Guide to install OpenVPN for Windows


Graphical User Interface
Delete the IPv6 route to the "connected" network on tun close Management: Source code for both tap-windows drivers is available on GitHub. Win32 implementation using GetBestRoute2 Remove support for snappy compression. Remove NOP code sections in ssl. Rebase compat-lz4 against upstream v1. After successful connection, the status window will be hidden, but can be viewed from the context menu if desired. Remove http-proxy-timeout, socks timeout and set default of server-poll-timeout to s Add documentation for http-proxy-user-pass option Remove http-proxy-retry and socks-proxy-retry.


Overview of changes in OpenVPN v2.4

To do something useful with the GUI, you need to interact with it by right-clicking to bring up the context menu. When this user does not have administrative rights or has rights limited through UAC it will most likely fail to correctly start the VPN as routes and addressing cannot be changed by unprivileged users. If the user lacks admin rights, it will be necessary to "Run As Once started in this fashion, further interaction via the tray icon will be run in the context of the elevated user.

If you do not place any config files here, the context menu in the GUI will not allow you to connect anywhere since it has nowhere to connect to. Note that this icon can be hidden when marked "inactive" by the OS, so check the expanding arrows to the left of the system tray if it's started but not shown. Right-clicking on the icon will pull up the context menu.

This menu will allow you to connect any of the config files placed as explained above. Note that you must name these files with the. Windows has a bad habit of hiding "known" file extensions, so be careful not to name a config file something like Sample. Once you have created a config file, going into the context menu and selecting the "Connect" entry will start openvpn on that config file. A status window will open up showing the log output while the connection attempt is in progress see first screenshot below.

After successful connection, the status window will be hidden, but can be viewed from the context menu if desired. Once connected, the context menu will allow that VPN to be disconnected; select that option to terminate the active connection. Developers interested in source code for referenced, modification, or building can find it at the links below. Normal users will not need this. Instructions for building the GUI are available here.

Added script for updating copyright years in files Update copyrights docs: Update build parameters to match openvpn-install Further improve systemd unit file updates systemd: Mainatiner update on C99 dev-tools: Refactor setting close-on-exec for socket FDs Lev Stipakov 2: Arm inotify only in server mode Add "async push" feature to Changes. Correctly state the default dhcp server address in man page Unhide a line in man page by fixing a typo Steffan Karger 4: Fix and cleanup crypto flags in combination with NCP Deprecate --no-iv man: Add 24x24 and 20x20 versions of each icon.

Fix windows path in Changes. Mention that OpenVPN 2. Update Norwegian translations ValdikSS 2: Remove remaining traces of compat-stdbool. Update version-info resource ValdikSS 2: Remove NOP code sections in ssl. Add --auth-gen-token option auth-gen-token: Generate an auth-token per client auth-gen-token: Push generated auth-tokens to the client auth-gen-token: Authenticate generated auth-tokens when client re-authenticates Fix builds with --disable-crypto man: Improve the --keepalive section console: Fix compiler warning systemd: Improve the systemd unit files tun: Fix compiler warnings file checks: Fix weird commit error causing a double assignment options: Support --block-outside-dns on multiple tunnels Unbreak windows build Steffan Karger Adriaan de Jong 2: Fixed a bug where PolarSSL gave an error when using an inline file tag.

Fix --show-pkcsids Bug Alexander Pyhalov 1: Fix some typos in the man page. Do not upcase xusername-field for mixed-case arguments.

Otherwise print an empty string. Remove stray mention of script-security system. Add reporting of UI version to basic push-peer-info set. Format the message to be more like the other deprecated options Fix connecting to localhost on Android Move the initialization of the environment to the top so c2.

Add gateway and device to android control messages Clean up of socket code. Do not install a host route for the VPN on Android Fix commit c67aceadc9eef5b9ff14ede Do not set the buffer size by default but rely on the operation system default. Remove http-proxy-timeout, socks timeout and set default of server-poll-timeout to s Add documentation for http-proxy-user-pass option Remove http-proxy-retry and socks-proxy-retry.

Update android documentation to match source code Use AES ciphers in our sample configuration files and add a few modern 2. Instead assume that IPv6 is always supported. Log serial number of revoked certificate Christian Hesse 1: Adjust server-ipv6 documentation Cristian Rodriguez 1: Use systemd functions to consider systemd availability systemd: Reworked the systemd unit file to handle server and client configs better autotools: Replaced system calls with execve down-root: Improve error messages plugin, down-root: Fix compiler warnings sockets: Remove the limitation of --tcp-nodelay to be server-only plugins, down-root: Improve detection if the OpenVPN process did start during tests Rework the user input interface to make it more modular Re-implement the systemd support using the new query user API systemd: Provide more accurate warning message Document authfile for socks server Dmitrij Tejblum 1: Add lz4 support to MSVC.

Implement --mssfix handling for IPv6 packets. IPv6 to match what is in 2. Fix usage of 'compression Make push-peer-info visible in "normal" per-instance environment. Fix problem with UDP tunneling due to mishandled pktinfo structures. Improve documentation and help text for --route-ipv6. Fix argument type warning introduced by http extra proxy header patch. Document "lz4" argument to "compress" config option. Make code and documentation for --remote-random-hostname consistent.

Rewrite manpage section about --multihome More IPv6-related updates to the openvpn man page. New approach to handle peer-id related changes to link-mtu. Correct note about DNS randomization in openvpn. Produce a meaningful error message if --daemon gets in the way of asking for passwords.

Document --daemon changes and consequences --askpass, --auth-nocache. Win32 implementation using GetBestRoute2 Remove support for snappy compression. Fix library order in -lmbedtls test. Implement push-remove option to selectively remove pushed options. Upgrade bundled compat-lz4 to upstream release r Fix problems with NCP and --inetd.

Fix --redirect-private in --dev tap mode. Fix display of plugin hook types Support UTF-8 --client-config-dir close more file descriptors on exec Ignore UTF-8 byte order mark reintroduce --no-name-remapping option make --tls-remote compatible with pre 2.

Del ipv6 addr on close of linux tun interface Hubert Kario 2: Fix --askpass not allowing for password input via stdin James Yonan Added support for the Snappy compression algorithm Always push basic set of peer info values to server.

TLS version negotiation Added "setenv opt" directive prefix. If present, and if the directive that follows is recognized, it will be processed as if the "setenv opt" prefix was absent. If present and if the directive that follows is not recognized, the directive will be ignored rather than cause a fatal error.

Use native strtoull with MSVC Bind to local socket before dropping privileges Jan Just Keijser 6: Fix spurious ignoring of pushed config options trac

OpenVPN 2.4.6

OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN One of major features is the ability to run OpenVPN GUI without administrator privileges. OpenVPN GUI is a graphical front-end application for OpenVPN on Windows. It gives you an icon in the system tray from which you can control OpenVPN. OpenVPN - The Open Source VPN. © OpenVPN Inc. OpenVPN is a registered trademark of OpenVPN Inc.