OpenVPN 2.4.0 is out

OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections.

The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and PolarSSL support.

OpenVPN is a major update of the software that features a large number of new features, improvements and changes.

Note: OpenVNP 2.4 is not compatible with Windows XP. The program will not work on the unsupported operating system. Users who run Windows XP can stay on OpenVPN 2.3.14, the last working version that is compatible with Microsoft's Windows XP operating system.

OpenVPN 2.4.0

If you are using OpenVPN already, you can download the latest version from the official website to upgrade it to the latest.

A Windows installer and GUI, as well as source files are provided there. Linux users may update it using their distribution's update manager.

The new OpenVPN 2.4 introduces a large number of new features and improvements to the application. You can read the full -- very technical -- changelog on the OpenVPN tracker site, or browse a smaller list of important changes that found their way in the application here instead.

OpenVPN 2.4 new features

This is a short list of major new features or changes in the new OpenVPN version.

1. Seamless client IP/port floating
2. Data channel cipher negotiation
3. AEAD (GCM) data channel cipher support
4. ECDH key exchange
5. Dualstack round-robin DNS client connect
6. Support for providing IPv6 DNS servers
7. redirect-gateway ipv6
8. LZ4 Compression and pushable compression support
9. Http proxy password inside config file
10. Authentication tokens
11. Mac OS X Keychain management client
12. Android platform support
13. AIX platform support
14. Control channel encryption

A couple of features are Windows-specific. First, there is a new interactive Windows service called OpenVPNServiceInteractive that is started automatically on Windows.

Its main purpose is to allow "unprivileged users to start OpenVPN connections in the global config directory" using the gui without extra configuration.

The OpenVPNService service on Windows has been rewritten completely. It is designed for running OpenVPN instances that need to be available at all time (instead of being manually started by a user).

The service can restart crashed OpenVPN processes, and works better on newer versions of the Windows operating system.

Still, the OpenVPN Legacy Service is still installed as well.

OpenVPN 2.4 furthermore ships with a number of deprecated features. This includes --tls-remote, replaced by --verify-x509-name, deprecation of --key-method 1 which will be fully removed in version 2.5, and CRLs are now handled by the crypto library instead of OpenVPN's own implementation.

The document that details the major changes includes a large list of user-visible changes in the end on top of that.  If you work with custom configurations, you may want to check out the list if you run into issues.

Closing Words

OpenVPN is available as a standalone application, but some VPN providers may distribute it as well or offer it as an option to connect to company networks. The update should work fine in most cases, especially on Windows if the GUI version is used.

Now You: Which VPN software are you using?