OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In the process several vulnerabilities were found, some of which are remotely exploitable in certain circumstances. Most of these issues also affect OpenVPN 2.3.16 and earlier. We recommend you to upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are available in our official security announcement
A summary of all changes is available in Changes.rst, and a full list of changes is available here.
Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
Please note that OpenVPN 2.4 installers will not work on Windows XP.
For generic help use these support channels:
Please report bugs and ask development questions here:
- Bug tracker and Wiki
- Developer mailing list
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration)
EDIT: made the topic an announcement for 14 days