Get Your OpenVPN Products Here.
OpenVPN Self-Hosted / Access Server
Software Packages & Virtual Appliances
Our self-hosted solution, Access Server, requires package installation. Your options include software packages for Linux, Virtual Appliances, and Cloud Images available to quickly launch via our portal.
Latest Version: Access Server 2.9.6
Download Software Packages
Download Virtual Appliances
OpenVPN Self-Hosted on AWS / Access Server on AWS
Launch Access Server on AWS in minutes
Simplified AWS deployment with CloudFormation Script
OpenVPN Access Server now comes preinstalled on AWS. Instantly launch an Access Server by selecting your region below. Comes with two free VPN connections.
Why use our Amazon AWS launcher
Cloud images are also available directly on Azure, Digital Ocean, Oracle, and Google Cloud. Click below to get started with your IaaS of choice.
OpenVPN-as-a-Service / OpenVPN Cloud
OpenVPN Cloud
OpenVPN’s cloud-based platform allows you to safeguard your resources in a controlled, adaptive, and scalable manner while complementing and extending the value of your current network strategy.
OpenVPN Client / OpenVPN Connect
OpenVPN Connect
OpenVPN Connect is our official client. Use OpenVPN Connect to connect to OpenVPN Cloud, Access Server or any OpenVPN compatible server/service. Select your platform and download here.
For Desktop
For Mobile
Select Your Operating System
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 1: Install via repository (recommended)
The recommended method to install the OpenVPN Access Server is to use the official OpenVPN Access Server software repository. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to add the repository to your system, and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. Installing the package ‘openvpn-as’ will automatically pull in the required client bundle as well.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
Note: from version 2.9.2 we now use a new software repository for Amazon Linux 2.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Option 2: Manually download packages
If for some reason you can or will not use the recommended installation via the official OpenVPN Access Server software repository, you can instead download the packages separately to your server and install them. You will need to be logged on to your Linux system either on the console or via SSH, and have root privileges. Then copy and paste the commands below to download the necessary package installer files and install the OpenVPN Access Server client bundle and the OpenVPN Access Server package itself. You may also use the buttons below to download the package files manually to your computer.
Note: these steps are suitable for a fresh install and for upgrading an existing installation.
After these steps, your Access Server should be installed and awaiting further configuration. Consult our quick start guide for further instructions on how to configure and use your Access Server.
Установка OpenVPN клиента для Windows.
Продолжаем знакомство с OpenVPN. В этой статье рассмотрим установку и настройку OpenVPN клиента для Windows.
В предыдущей статье, описывающей установку OpenVPN сервера, мы генерировали ключи и сертификаты клиента, а также прочие файлы необходимые для подключения к VPN. Нам понадобятся эти четыре файла:
Установка OpenVPN-клиента в Windows
Переходим на сайт OpenVPN, скачиваем exe-файл для Windows и устанавливаем.
Обязательно установите пакет драйверов для TAP-устройств.
После завершения переходим в C:\Program Files\OpenVPN\config где создаем конфигурационный файл client.ovpn со следующим содержимым, XX.XX.XX.XX заменить на адрес своего сервера.
Как можно увидеть, настройки клиента не слишком отличаются от настроек сервера, просто тут кое-что добавлено:
Также в этот каталог копируем файлы: ca.crt, ta.key, client.crt, client.key.
Запускаем OpenVPN, после запуска в трее появится иконка мониторчика с замочком. Кликаем по ней правой клавишей мыши и выбираем «Подключиться».
При активном подключении к VPN серверу иконка станет зеленого цвета, а пользователю будет показано сообщение с назначенным ему локальным ip-адресом.
Назначенный локальный ip-адрес также можно узнать выполнив команду ipconfig в командной строке Windows.
Можно выполнить трассировку маршрута до какого либо узла или домена, чтобы просмотреть откуда выходят пакеты во внешнюю сеть. Для этого выполняют команду tracert после которой указывают либо ip-адрес, либо домен, например ya.ru.
Смотрим на первую строчку и видим что пакет попал во внешнюю сеть с OpenVPN шлюза 172.16.150.1, после чего пошел дальше до конечного узла. В случае когда VPN отключен, то в первой строке будет либо ваш ip-адрес, либо локальный адрес вашего роутера, из которого пакет попадает в сеть вашего интернет-провайдера, а уже из нее отправляется дальше по назначению.
Community Downloads
Source tarball (gzip)
Source tarball (xz)
Source zip
Windows 32-bit MSI installer
Windows 64-bit MSI installer
Windows ARM64 MSI installer
Overview of changes since OpenVPN 2.4
Faster connections
Crypto specific changes
Server-side improvements
Network-related changes
Linux-specific features
Windows-specific features
Important notices
BF-CBC cipher is no longer the default
Connectivity to some VPN service provider may break
Linux packages are available from
Useful resources
The OpenVPN community project team is proud to release OpenVPN 2.5.3. Besides a number of small improvements and bug fixes, this release fixes a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Updated OpenVPN GUI is also included in Windows installers.
