Downloads

OpenVPN 2.4.4 -- released on 2017.09.26 (Change Log)

This release includes a large number of small fixes and enhancements. There is also an important security fix for legacy setups that may still be using key-method 1. As that option was deprecated 12 years ago we estimate that not many production setups are affected in practice. In addition Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead.

Windows installer I601 includes updated OpenVPN GUI (11.9.0.0) and easy-rsa (2.3.2). Note that OpenVPN's bin directory is no longer added to system PATH. While most users will be unaffected by this change, you should have a look at vars.bat.sample if you are migrating an old easy-rsa CA to a new easy-rsa installation.

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.

Please note that OpenVPN 2.4 installers will not work on Windows XP.

If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.freenode.net). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.freenode.net).

Source Tarball (gzip)
openvpn-2.4.4.tar.gz GnuPG Signature
Source Tarball (xz)
openvpn-2.4.4.tar.xz GnuPG Signature
Source Zip openvpn-2.4.4.zip GnuPG Signature
Installer, Windows Vista and later
openvpn-install-2.4.4-I601.exe GnuPG Signature


NOTE: the GPG key used to sign the release files has been changed since OpenVPN 2.4.0. Instructions for verifying the signatures, as well as the new GPG public key are available here.

We also provide static URLs pointing to latest releases to ease automation. For a list of files look here.

This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.

You can use EasyRSA 2 or EasyRSA 3 for generating your own certificate authority. The former is bundled with Windows installers. The latter is a more modern alternative for UNIX-like operating systems.

The Windows installers are bundled with OpenVPN-GUI - its source code is available on its project page and as tarballs on our alternative download server.

OpenVPN 2.3.18 (old stable) -- released on 2017.09.26 (Change Log)

This is a minor release. It fixes the key-method 1 problem as well the NSIS installer code execution and privilege escalation problems described in more detail in OpenVPN 2.4.4 release notes.

Windows installers I602 and I002 fix Trac issue #948 which caused the installer to overwrite system PATHs that were over 1024 characters long. In addition easy-rsa has been updated from 2.2.0 to 2.3.2 as the former version depended on OpenVPN's bin directory being in the system PATH.

NOTE: The GPG key used to sign release files has changed in OpenVPN 2.3.16.

This release is the latest old stable release, and the last major release to support Windows XP. Normally you should use the latest stable release (2.4.x) instead.

Source Tarball (gzip)
openvpn-2.3.18.tar.gz GnuPG Signature
Source Tarball (xz)
openvpn-2.3.18.tar.xz GnuPG Signature
Source Zip openvpn-2.3.18.zip GnuPG Signature
Installer (32-bit), Windows XP
openvpn-install-2.3.18-I002-i686.exe GnuPG Signature
Installer (64-bit), Windows XP
openvpn-install-2.3.18-I002-x86_64.exe

GnuPG Signature

Installer (32-bit), Windows Vista and later
openvpn-install-2.3.18-I602-i686.exe GnuPG Signature
Installer (64-bit), Windows Vista and later
openvpn-install-2.3.18-I602-x86_64.exe

GnuPG Signature

 


OpenVPN -- Older Releases

Older OpenVPN releases not explicitly listed above can be downloaded from here.

WARNING: The Windows installers for these old releases may contain OpenSSL versions that have the heartbleed vulnerability or other serious security issues. You should not use any of these old OpenVPN Windows installers, unless you are absolutely sure it's safe in your use case. If you depend on an old OpenVPN version make sure you build the Windows binaries yourself and link them to an up-to-date OpenSSL version.


OpenVPN -- Packages and ports

OpenVPN is available in repositories of most open source operating systems such as Debian, Ubuntu, Fedora, FreeBSD and Maemo. Some of them may have several versions available, e.g. one for latest beta branch, one for latest development code and one for stable releases. Using these OS-provider versions is usually easiest. However the OpenVPN project also packages latest OpenVPN releases for some open source operating systems. Take a look here to see if these packages are available for your OS.


Tap-windows

OpenVPN uses TAP-windows to provide virtual tap device functionality on Windows. Normally you don't need to install TAP-windows separately, as OpenVPN installers include it. The tap-windows driver comes in two flavours: the NDIS 5 driver (tap-windows, version 9.9.x) for Windows XP and NDIS 6 (tap-windows6, version 9.21.x) for Windows Vista and above. Source code for both tap-windows drivers is available on GitHub.

NOTE: If you have 9.9.x installed, you need to uninstall it before installing 9.21.x, as there are known issues with doing an upgrade.

Installer (NDIS 5) tap-windows-9.9.2_3.exe GnuPG Signature
Installer (NDIS 6) tap-windows-9.21.2.exe GnuPG Signature

Most other operating systems have virtual tap device functionality in their kernels.


Openvpn-build

Official Windows binary packages are cross-compiled on Linux using mingw_w64 and the openvpn-build buildsystem. For details, look at the Wiki documentation.