OpenVPN 2.5 Released (October 28, 2020) https://openvpn.net/community-downloads/ Spoiler: Overview of Changes since OpenVPN 2.4 OVERVIEW OF CHANGES SINCE OPENVPN 2.4 FASTER CONNECTIONS Connections setup is now much faster CRYPTO SPECIFIC CHANGES ChaCha20-Poly1305 cipher in the OpenVPN data channel (Requires OpenSSL 1.1.0 or newer) Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer Client-specific tls-crypt keys (–tls-crypt-v2) Improved Data channel cipher negotiation Removal of BF-CBC support in default configuration (see below for possible incompatibilities) SERVER-SIDE IMPROVEMENTS HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers. Asynchronous (deferred) authentication support for auth-pam plugin Asynchronous (deferred) support for client-connect scripts and plugins NETWORK-RELATED CHANGES Support IPv4 configs with /31 netmasks now 802.1q VLAN support on TAP servers IPv6-only tunnels New option –block-ipv6 to reject all IPv6 packets (ICMPv6) LINUX-SPECIFIC FEATURES VRF support Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands) WINDOWS-SPECIFIC FEATURES Wintun driver support, a faster alternative to tap-windows6 Setting tun/tap interface MTU Setting DHCP search domain Allow unicode search string in –cryptoapicert option EasyRSA3, a modern take on OpenVPN CA management MSI installer
OpenVPN 2.5.6 Released (March 16, 2022) https://openvpn.net/community-downloads/ Changelog Spoiler: Changes v2.5.6 Changes in 2.5.6 Antonio Quartulli (4): GitHub Actions: update script to same version as master update copyright year to 2022 keyingmaterialexporter.c: include strings.h remove unused sitnl.h file David Sommerseth (2): sample-plugin: New plugin for testing multiple auth plugins plug-ins: Disallow multiple deferred authentication plug-ins Frank Lichtenheld (2): doc/Makefile: rebuild rst docs if input files change doc/options: clean up documentation for --proto and related options Gert Doering (4): fix Changes.rst errors in 2.5.3 and 2.5.5 announcement Repair --inactive with 'bytes' argument larger 2Gbytes. Fix --mtu-disc maybe|yes on Linux. Preparing release 2.5.6 Ilya Shipitsin (1): CI: github actions: keep "pdb" in artifacts Lev Stipakov (7): auth_token.c: add NULL initialization vcpkg-ports/pkcs11-helper: bump to release 1.28 vcpkg-ports/pkcs11-helper: indicate OpenSSL EC support msvc: cleanup vcpkg: link lzo statically vcpkg-ports/pkcs11-helper: adapt to new upstream URL vcpkg-ports: add openssl 1.1.1n Spoiler: Changes v2.5.5 Changes in 2.5.5 Adrian (1): Fix error in example firewall.sh script Antonio Quartulli (1): configure: remove useless -Wno-* from default CFLAGS Arne Schwabe (2): Add argv_insert_head__empty_argv__head_only to argv tests Move deprecation of SWEET32/64bit block size ciphers to 2.7 Gert Doering (4): Include --push-remove in the output of --help. Move '--push-peer-info' documentation from 'server' to 'client options' add test case(s) to notice 'openvpn --show-cipher' crashing Preparing release 2.5.5 Ilya Shipitsin (1): BUILD: enable CFG and Spectre mitigation for MSVC Lev Stipakov (12): Fix loading PKCS12 files on Windows msvc: fix product version display msvc: add missing header to project file config-msvc.h: fix OpenSSL-related defines contrib/vcpkg-ports: remove openssl port GitHub Actions: use latest working lukka/run-vcpkg Use network address for emulated DHCP server as a default Load OpenSSL config on Windows from trusted location ring_buffer.h: fix GCC warning about unused function ssh_openssl.h: remove unused declaration vcpkg/pkcs11-helper: compatibility with latest vcpkg config-msvc.h: indicate key material export support Max Fillinger (2): Don't use BF-CBC in unit tests if we don't have it Define have_blowfish variable in ncp unit tests Richard T Bonhomme (1): doc link-options.rst: Use free open-source dynamic-DNS provider URL Selva Nair (3): Fix some more wrong defines in config-msvc.h Ensure the current common_name is in the environment for scripts Require EC key support in Windows builds Sergio E. Nemirowski (1): resolvconf fails with -p Todd Zullinger (2): Update IRC information in CONTRIBUTING.rst doc/man (vpn-network-options): fix foreign_option_{n} typo Ville Skyttä (1): README.down-root: Fix plugin module name