Source tarball (gzip)
Source tarball (xz)
Source zip
Windows 32-bit MSI installer
Windows 64-bit MSI installer
Windows ARM64 MSI installer
Overview of changes since OpenVPN 2.4
Faster connections
Crypto specific changes
Server-side improvements
Network-related changes
Linux-specific features
Windows-specific features
Important notices
BF-CBC cipher is no longer the default
Connectivity to some VPN service provider may break
Linux packages are available from
Useful resources
The OpenVPN community project team is proud to release OpenVPN 2.5.2. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with «—auth-gen-token» or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. OpenVPN 2.5.2 also includes other bug fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in Windows installers.
Source tarball (gzip)
Source tarball (xz)
Source zip
Windows 32-bit MSI installer
Windows 64-bit MSI installer
Overview of changes since OpenVPN 2.4
Faster connections
Crypto specific changes
Server-side improvements
Network-related changes
Linux-specific features
Windows-specific features
Important notices
BF-CBC cipher is no longer the default
Connectivity to some VPN service provider may break
Linux packages are available from
Windows ARM64 installers
Our MSI installer do not currently support the Windows ARM64 platform. You need to use our NSI-based snapshot installers from here. We recommend using the latest installer that matches one of these patterns:
Useful resources
The OpenVPN community project team is proud to release OpenVPN 2.5.1. It includes several bug fixes and improvements as well as updated OpenSSL and OpenVPN GUI for Windows.
Source tarball (gzip)
Source tarball (xz)
Source zip
Windows 32-bit MSI installer
Windows 64-bit MSI installer
Overview of changes since OpenVPN 2.4
Faster connections
Crypto specific changes
Server-side improvements
Network-related changes
Linux-specific features
Windows-specific features
Important notices
BF-CBC cipher is no longer the default
Connectivity to some VPN service provider may break
Linux packages are available from
Windows ARM64 installers
Our MSI installer do not currently support the Windows ARM64 platform. You need to use our NSI-based snapshot installers from here. We recommend using the latest installer that matches one of these patterns:
Useful resources
The OpenVPN community project team is proud to release OpenVPN 2.5.0 which is a new major release with many new features.
Source tarball (gzip)
Source tarball (xz)
Source zip
Windows 32-bit MSI installer
Windows 64-bit MSI installer
Overview of changes since OpenVPN 2.4
Faster connections
Crypto specific changes
Server-side improvements
Network-related changes
Linux-specific features
Windows-specific features
Important notices
BF-CBC cipher is no longer the default
Connectivity to some VPN service provider may break
Linux packages are available from
Useful resources
The OpenVPN community project team is proud to release OpenVPN 2.4.11. It fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. The I602 Windows installers fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606). Updated OpenSSL and OpenVPN GUI are included in Windows installers.
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows 7/8/8.1/Server 2012r2 installer (NSIS)
Windows 10/Server 2016/Server 2019 installer (NSIS)
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them.
Please note that OpenVPN 2.4 installers will not work on Windows XP. The last OpenVPN version that supports Windows XP is 2.3.18, which is downloadable as 32-bit and 64-bit versions.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Important: you will need to use the correct installer for your operating system. The Windows 10 installer works on Windows 10 and Windows Server 2016/2019. The Windows 7 installer will work on Windows 7/8/8.1/Server 2012r2. This is because of Microsoft’s driver signing requirements are different for kernel-mode devices drivers, which in our case affects OpenVPN’s tap driver (tap-windows6).
This is primarily a maintenance release with bugfixes and small improvements. Windows installers include the latest OpenSSL version (1.1.1i) which includes security fixes.
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them.
Please note that OpenVPN 2.4 installers will not work on Windows XP. The last OpenVPN version that supports Windows XP is 2.3.18, which is downloadable as 32-bit and 64-bit versions.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Important: you will need to use the correct installer for your operating system. The Windows 10 installer works on Windows 10 and Windows Server 2016/2019. The Windows 7 installer will work on Windows 7/8/8.1/Server 2012r2. This is because of Microsoft’s driver signing requirements are different for kernel-mode devices drivers, which in our case affects OpenVPN’s tap driver (tap-windows6).
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows 7/8/8.1/Server 2012r2 installer (NSIS)
Windows 10/Server 2016/Server 2019 installer (NSIS)
Instructions for verifying the signatures are available here.
This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.
This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810, trac #1272) which allows disrupting service of a freshly connected client that has not yet not negotiated session keys. The vulnerability cannot be used to inject or steal VPN traffic.
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
Please note that OpenVPN 2.4 installers will not work on Windows XP. The last OpenVPN version that supports Windows XP is 2.3.18, which is downloadable as 32-bit and 64-bit versions.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Important: you will need to use the correct installer for your operating system. The Windows 10 installer works on Windows 10 and Windows Server 2016/2019. The Windows 7 installer will work on Windows 7/8/8.1/Server 2012r2. This is because of Microsoft’s driver signing requirements are different for kernel-mode devices drivers, which in our case affects OpenVPN’s tap driver (tap-windows6).
