Download OpenVPN 2.6.0 Download | TechSpot

Heaven32 Comments
Download OpenVPN 2.6.0 Download | TechSpot

Download Free OpenVPN 2.6.0 Download | TechSpot

OpenVPN is a robust and highly flexible VPN daemon. OpenVPN supports SSL/TLS security, Ethernet bridging, TCP or UDP tunneling through proxies or NAT, support for dynamic IP addresses and DHCP, scalability to hundreds or thousands of users, and portability to most major OS platforms.

OpenVPN is closely tied to the OpenSSL library, and derives much of its crypto capabilities from it.

OpenVPN supports conventional encryption using a pre-shared secret key (Static Key mode) or public key security (SSL/TLS mode) using client and server certificates. OpenVPN also supports unencrypted TCP/UDP tunnels.

Related Downloads:

OpenVPN is designed to work with the TUN/TAP virtual network interface found on most platforms.

Overall, OpenVPN aims to offer many of the key features of IPSec, but with a relatively light footprint.

What can I use OpenVPN for?

  • Tunnel any IP subnet or virtual Ethernet adapter over a single UDP or TCP port,
  • Set up a scalable, load-balanced VPN server farm using one or more machines that can handle thousands of dynamic connections from incoming VPN clients,
  • Use all the encryption, authentication and certification functions of the OpenSSL library to protect your private network traffic as it passes through the Internet,
  • Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
  • Choose between static key-based conventional encryption or certificate-based public key encryption,
  • Use static pre-shared keys or TLS-based dynamic key exchange,
  • Use adaptive link compression and real-time traffic shaping to manage link bandwidth utilization,
  • Tunnel networks whose public endpoints are dynamic, such as DHCP or dial-up clients,
  • Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
  • Tunnel network over NAT,
  • Create secure Ethernet bridges using virtual push devices, and
  • Control OpenVPN using a GUI on Windows or Mac OS X.

How do I set up OpenVPN?

  • Download OpenVPN for your operating system
  • Run the download file to install the client on your computer
  • Enter OpenVPN server url or drag and drop configuration file (you can try VPNBook)

What is the difference between OpenVPN and OpenVPN Connect?

OpenVPN is open source, completely free and supported by the community. OpenVPN Connect is the commercial implementation of OpenVPN. OpenVPN Connect has a free version, but this version is limited to two connections. Both have a similar GUI.

Is OpenVPN free?

Yes, OpenVPN is free and open source. It requires some configuration, but in the end it does not cost the user.

What is new

New features and improvements in 2.6.0 compared to 2.5.8:

  • Data Channel Offload (DCO) kernel acceleration support for Windows, Linux and FreeBSD.
  • OpenSSL 3 support.
  • Improved handling of tunnel MTU, including support for pushable MTU.
  • Outdated cryptographic algorithms are disabled by default, but there are options to override if necessary.
  • Reworked TLS handshake, making OpenVPN immune to replay packet state exhaustion attacks.
  • Added –peer-fingerprint mode for a more simplified certificate setup and verification.
  • Added Pre-Logon Access Provider support to the OpenVPN GUI for Windows.
  • Improved protocol negotiation, leading to faster connection setup.
  • Including openvpn-gui updated to 11.36.0.0. See CHANGES.first.
  • Updated easy-rsa3 along with the installer on Windows.
  • Various bug fixes.

Previous release notes

The OpenVPN community project team is proud to release OpenVPN 2.5.7. This is mostly a bugfix release, but adds limited support for OpenSSL 3.0. Full support will come in OpenVPN 2.6. Android version updated to 0.7.38.

Faster connections

  • Setting up connections is now much faster

Crypto-specific changes

  • ChaCha20-Poly1305 cipher in the OpenVPN data channel (requires OpenSSL 1.1.0 or later)
  • Improved TLS 1.3 support when using OpenSSL 1.1.1 or later
  • Client-specific tls-crypt keys (–tls-crypt-v2)
  • Improved data channel cipher negotiation
  • Removal of BF-CBC support in default configuration (see below for possible incompatibilities)

Server-side improvements

  • HMAC-based auth token support for seamless connection to standalone servers or a group of servers.
  • Support for asynchronous (deferred) authentication for auth-pam plugin
  • Asynchronous (deferred) support for client connection scripts and plugins

Network-related changes

  • Support IPv4 configurations with /31 netmasks now
  • 802.1q VLAN support on TAP servers
  • IPv6 tunnels only
  • New option –block-ipv6 to reject all IPv6 packets (ICMPv6)

Linux-specific features

  • VRF support
  • Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)

Windows-specific features

  • Wintun driver support, a faster alternative to tap-windows6
  • Tun/tap interface MTU setting
  • Setting the DHCP search domain
  • Allow unicode search string in –cryptoapicert option
  • EasyRSA3, a modern version of OpenVPN CA management
  • MSI installer

Important notes

BF-CBC cipher is no longer standard

Cipher handling for the data channel cipher has been significantly changed between OpenVPN 2.3/2.4 and v2.5, notably there is no “default cipher BF-CBC” anymore because it is no longer considered a reasonable standard. BF-CBC is still available, but it must be explicitly configured now.

For connections between OpenVPN 2.4 and v2.5 clients and servers, both ends will be able to negotiate a better cipher than BF-CBC. By default they will choose one of the AES-GCM ciphers, but this can be influenced by using the –data-ciphers option.

Connections between OpenVPN 2.3 and v2.5 that have no –digit setting in the configuration (= defaults to BF-CBC and is not negotiable) need to be updated. Unless BF-CBC is included in –data-ciphers or there is a “–cipher BF-CBC” in the OpenVPN 2.5 configuration, a v2.5 client or server will refuse to talk to a v2.3- server or client, because it has no common data channel cipher, and it is not possible to negotiate a cipher. In general, we recommend upgrading such setups to OpenVPN 2.4 or v2.5. If upgrading is not possible, we recommend adding data cipher AES-256-GCM:AES-128-GCM:AES-128-CBC (for v2.5+) or cipher AES-128-CBC (v2.4.x and older) ) to the configuration of all clients and servers.

If you really need to use an unsupported OpenVPN 2.3 (or even older) release and need to stay on BF-CBC (not recommended), the OpenVPN 2.5 based client will need a configuration file change to re-enable BF-CBC. But be warned that BF-CBC and other related weak ciphers will be removed in upcoming OpenVPN major releases.

For full details, see the “Data Channel Cipher Negotiation” section on the man page.

Connection to some VPN service providers may break

Connect with an OpenVPN 2.5 client to at least one commercial VPN service that

implemented its own cipher negotiation method which always reports back that it is using BF-CBC until the client is broken in v2.5. This has always caused inconsistency warning. We have been in contact with some service providers and they are looking into it. This is not something the OpenVPN community can fix. If your commercial VPN does not work with a v2.5 client, complain to the VPN service provider.

More details about these new features as well as a list of deprecated features and user-visible changes are available in Changes.rst.

Linux packages are available from: