Skip to main content

Release Notes for OpenVPN Connect on Windows

SHA 256 checksums

File Name

SHA256SUM

x64: openvpn-connect-3.5.1.3946_signed.msi

ffd922b8afbcaf62079131d663e3eefb63ef173ad6cee6877b9d4945db43a7cf

x32: openvpn-connect-3.5.1.3946_signed_x86.msi

a3ec4ae45d960b9188174cc6184f192927419469e9f828d5669ccc66bc4bb724

3.5.1 (3946)

Release date:

Oct 17, 2024

  • Updated information exchange for CloudConnexa users.

  • Introduced a new dialog for profiles with ‘auth-nocache’ and ‘auth-user-pass’ directives.

  • Minor fixes and improvements.

Notice

Release date: Jul 18, 2024

  • Application can't be installed on Windows 7 or 8.

  • Implemented Device Posture Checks feature.

    Note

    Businesses can now ensure that only devices that meet certain security standards access the network. This can help protect the network from unauthorized access and malware infections.

  • Added Forced Re-authentication support.

  • Enhanced DNS stability and productivity (support for new DNS option).

  • Connection through proxy with basic auth is now only allowed with "insecure" security level.

  • Updated TAP and DCO network drivers.

  • Introduced support for external EC (elliptic serves signature algorithms) certificates.

  • Certificate validation added on Import and Connection (not allowed to import or connect with expired certificates).

  • Renamed the Allow IPv6 setting to Block IPv6 to more clearly reflect its behavior.

  • External certificates are non-exportable.

  • Updated the Import Profiles screen.

  • Introduced UV_UUID reporting in service mode.

  • Application Installer now blocks the process on unsupported OS versions.

  • Other minor fixes and improvements.

Notice

Release date: Feb 8, 2024

  • Fixed ELECTRON_RUN_AS_NODE vulnerability (CVE-2023-7245). Reported by Mykola Grymalyuk (RIPEDA Consulting).

  • Improved web authentication dialog.

  • Fixed issue with environment variable in GUI.

  • Fixed issue with empty Device ID reported to VPN server.

  • Fixed issue when a system browser doesn't open during authentication with AS SAML on clean installed Windows 11.

  • Fixed UI issues in High Contrast mode.

Notice

Release date: Dec 7, 2023

  • Dropped official support for Windows 8 (may still work but no support is provided for it anymore).

  • Promoted DCO feature to stable (no longer in beta).

  • Fixed security issue CVE-2023-4863 by updating relevant libraries.

  • Fixed regression where DNS zones were not applied correctly.

  • Improved handling of unwanted 0.0.0.0/0 route added by Windows operating system.

  • Updated handling of browser-based authentication - embedded browser and OPEN_URL no longer supported.

Notice

Release date: Aug 24, 2023

  • Fixed issue where some antivirus solutions could trigger a false positive report.

Notice

Release date: Aug 17, 2023

  • Added support for "all" OS type (Windows and macOS) of environment variables for Access Server.

  • Fixed connectivity issue using Dual-Stack IPv6/IPv4.

  • Fixed issue where "pull" directive was incorrectly marked as incompatible option.

  • Fixed issue where password input could lose focus.

  • Various bug fixes and user experience improvements.

Notice

Release date: Jul 10, 2023

  • Added OpenVPN Data Channel Offload (DCO) support.

  • Added support for environment variables for Access Server.

  • Added ARM platform support via compatibility mode.

  • Added "Security Level" setting.

  • Updated OpenVPN 3 library to version 3.8.0.

  • Updated OpenSSL library to version 3.0.8.

  • Removed onboarding screens.

  • Fixed security issue CVE-2022-3761 with checking web certificates during import process. Thanks to Mr. Ka Lok Wu of the Chinese University of Hong Kong for reporting this..

  • Fixed a bug when importing profile from a server with Let’s Encrypt certificate.

  • Fixed the issue with numeric pad enter button not working.

  • Fixed the issue with the installation process related to a lockfile present in TEMP folder.

  • Various bug fixes and user experience improvements.

Notice

Release date: Feb 16, 2023

  • Updated information exchange for CloudConnexa users.

