The new stable version of OpenVPN 2.7 is now available for download, marking a significant update for one of the most widely-used VPN protocols. This release is seen as a direct response to faster competitors like WireGuard, aiming to close the performance gap while simultaneously strengthening connection security.
Key new features in OpenVPN 2.7 include:
- Multi-Socket Server Support: Servers can now manage multiple IP addresses, ports, and protocols within a single instance, eliminating the need to run several separate processes.
- Enhanced DNS Management: Introduces split DNS and DNSSEC support, particularly with a new Windows client implementation, adding flexibility and security to DNS handling.
- Major Performance Boost with DCO: Data Channel Offload (DCO) support arrives for both Windows and Linux. On Windows, the new default win-dco driver reportedly delivers speed improvements of up to 300% compared to previous versions, pushing throughput from around 150Mbps to approximately 450Mbps in benchmarks.
- Strengthened Encryption: Implements automatic key rotation for AES-GCM ("epoch" model) to enforce cryptographic limits, preventing keys from being overused and forcing renegotiation. This enhances the security of the data channel. TLS 1.3 support is also included.
- Platform-Specific Improvements:
- Windows: The win-dco driver is now the default, block-local uses Windows Filtering Platform (WFP), network adapters are generated on-demand, and the automatic service runs with lower privileges.
- Linux: Gains compatibility with the new ovpn DCO kernel module for improved speed.
- General: Provides default client implementation examples for Linux, BSD, and macOS to simplify setup.
In summary, OpenVPN 2.7 represents a substantial step forward, modernizing the protocol with architectural changes and new features designed to deliver much higher performance and more robust security across all major operating systems.
Tags:
OpenVPN