OpenVPN 2.4.0 is out

OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections.

The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and PolarSSL support.

OpenVPN is a major update of the software that features a large number of new features, improvements and changes.

Note: OpenVNP 2.4 is not compatible with Windows XP. The program will not work on the unsupported operating system. Users who run Windows XP can stay on OpenVPN 2.3.14, the last working version that is compatible with Microsoft's Windows XP operating system.

OpenVPN 2.4.0

openvpn 2.4

If you are using OpenVPN already, you can download the latest version from the official website to upgrade it to the latest.

A Windows installer and GUI, as well as source files are provided there. Linux users may update it using their distribution's update manager.

The new OpenVPN 2.4 introduces a large number of new features and improvements to the application. You can read the full -- very technical -- changelog on the OpenVPN tracker site, or browse a smaller list of important changes that found their way in the application here instead.

OpenVPN 2.4 new features

This is a short list of major new features or changes in the new OpenVPN version.

  1. Seamless client IP/port floating
  2. Data channel cipher negotiation
  3. AEAD (GCM) data channel cipher support
  4. ECDH key exchange
  5. Dualstack round-robin DNS client connect
  6. Support for providing IPv6 DNS servers
  7. redirect-gateway ipv6
  8. LZ4 Compression and pushable compression support
  9. Http proxy password inside config file
  10. Authentication tokens
  11. Mac OS X Keychain management client
  12. Android platform support
  13. AIX platform support
  14. Control channel encryption

A couple of features are Windows-specific. First, there is a new interactive Windows service called OpenVPNServiceInteractive that is started automatically on Windows.

openvpn interactive service

Its main purpose is to allow "unprivileged users to start OpenVPN connections in the global config directory" using the gui without extra configuration.

The OpenVPNService service on Windows has been rewritten completely. It is designed for running OpenVPN instances that need to be available at all time (instead of being manually started by a user).

The service can restart crashed OpenVPN processes, and works better on newer versions of the Windows operating system.

Still, the OpenVPN Legacy Service is still installed as well.

OpenVPN 2.4 furthermore ships with a number of deprecated features. This includes --tls-remote, replaced by --verify-x509-name, deprecation of --key-method 1 which will be fully removed in version 2.5, and CRLs are now handled by the crypto library instead of OpenVPN's own implementation.

The document that details the major changes includes a large list of user-visible changes in the end on top of that.  If you work with custom configurations, you may want to check out the list if you run into issues.

Closing Words

OpenVPN is available as a standalone application, but some VPN providers may distribute it as well or offer it as an option to connect to company networks. The update should work fine in most cases, especially on Windows if the GUI version is used.

Now You: Which VPN software are you using?

Summary
Author Rating
5 based on 4 votes
Software Name
OpenVPN
Software Category
Networking
Landing Page
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to OpenVPN 2.4.0 is out

  1. Robert December 28, 2016 at 7:22 am #

    Awesome. The OpenVPN security audit fund raiser has reached it goal too. However fund raising officially ends on January 1st. https://ostif.org/

  2. buck December 28, 2016 at 8:17 am #

    > Which VPN software are you using?

    Currently using OpenVPN 2.3.14 through networkmanager-openvpn applet inLinux.

    Connects to my VPN provider (PIA) flawlessly, and the throughput always maxes out my 20MiB DSL connection.

    This setup is orders of magnitude better than the PIA client I used to run on W8.1, both in terms of raw speed and stability.

    Doesn't have a kill switch, but that is easy to configure using ufw firewall, basically forcing all traffic through tun0.

  3. Dave December 28, 2016 at 4:46 pm #

    Terrible installer. It doesn't stop the old OpenVPN process or service before trying to install the new one.

  4. Dave December 28, 2016 at 4:47 pm #

    ...and it erases your user data. Great.

  5. Robert December 29, 2016 at 6:42 pm #

    I talked to support at BlackVPN and they told me that there has been quite a few changes and new features as Martin reported. They need to rewrite the config files and test them for the new build. I reinstalled the older build and will wait a few days for the new config files from BlackVPN.

  6. Dave January 3, 2017 at 11:35 am #

    Yep, I had to make a few mods to my config files. I had to remove the word "size" from two lines, and I think had to delete a line about TCP packet size or something. It'll do for now until the official profiles appear. I'm sure no-one is monitoring the packet-patterns of my connections anyway (and I'm not using iPlayer anyway - every show on there seems to be packed with propaganda). As far as I can tell, BlackVPN really have no excuse not to get the new config files released this week.

    I bet OpenVPN is a prime candidate for a government backdoor. Have they got a canary statement anywhere?

    Curiously when I use BlackVPN I find many pages, including Facebook, switch to Arabic. I wonder if this is because most users of their servers speak that language. I haven't thought of any other viable reason...

  7. Strider January 4, 2017 at 5:47 am #

    Dave - I too have found some VPNs switching to Arabic. Don't kid yourself, Islam does not seek to integrate into Western civilization.

    AUTHOR: Benjamin Franklin (1706–90)
    QUOTATION: “Well, Doctor, what have we got—a Republic or a Monarchy?”

    “A Republic, if you can keep it.”

Leave a Reply