Tweet
Release: OpenVPN version 2.6.14
The OpenVPN community project team is proud to release OpenVPN 2.6.12. This is a bugfix release.
- For details see Changes.rst
- CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets. To trigger the bug, a valid tls-crypt-v2 client key is needed, or network observation of a handshake with a valid tls-crypt-v2 client key. No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients. (Bug found by internal QA at OpenVPN Inc)
- Linux DCO: repair source IP selection for --multihome (Qingfang Deng)
- Built against OpenSSL 3.4.1
- Included openvpn-gui updated to 11.52.0.0
- Use correct %TEMP% directory for debug log file.
- Disable config in menu listing if its ovpn file becomes inaccessible (github openvpn-gui#729)
- Documentation
- Community wiki
- Report issues
- User mailing list
- Easy RSA 3 HOWTO
- User IRC channel: openvpn at irc.libera.chat