55views
Two years after the 2.6 series, OpenVPN 2.7 has been officially released, introducing significant enhancements to the widely used user-space VPN solution for creating encrypted tunnels over IP networks.
The standout feature in this release is multi-socket server support. A single OpenVPN server instance can now handle multiple IP addresses, ports, and protocols simultaneously — eliminating the need to run multiple server processes for complex deployments.
Client-side DNS handling has also been improved. Updated client implementations for Linux, BSD, and macOS are now included by default. On Windows, the new client adds support for split DNS and DNSSEC. Additionally, servers can now push configuration changes dynamically using the new PUSH_UPDATE control-channel message, allowing routing and DNS updates without forcing clients to reconnect.
On Windows, several architectural improvements have been introduced. The block-local flag is now enforced using Windows Filtering Platform (WFP) filters. Network adapters are created on demand, and the automatic service runs under an unprivileged user account for improved security. Server mode support has been added to the win-dco driver, which now replaces the removed wintun driver as the default (with tap-windows6 available as a fallback).
Security and performance enhancements extend to the data channel. OpenVPN 2.7 enforces AES-GCM usage limits and introduces epoch data keys with a revised packet format. On Windows, epoch data channel support requires win-dco 2.8.0 or newer.
For Linux users, OpenVPN 2.7 adds support for the new upstream ovpn DCO kernel module, expected to be integrated into future Linux kernel releases. Backported versions are available through the ovpn-backports project. TLS support has also been expanded to include mbedTLS 4 and newer TLS 1.3 implementations.
Routing validation has been refined as well. The improved recursive routing check now drops tunnel packets only when the destination IP, protocol, and port match those required to reach the VPN server, reducing false positives.
Other changes include two new environment variables for communicating default gateway redirection preferences to plugins such as NetworkManager, along with updated Windows installer licensing details moved to a separate repository.
OpenVPNFor a complete breakdown of updates and technical details, refer to the official changelog.
add a comment
Checkmate: Your Open-Source Infrastructure Monitoring Solution
Checkmate is a comprehensive monitoring platform designed to track and monitor server hardware, uptime, response times, and incidents in real-time....
IPFire Introduces Community-Driven DBL for Domain Blocking
IPFire has introduced IPFire DBL (Domain Blocklist), a new community-driven filtering platform designed to give administrators greater control over network...
GNOME 48.9 Released as Stable Bugfix Update for GNOME 48
The GNOME Project has announced the release of GNOME 48.9, a maintenance update for the older GNOME 48 desktop series,...
Parrot OS 7.1 Released with Linux kernel 6.17
Parrot OS 7.1 Released with Key Fixes and New Features Parrot OS, the Debian-based Linux distribution built for ethical hackers...
