OpenVPN 2.4.3 released (with security fixes)

Announcements from OpenVPN involving bugs, updates, and new features.
samuli
OpenVPN Technologies
Posts: 100
Joined: Fri Aug 13, 2010 9:05 pm

OpenVPN 2.4.3 released (with security fixes)

Postby samuli » Wed Jun 21, 2017 10:40 am

The OpenVPN community project team is proud to release OpenVPN 2.4.3. It can be downloaded from here.

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In the process several vulnerabilities were found, some of which are remotely exploitable in certain circumstances. Most of these issues also affect OpenVPN 2.3.16 and earlier. We recommend you to upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are available in our official security announcement

A summary of all changes is available in Changes.rst, and a full list of changes is available here.

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.

Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:


Please report bugs and ask development questions here:


EDIT: made the topic an announcement for 14 days
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 3 guests