Notice

Release date: Mar 22, 2022

  • OpenSSL updated to 1.1.1n (to address CVE-2022-0778).

  • Minor change for Web Authentication in a system browser.

Notice

Release date: Mar 9, 2022

  • Added import using Web Authentication in system browser.

  • Added reporting of UUID device identifier as UV_UUID parameter.

Notice

Release date: Dec 16, 2021

  • Resolved a bug when importing CloudConnexa profiles.

Notice

Release date: Nov 17, 2021

  • Changed Web Auth flow to use external browser for authentication.

Notice

Release date: Oct 7, 2021

  • Updated OpenSSL library to 1.1.1 version.

  • Added support of local DNS resolvers.

  • Added Device ID on Settings page.

  • Added Confirmation Dialogs setting.

  • Fixed UI issues on Windows 11.

  • Various bug fixes and improvements.

Notice

Release date: Jun 23, 2021

  • Resolved a security issue related to OpenSSL configuration (CVE-2021-3613) reported by Xavier Danest.

Notice

Release date: Jun 3, 2021

  • Updated OpenVPN 3 library to 3.6.2 version.

  • Added captive portal detection: OpenVPN Connect notifies the user when a device is connected to a network with a captive portal enabled. This functionality is enabled by default and can be managed on the Settings screen in the app.

  • Added network loss detection: the VPN connection goes to a “pause” state when a network connection is lost, and automatically resumes the VPN session when the network is up.

  • Added command line interface. Refer to Command-line Functionality (Windows) or Command-line Functionality (macOS).

  • Changes to software update functionality:

    • Added the ability to change the setting of the frequency of software update checks.

    • Added update checks frequency management by the admin using the directive to the profile: 0 is never; 1 is every day; 7 is once a week; and 30 is monthly. When a profile with this directive is bundled into the app, the app setting changes automatically. CONNECTV3_PREFERENCE_UPDATE_FREQUENCY=<0|1|7|30>

    • When a new version of the application is available, it becomes visible in the main menu of the app.

    • Added release notes to notification of application updates.

  • Added support for PKCS11 hardware tokens. Refer to Connect and Authorize Hardware Tokens.

  • Replaced reconnect on reboot setting with launch options. A user can choose multiple options: startup application after OS reboot, connect with the latest connected profile, or connect only if a connection was active during the reboot (previously, behavior of “Reconnect on Reboot” setting).

  • Added external certificates on Windows 7: OpenVPN Connect supports importing and assigning an external PKCS12 identity to a profile for connection in Windows 7.

  • Added an Advanced Settings section. Settings that can break connectivity are hidden in the Advanced Settings section on the Settings screen.

  • Added colorful tray icons. The OpenVPN Connect tray icon with a color indication of connection state can be enabled on the Settings screen (default behavior on Windows 7 and Windows 8).

  • Removed the "force AES-CBC cipher" legacy compatibility option.

  • Various bug fixes and UX improvements.Release notes for 3.2.3 (1851)

Notice

Release date: Feb 25, 2021

  • Added support for deep linking and web authentication using system web browser.

  • Removed optional wintun driver support.

Notice

Release date: Oct 30, 2020

  • Minor changes for Web Auth flow.

  • Added reporting UV_APP_VER values to the VPN server.

  • Implemented a new way of profile bundling (distribution of MSI and profile as separate files).

  • Fixed an issue where an OpenVPN server could not be reached if it was not reachable through the default gateway.

  • Fixed an issue where a large number of routes pushed to the VPN client would cause the client to fail.

  • Fixed issues with the display of the application version.

Notice

Release date: Aug 26, 2020

  • Added reporting UV_ASCLI_VER and UV_PLAT_REL values to the VPN server.

  • Fixed not prompting user for certificate approval under certain conditions.

  • Updated Wintun driver to v0.8.1 that contains a patch for a driver update issue.

  • Added installer routine that ensures presence of a particular Windows hotfix on Windows 7 machines (KB2921916).Release notes for 3.2.0 (1064)

Notice

Release date: Jul 13, 2020

This is now a stable release and no longer considered beta software.

