github OpenVPN/openvpn v2.6.20

latest release: v2.7.2
5 hours ago

Security fixes:

  • CVE-2026-40215: fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
  • CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key

Bugfixes:

  • management: stop periodic bytecount output on mgmt client disconnection
  • FreeBSD: make DCO work on systems with no IPv4 support
  • FreeBSD: fix compilation with --enable-async-push on FreeBSD 15
  • Linux: make DCO work on big endian architectures (MIPS, PowerPC)
  • Windows: fix deinstallation progress bar on adapter deletion.
  • Linux: fix problem with DCO kernel notifications getting lost, leading
    to overcounting of number of connected clients and general confusion
    between kernel and userland regarding peer status (Github #900, #918,
    #931, #919, #945) - this is a backport of the fixes in 2.7 plus the
    infrastructural changes around DCO needed to support it.

For details see Changes.rst

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: v2.6.19...v2.6.20

Don't miss a new openvpn release

NewReleases is sending notifications on new releases.