Security Updates:
OpenVPN 2.5 Changes:
- Connections setup is now much faster
- ChaCha20-Poly1305 cipher in the OpenVPN data channel
- Client-specific tls-crypt keys
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- HMAC based auth-token support for seamless reconnects to standalone servers or a group of servers.
- Asynchronous (deferred) authentication support for auth-pam plugin
- Asynchronous (deferred) support for client-connect scripts and plugins
- Support IPv4 configs with /31 netmasks now
- 802.1q VLAN support on TAP servers
- IPv6-only tunnels
- New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
- VRF support
- Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)
Complete release notes available here