  • As part of the transition from Mbed TLS to OpenSSL the list of negotiable TLS cipher suites no longer includes weak cipher suites that lack forward secrecy support (DH/ECDH).

  • Switchover from Mbed TLS library to OpenSSL library.

  • Support of TLS 1.3 version.

  • Support signing with RSA-PSS signatures during TLS handshake.

  • Update of OpenVPN3 library to OpenVPN core 3.5.6 version.

  • Optional WinTun driver is available during installation.

  • Implemented possibility to run VPN connection as system service.

  • Improved stability and performance.

  • Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).

  • Fixed a failure of installation process on some operating systems with non-English localization.

  • Implemented a fix for a security issue related to the location of installation files (CVE-2020-9442).

  • New profile import flow with WebAuth support.

  • Added EULA license during installation.

  • Added .ovpn file association.

  • Added possibility to connect without external certificate when the client certificate is not required.

  • Fixed connection with DUO authentication service.

  • Fixed connection via server-locked profile with 2FA.

  • Fixed proxy basic authentication.

  • Fixed issue with long client-side scripts.

  • Fixed issue with unquoted path privilege escalation reported by Yogesh Prasad (CVE-2014-5455).

  • New unified UI with 2 color scheme options.

  • Dropped support of MD5 algorithm.

  • Disabled tunnel compression by default (could be enabled back in the app settings).

  • Ability to add proxies for connection from within the app.

  • Ability to manage external certificates directly from within the app (except in Windows 7 for the moment).

  • Separate screen with extended statistics of connection session.

  • Log File with options to pause/resume, clear and save logs for sharing.

  • Plenty of other settings like reconnect on reboot, seamless tunnel, IP/TLS versions etc.

  • Ability to create connect and disconnect shortcuts.

Notice

Release date: Oct 22, 2020

  • Added support for tls-crypt (v1 and v2)

Notice

Release date: May 27, 2020

  • Resolved an issue where DNS records were not being deleted properly in some rare cases.

Notice

Release date: Apr 29, 2020

  • Resolved some issues on Windows with driver signing.

Notice

Release date: Apr 10, 2020

  • Added multi-factor support for the dynamic challenge/response model.

  • Updated TAP driver to latest version and signed with latest driver signing certificate.

  • Updated MbedTLS to 2.7.13 to resolve a security issue (CVE-2019-18222).

  • Improved round-robin DNS server exclusion route handling.

  • Resolved a problem where ’empty credentials’ error could occur.

  • Resolved some various other minor stability issues.

Notice

Release date: Jan 22, 2020

  • Resolved an issue where DNS records were not being deleted properly in some rare cases.

  • Resolved a problem with saving connection profiles when using a Windows username that contains non-latin characters.

Notice

Release date: Mar 11, 2019

  • Signed this build with a new software publisher EV certificate valid until 23-2-2022, as the old certificate had expired.

  • Resolved a problem where reconnect would fail on a round-robin DNS hostname as server address in combination with full-tunnel redirection.

Notice

Release date: Dec 11, 2018

  • Added DHCP option PROXY_AUTO_CONFIG_URL capability for proxy auto configuration (PAC) in the operating system. It is now possible to do for example:

  • push "dhcp-option PROXY_AUTO_CONFIG_URL (url to proxy PAC settings file)"

    • DNS default suffix pushed by the VPN server should now have priority when the client already had a DNS default suffix set locally.

Notice

Release date: Apr 18, 2018

  • Fixed launch issue on some older Windows platforms when Microsoft Visual C++ redistributable wasn't present.

  • Fixed and improved platform and client version reporting to the server.

Notice

Release date: Mar 22, 2018

  • mbedTLS: fix incompatibility with PKI created by OpenSSL 1.1.

  • mbedTLS: add support for ECDSA.

  • mbedTLS: updated to fix CVE-2018-0487 vulnerability.

  • Issue OpenVPN client showing 'no VPN servers' when a connection profile with an excessively long server host name was loaded is now fixed.

  • TLS key refresh (TLS soft reset) connection interruption when using --opt-verify is now fixed.