Software update: OpenVPN 2.4.8

OpenVPN is a robust and easy to set up open source VPN daemon with which different private networks can be linked together by means of an encrypted tunnel over the internet. For security, the OpenSSL library is used, which handles all encryption, authentication and certification. For more information, we refer to this page and an installation manual is on this page to consult. The developers released version 2.4.8 a while ago, with the following changes:

OpenVPN 2.4.8

This is primarily a maintenance release with bug fixes and improvements. The Windows installers (I601) have several improvements compared to the previous release:

  • New tap-windows6 driver (9.24.2) which fixes some suspend and resume issues
  • Latest OpenVPN GUI
  • Considerable performance boost due to new compiler optimization flags

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.

Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.

New features

  • Support compiling with OpenSSL 1.1 without deprecated APIs
  • handle PSS padding in cryptoapicert (necessary for TLS> = 1.2)

User visible changes

  • do not abort when hitting the combination of “–pull-filter” and “–mode server” (this got hit when starting OpenVPN servers using the windows GUI which installs a pull-filter to force ip-win32)
  • increase listen () backlog queue to 32 (improve response behavior on openvpn servers using TCP that get portscanned) fix and enhance documentation (INSTALL, man page, …)

Bug fixes

  • the combination “IPv6 and proto UDP and SOCKS proxy” did not work – as a workaround, force IPv4 in this case until a full implementation for IPv6-UDP-SOCKS can be made.
  • fix IPv6 routes on tap interfaces on OpenSolaris / OpenIndiana
  • fix building with LibreSSL
  • do not set pkcs11 helper ‘safe fork mode’ (should fix PIN querying in systemd environments)
  • repair windows builds
  • repair Darwin builds (remove -no-cpp-precomp flag)

Version number 2.4.8
Release status Final
Operating systems Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2012, Windows 8, Windows 10, Windows Server 2016
Website OpenVPN
License type GPL