Software update: OpenVPN 2.5.0

OpenVPN is a robust and easy to set up open source VPN daemon that allows several private networks to be linked together through an encrypted tunnel over the internet. For security, the OpenSSL library is used, which can handle all encryption, authentication and certification. The developers have released version 2.5 and the most important changes are listed below for you.

Faster connections

• Connections setup is now much faster

Crypto specific changes

• ChaCha20-Poly1305 cipher in the OpenVPN data channel (Requires OpenSSL 1.1.0 or newer)
• Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer
• Client-specific tls-crypt keys (–tls-crypt-v2)
• Improved Data channel cipher negotiation
• Removal of BF-CBC support in default configuration (see below for possible incompatibilities)

Server side improvements

• HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
• Asynchronous (deferred) authentication support for auth-pam plugin
• Asynchronous (deferred) support for client-connect scripts and plugins

Network-related changes

• Support IPv4 configs with /31 netmasks now
• 802.1q VLAN support on TAP servers
• IPv6 only tunnels
• New option –block-ipv6 to reject all IPv6 packets (ICMPv6)

Linux-specific features

• VRF support
• Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)

Windows-specific features

• Wintun driver support, a faster alternative to tap-windows6
• Setting tun/tap interface MTU
• Setting DHCP search domain
• Allow unicode search string in –cryptoapicert option
• EasyRSA3, a modern take on OpenVPN CA management
• MSI installer