OpenVPN 2.4.0 -- released on 2016.12.27 https://openvpn.net/index.php/download/community-downloads.html
Can the latest version, OpenVPN 2.4.3, be installed over the last.or must the previous version be uninstalled first?
And so what do those of us that use other products that use OpenVPN do? " AirVPN uses OpenVPN to establish the connection between your computer and the servers."
You can check for new version of their software. Personally I use Mullvad with OpenVPN client and you can check if AirVPN can be set up using OpenVPN client.
I took the part about OpenVPN from their terms of service. And so AIR already uses OpenVPN. I took a peek at their forum this morning but not seeing anything about an update to fix the OpenVPN issues.
Yes some vendors use OpenVPN as part of their software. But some of them offer configuration files that users can use with native OpenVPN client. I checked their site and it seems that they also offer that option: https://airvpn.org/topic/11801-using-airvpn-with-windows-openvpn-gui/
Hello, Concerning the AirVPN versions of OpenVPN used in the Eddie client: There is a thread on the AirVPN forums discussing this: 4 important security vulnerabilities discovered in OpenVPN - not found by the two recently completed audits of OpenVPN code See post # 7 for the Staff reply. Currently the experimental version of Eddie (2.13.1) is using OpenVPN 2.4.2 (stable version 2.12.4 is using OpenVPN 2.4). There is supposed to be a new experimental version (2.13.2) released in the next few days which I imagine will use OpenVPN 2.4.3. Note that AirVPN almost never releases a version directly to the stable channel but releases an experimental version first for public testing which will be the case here. HTH ...
You have 2 options: 1. wait for their software to update and start using latest version of OpenVPN (puff-m-d explained it nicely in previous post). 2. switch from their software to OPenVPN native client and install latest version. In first case you have to wait for developers to release new version in second you decide when to update.
Note that 2.4.2 also fixed several vulnerabilities(https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits), so if you want to use AirVPN's own software instead of the official OpenVPN software, I would recommend to use the experimental version if you're knowledgeable enough.
Yup the client is Eddie and their servers use OpenVPN. I checked and all the servers I checked are running OpenVPN versions lower then recommended. Don't know if they are going to update Eddie or just the servers.
There is an option about OpenVPN custom path. Maybe you can install OpenVPN client and point it to it? If their software allows it, it would be IMO best solution. Of course you will have to take care for OpenVPN client updates after that.
OpenVPN v2.4.5 Released (March 01, 2018) Download Github Spoiler: New features / Bugfixes v2.4.5 https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst Version 2.4.5 This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements. New features The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve. make CryptoAPI support (Windows) compatible with OpenSSL 1.1 builds TLS v1.2 support for cryptoapicert (on Windows) -- RSA only openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN) Use P_DATA_V2 for server->client packets too (better packet alignment) improve management interface documentation rework registry key handling for OpenVPN service, notably making most registry values optional, falling back to reasonable defaults accept IPv6 address for pushed "dhcp-option DNS ..." (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients) Bug fixes Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ Fix lots of compiler warnings (format string, type casts, ...) Fix --redirect-gateway route installation on Windows systems that have multiple interfaces into the same network (e.g. Wifi and wired LAN). Fix IPv6 interface route cleanup on Windows reload HTTP proxy credentials when moving to the next connection profile Fix build with LibreSSL (multiple times) Remove non-useful warning on pushed tun-ipv6 option. fix building with MSVC due to incompatible C constructs autoconf: Fix engine checks for openssl 1.1 lz4: Rebase compat-lz4 against upstream v1.7.5 lz4: Fix broken builds when pkg-config is not present but system library is Fix '--bind ipv6only' Allow learning iroutes with network made up of all 0s
OpenVPN v2.4.6 Released (April 24, 2018) Download Github Spoiler: Changes / Bug fixes v2.4.6 https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst User visible changes warn if the management interface is configured with a TCP port and no password is set (because it might be possible to interfere with OpenVPN operation by tricking other programs into connecting to the management interface and inject unwanted commands) Bug fixes CVE-2018-9336: fix potential double-free() in the Interactive Service (Windows) on malformed input. avoid possible integer overflow in wakeup computation (trac #922) improve handling of incoming packet bursts for control channel data fix compilation with older OpenSSL versions that were broken in 2.4.5 Windows + interactive Service: delete the IPv6 route to the "connected" network on tun close
OpenVPN v2.4.7 Released (February 21, 2019) Download Github Spoiler: New Features / Changes / Bug fixes v2.4.7 https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst New features ifconfig-ipv6(-push): allow using hostnames (in place of IPv6 addresses) new option: --ciphersuites to select TLS 1.3 cipher suites (--cipher selects TLS 1.2 and earlier ciphers) enable dhcp on tap adapter using interactive service (previously this required a privileged netsh.exe call from OpenVPN) clarify and expand management interface documentation add Interactive Service developer documentation User visible changes add message explaining early TLS client hello failure (if TLS 1.0 only clients try to connect to TLS 1.3 capable servers) --show-tls will now display TLS 1.3 and TLS 1.2 ciphers in separate lists (if built with OpenSSL 1.1.1+) don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' (unnecessary warnings, and will cause spurious warnings with tls-crypt-v2) bump version of openvpn plugin argument structs to 5 plugin: Export base64 encode and decode functions man: add security considerations to --compress section Bug fixes print port numbers (again) for incoming IPv4 connections received on a dual-stacked IPv6 socket. This got lost at some point during rewrite of the dual-stack code and proper printing of IPv4 addresses. fallback to password authentication when auth-token fails fix combination of --dev tap and --topology subnet across multiple platforms (BSDs, MacOS, and Solaris). fix Windows CryptoAPI usage for TLS 1.2 signatures fix option handling in combination with NCP negotiation and OCC (--opt-verify failure on reconnect if NCP modified options and server verified "original" vs. "modified" options) mbedtls: print warning if random personalisation fails fix subnet topology on NetBSD (2.4).
OpenVPN Windows installer was upgraded from openvpn-install-2.4.7-I601 to openvpn-install-2.4.7-I603. It contains new version of OpenVPN GUI.