 17, 2021
Changed Web Auth flow to use external browser for authentication.
Notice
Release date: Oct 7, 2021
Updated OpenSSL library to 1.1.1 version.
Added support of local DNS resolvers.
Added Device ID on Settings page.
Added Confirmation Dialogs setting.
Fixed UI issues on Windows 11.
Various bug fixes and improvements.
Notice
Release date: Jun 23, 2021
Resolved a security issue related to OpenSSL configuration (CVE-2021-3613) reported by Xavier Danest.
Notice
Release date: Jun 3, 2021
Updated OpenVPN 3 library to 3.6.2 version.
Added captive portal detection: OpenVPN Connect notifies the user when a device is connected to a network with a captive portal enabled. This functionality is enabled by default and can be managed on the Settings screen in the app.
Added network loss detection: the VPN connection goes to a “pause” state when a network connection is lost, and automatically resumes the VPN session when the network is up.
Added command line interface. Refer to Command-line Functionality (Windows) or Command-line Functionality (macOS).
Changes to software update functionality:
Added the ability to change the setting of the frequency of software update checks.
Added update checks frequency management by the admin using the directive to the profile: 0 is never; 1 is every day; 7 is once a week; and 30 is monthly. When a profile with this directive is bundled into the app, the app setting changes automatically.
CONNECTV3_PREFERENCE_UPDATE_FREQUENCY=<0|1|7|30>
When a new version of the application is available, it becomes visible in the main menu of the app.
Added release notes to notification of application updates.
Added support for PKCS11 hardware tokens. Refer to Connect and Authorize Hardware Tokens.
Replaced reconnect on reboot setting with launch options. A user can choose multiple options: startup application after OS reboot, connect with the latest connected profile, or connect only if a connection was active during the reboot (previously, behavior of “Reconnect on Reboot” setting).
Added external certificates on Windows 7: OpenVPN Connect supports importing and assigning an external PKCS12 identity to a profile for connection in Windows 7.
Added an Advanced Settings section. Settings that can break connectivity are hidden in the Advanced Settings section on the Settings screen.
Added colorful tray icons. The OpenVPN Connect tray icon with a color indication of connection state can be enabled on the Settings screen (default behavior on Windows 7 and Windows 8).
Removed the "force AES-CBC cipher" legacy compatibility option.
Various bug fixes and UX improvements.Release notes for 3.2.3 (1851)
Notice
Release date: Feb 25, 2021
Added support for deep linking and web authentication using system web browser.
Removed optional wintun driver support.
Notice
Release date: Oct 30, 2020
Minor changes for Web Auth flow.
Added reporting UV_APP_VER values to the VPN server.
Implemented a new way of profile bundling (distribution of MSI and profile as separate files).
Fixed an issue where an OpenVPN server could not be reached if it was not reachable through the default gateway.
Fixed an issue where a large number of routes pushed to the VPN client would cause the client to fail.
Fixed issues with the display of the application version.
Notice
Release date: Aug 26, 2020
Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server.
Fixed not prompting user for certificate approval under certain conditions.
Updated Wintun driver to v0.8.1 that contains a patch for a driver update issue.
Added installer routine that ensures presence of a particular Windows hotfix on Windows 7 machines (KB2921916).Release notes for 3.2.0 (1064)
Notice
Release date: Jul 13, 2020
This is now a stable release and no longer considered beta software.
As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH).
Switchover from Mbed TLS library to OpenSSL library.
Support of TLS 1.3 version.
Support signing with RSA-PSS signatures during TLS handshake.
Update of OpenVPN3 library to OpenVPN core 3.5.6 version.
Optional WinTun driver is available during installation.
Implemented possibility to run VPN connection as system service.
Improved stability and performance.
Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).
Fixed a failure of installation process on some operating systems with non-English localization.
Implemented a fix for a security issue related to the location of installation files (CVE-2020-9442).
New profile import flow with WebAuth support.
Added EULA license during installation.
Added .ovpn file association.
Added possibility to connect without external certificate when the client certificate is not required.
Fixed connection with DUO authentication service.
Fixed connection via server-locked profile with 2FA.
Fixed proxy basic authentication.
Fixed issue with long client-side scripts.
Fixed issue with unquoted path privilege escalation reported by Yogesh Prasad (CVE-2014-5455).
New unified UI with 2 color scheme options.
Dropped support of MD5 algorithm.
Disabled tunnel compression by default (could be enabled back in the app settings).
Ability to add proxies for connection from within the app.
Ability to manage external certificates directly from within the app (except in Windows 7 for the moment).
Separate screen with extended statistics of connection session.
Log File with options to pause/resume, clear and save logs for sharing.
Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.
Ability to create connect and disconnect shortcuts.
Notice
Release date: Oct 22, 2020
Added support for tls-crypt (v1 and v2)
Notice
Release date: May 27, 2020
Resolved an issue where DNS records were not being deleted properly in some rare cases.
Notice
Release date: Apr 29, 2020
Resolved some issues on Windows with driver signing.
Notice
Release date: Apr 10, 2020
Added multi-factor support for the dynamic challenge/response model.
Updated TAP driver to latest version and signed with latest driver signing certificate.
Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).
Improved round-robin DNS server exclusion route handling.
Resolved a problem where ’empty credentials’ error could occur.
Resolved some various other minor stability issues.
Notice
Release date: Jan 22, 2020
Resolved an issue where DNS records were not being deleted properly in some rare cases.
Resolved a problem with saving connection profiles when using a Windows username that contains non-latin characters.
Notice
Release date: Mar 11, 2019
Signed this build with a new software publisher EV certificate valid until 23-2-2022, as the old certificate had expired.
Resolved a problem where reconnect would fail on a round-robin DNS hostname as server address in combination with full-tunnel redirection.
Notice
Release date: Dec 11, 2018
Added DHCP option PROXY_AUTO_CONFIG_URL capability for proxy auto configuration (PAC) in the operating system. It is now possible to do for example:
push "dhcp-option PROXY_AUTO_CONFIG_URL (url to proxy PAC settings file)"
DNS default suffix pushed by the VPN server should now have priority when the client already had a DNS default suffix set locally.
Notice
Release date: Apr 18, 2018
Fixed launch issue on some older Windows platforms when Microsoft Visual C++ redistributable wasn't present.
Fixed and improved platform and client version reporting to the server.
Notice
Release date: Mar 22, 2018
mbedTLS: fix incompatibility with PKI created by OpenSSL 1.1.
mbedTLS: add support for ECDSA.
mbedTLS: updated to fix CVE-2018-0487 vulnerability.
Issue OpenVPN client showing 'no VPN servers' when a connection profile with an excessively long server host name was loaded is now fixed.
TLS key refresh (TLS soft reset) connection interruption when using --opt-verify is now fixed.