Download OpenVPN 2.6.10

OpenVPN is a robust and easy-to-setup open source VPN daemon that allows several private networks to be linked together via an encrypted tunnel over the Internet. The OpenSSL library is used for security, which can handle all encryption, authentication and certification. The developers have released version 2.6.10 and the changelog for that release can be found below.

Security fixes

• CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation.
• CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers.
• CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.

Bug fixes

• Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: #522)
• Compression: minor bug fix in checking option consistency vs. compiled-in algorithm support
• systemd unit files: remove obsolete syslog.target

User visible changes

• Update copyright notices until 2024

New features

• t_client.sh can now run pre-tests and skip a test block if needed (eg skip NTLM proxy tests if SSL library does not support MD4)

Documentation

• Remove license warnings about mbedTLS linking (README.mbedtls)
• Update documentation references in systemd unit files
• Sample config files: remove obsolete tls-*.conf files
• Document that auth-user-pass may be inlined