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows 7/8/8.1/Server 2012r2 installer (NSIS)
Windows 10/Server 2016/Server 2019 installer (NSIS)
NOTE: the GPG key used to sign the release files has been changed since OpenVPN 2.4.0. Instructions for verifying the signatures, as well as the new GPG public key are available here.
We also provide static URLs pointing to latest releases to ease automation. For a list of files look here.
This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.
You can use EasyRSA 2 or EasyRSA 3 for generating your own certificate authority. The former is bundled with Windows installers. The latter is a more modern alternative for UNIX-like operating systems.
This is primarily a maintenance release with bugfixes and improvements. The Windows installers (I601) have several improvements compared to the previous release:
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
Please note that OpenVPN 2.4 installers will not work on Windows XP. The last OpenVPN version that supports Windows XP is 2.3.18, which is downloadable as 32-bit and 64-bit versions.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Important: you will need to use the correct installer for your operating system. The Windows 10 installer works on Windows 10 and Windows Server 2016/2019. The Windows 7 installer will work on Windows 7/8/8.1/Server 2012r2. This is because of Microsoft’s driver signing requirements are different for kernel-mode devices drivers, which in our case affects OpenVPN’s tap driver (tap-windows6).
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows 7/8/8.1/Server 2012r2 installer (NSIS)
Windows 10/Server 2016/Server 2019 installer (NSIS)
NOTE: the GPG key used to sign the release files has been changed since OpenVPN 2.4.0. Instructions for verifying the signatures, as well as the new GPG public key are available here.
We also provide static URLs pointing to latest releases to ease automation. For a list of files look here.
This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.
You can use EasyRSA 2 or EasyRSA 3 for generating your own certificate authority. The former is bundled with Windows installers. The latter is a more modern alternative for UNIX-like operating systems.
This is primarily a maintenance release with bugfixes and improvements. One of the big things is enhanced TLS 1.3 support. A summary of the changes is available in Changes.rst, and a full list of changes is available here.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. We are moving to MSI installers in OpenVPN 2.5, but OpenVPN 2.4.x will remain NSIS-only.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
Please note that OpenVPN 2.4 installers will not work on Windows XP. The last OpenVPN version that supports Windows XP is 2.3.18, which is downloadable as 32-bit and 64-bit versions.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Important: you will need to use the correct installer for your operating system. The Windows 10 installer will not work on Windows 7/8/8.1/Server 2012r2. This is because Microsoft’s driver signing requirements and tap-windows6. For the same reason you need to use an older installer with Windows Server 2016. This older installer has a local privilege escalation vulnerability issue which we cannot resolve for Windows Server 2016 until tap-windows6 passes the HLK test suite on that platform. In the meanwhile we recommend Windows Server 2016 users to avoid installing OpenVPN/tap-windows6 driver on hosts where all users can’t be trusted. Users of Windows 7-10 and Server 2012r2 are recommended to update to latest installers as soon as possible.
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows 7/8/8.1/Server 2012r2 installer (NSIS)
Windows 10 installer (NSIS)
Windows Server 2016 installer (NSIS)
NOTE: the GPG key used to sign the release files has been changed since OpenVPN 2.4.0. Instructions for verifying the signatures, as well as the new GPG public key are available here.
We also provide static URLs pointing to latest releases to ease automation. For a list of files look here.
This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.
You can use EasyRSA 2 or EasyRSA 3 for generating your own certificate authority. The former is bundled with Windows installers. The latter is a more modern alternative for UNIX-like operating systems.
This is primarily a maintenance release with minor bugfixes and improvements, and one security relevant fix for the Windows Interactive Service. Windows installer includes updated OpenVPN GUI and OpenSSL. Installer I601 included tap-windows6 driver 9.22.1 which had one security fix and dropped Windows Vista support. However, in installer I602 we had to revert back to tap-windows 9.21.2 due to driver getting reject on freshly installed Windows 10 rev 1607 and later when Secure Boot was enabled. The failure was due to the new, more strict driver signing requirements. The 9.22.1 version of the driver is in the process of getting approved and signed by Microsoft and will be bundled in an upcoming Windows installer.
Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.
Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead.
A summary of the changes is available in Changes.rst, and a full list of changes is available here.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
Please note that OpenVPN 2.4 installers will not work on Windows XP.
If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developha er IRC channel (#openvpn-devel at irc.libera.chat). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.libera.chat).
Source Tarball (gzip)
Source Tarball (xz)
Source Zip
Windows installer (NSIS)
NOTE: the GPG key used to sign the release files has been changed since OpenVPN 2.4.0. Instructions for verifying the signatures, as well as the new GPG public key are available here.
We also provide static URLs pointing to latest releases to ease automation. For a list of files look here.
This release is also available in our own software repositories for Debian and Ubuntu, Supported architectures are i386 and amd64. For details. look here.
You can use EasyRSA 2 or EasyRSA 3 for generating your own certificate authority. The former is bundled with Windows installers. The latter is a more modern alternative for UNIX-like operating systems.