OpenVPN is a robust and easy to set up open source vpn daemon with which different private networks can be connected to each other through an encrypted tunnel via the internet. For security, the OpenSSL library is used, with which all encryption, authentication and certification can be handled. For more information we refer to this page and an installation manual can be consulted on this page . The developers have already released version 2.4.8 a while ago, with the following changes:
This is primarily a maintenance release with bug fixes and improvements. The Windows installers (I601) have several improvements compared to the previous release:
- New tap-windows6 driver (9.24.2) which fixes some suspend and resume issues
- Latest OpenVPN GUI
- Considerable performance boost due to new compiler optimization flags
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions or LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.
- Support compiling with OpenSSL 1.1 without deprecated APIs
- handle PSS padding in cryptoapicert (necessary for TLS> = 1.2)
User visible changes
- do not abort when hitting the combination of “–pull filter” and “–mode server” (this got hit when starting OpenVPN servers using the windows GUI which installs a pull filter to force ip-win32)
- increase listen () backlog queue to 32 (improve response behavior on openvpn servers using TCP that get portscanned) fix and enhance documentation (INSTALL, man page, …)
- the combination “IPv6 and proto UDP and SOCKS proxy” did not work – as a workaround, force IPv4 in this case until a full implementation for IPv6-UDP-SOCKS can be made.
- fix IPv6 routes on tap interfaces on OpenSolaris / OpenIndiana
- fix building with LibreSSL
- do not set pkcs11 helper ‘safe fork mode’ (should fix PIN querying in system environments)
- repair windows builds
- repair Darwin builds (remove -no-cpp-precomp flag)