Credential access
Reads VPN profiles, private keys, certificates, passwords, and auth files.
brew
SSL/TLS VPN implementing OSI layer 2 or 3 secure network extension. Version 2.7.5 via Homebrew; verified 2026-07-02.
agent safety
openvpn controls VPN connectivity and can route agent traffic through private networks.
Reads VPN profiles, private keys, certificates, passwords, and auth files.
Primarily changes network reachability, not application data.
Can expose private network access to downstream tools.
Gate VPN start, config reads, and private-key handling.
Allow config validation; require approval before connecting or reading credential material.
install
brew install openvpnlocal Homebrew formula metadata
sudo apk add openvpnAlpine Linux edge package indexes · openvpn · source: dl-cdn.alpinelinux.org
sudo apt install openvpnDebian stable package indexes · openvpn · source: deb.debian.org
sudo dnf install openvpnFedora Rawhide package metadata · openvpn · source: dl.fedoraproject.org
nix profile install nixpkgs#openvpnnixpkgs package indexes · openvpn · source: raw.githubusercontent.com
sudo pacman -S openvpnArch Linux sync databases · openvpn · source: geo.mirror.pkgbuild.com
sudo zypper install openvpnopenSUSE Tumbleweed package metadata · openvpn · source: download.opensuse.org
choco install openvpnChocolatey community package catalog · openvpn · source: community.chocolatey.org
scoop install extras/openvpnScoop official bucket manifest trees · bucket/openvpn.json · source: api.github.com
winget install --id OpenVPNTechnologies.OpenVPN -eWindows Package Manager source index · OpenVPNTechnologies.OpenVPN · source: cdn.winget.microsoft.com
overview
SSL/TLS VPN implementing OSI layer 2 or 3 secure network extension
history
OpenVPN is a long-running open source VPN implementation built around SSL/TLS, TUN/TAP virtual network interfaces, and a single userspace daemon that can act as client or server. It became one of the default choices for self-hosted and commercial VPN deployments because it crossed operating-system, firewall, NAT, and package-manager boundaries better than many older VPN stacks.
OpenVPN was created by James Yonan and traces its public history to 2001. The project chose a custom VPN protocol using SSL/TLS for key exchange and OpenSSL for cryptography rather than implementing IPsec, PPTP, or L2TP.
OpenVPN 1.x was mainly a point-to-point tool. OpenVPN 2.0 was the major architectural step: the official how-to and manual describe scalable multi-client TCP/UDP server mode, where many clients connect to a single server process and share one TUN or TAP interface.
The 2.x line added features that made OpenVPN practical in mixed networks: certificate-based TLS deployments, username/password authentication hooks, pushed routes and DNS options, management interfaces, plugins and scripts, IPv6 support, Windows service improvements, and continued crypto and platform updates.
OpenVPN spread through Unix and Linux distributions, router firmware, VPN providers, and enterprise remote-access setups because it used ordinary TCP or UDP ports, worked through many NAT and firewall environments, and could be configured with plain text profile files. Package availability across Linux, BSD, macOS, Windows package managers, and router-oriented ecosystems made .ovpn profiles a portable operational artifact.
OpenVPN Inc. built commercial products such as Access Server and OpenVPN Connect around the open source Community Edition while continuing to support the community project. That split gave the protocol a dual life: a free daemon for administrators and a managed product line for organizations.
Operators use OpenVPN to build routed layer-3 VPNs with TUN devices, bridged layer-2 VPNs with TAP devices, site-to-site tunnels, road-warrior remote access, lab networks, router-based VPN clients, and compatibility endpoints for commercial VPN services. A typical deployment combines server and client configuration files, certificates or username/password credentials, route pushes, firewall rules, and system services.
Package users care about the single openvpn executable because it is both the client and the server. That keeps scripting, service supervision, and container use straightforward, while configuration complexity lives in profile files and PKI assets.
OpenVPN is one of the canonical networking packages where packaging is operations: binaries, services, sample configs, plugin paths, systemd or launchd integration, certificate locations, and kernel TUN/TAP support all affect whether the package is usable.
Its long history also makes it a compatibility anchor. Even as WireGuard changed expectations for small VPN codebases, OpenVPN remains important for existing .ovpn profiles, mature server deployments, commercial-provider compatibility, and environments that need TLS-style transport flexibility.
security posture
broad file, network, media, or database tool signal. formula declares a Homebrew service.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/Library/Application Support/OpenVPN~/Library/Application Support/Tunnelblick/Configurations~/.openvpn$XDG_CONFIG_HOME/openvpn~/.config/openvpnCredential-bearing paths to review before unattended agent runs.
~/Library/Application Support/OpenVPN~/Library/Application Support/Tunnelblick/Configurations~/.openvpn$XDG_CONFIG_HOME/openvpn~/.config/openvpnexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
openvpn | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://openvpn.net/community/
install metadata
| Package key | brew:openvpn |
|---|---|
| Version | 2.7.5 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/openvpn |
| Homepage | https://openvpn.net/community/ |
| Repository | https://github.com/OpenVPN/openvpn |
| Upstream docs | https://openvpn.github.io/openvpn |
| License | GPL-2.0-only WITH openvpn-openssl-exception |
| Source archive | https://swupdate.openvpn.net/community/releases/openvpn-2.7.5.tar.gz |
| Last updated | 2026-07-02T16:40:57Z |
| Pulse | updated |
| Dependencies | lz4, lzo, openssl@3, pkcs11-helper |
| Build dependencies | pkgconf |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | openvpn |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
openvpn 2.6.14-1+deb13u1
virtual private network daemon
sudo apt install openvpnopenvpn
nix profile install nixpkgs#openvpnopenvpn 2.6.9-1ubuntu4
virtual private network daemon
sudo apt install openvpnopenvpn 2.7.3-r0
Robust, and highly configurable VPN (Virtual Private Network)
sudo apk add openvpnopenvpn-auth-pam 2.7.3-r0
OpenVPN plugin for PAM authentication
sudo apk add openvpn-auth-pamopenvpn-dev 2.7.3-r0
Robust, and highly configurable VPN (Virtual Private Network) (development files)
sudo apk add openvpn-devopenvpn-doc 2.7.3-r0
Robust, and highly configurable VPN (Virtual Private Network) (documentation)
sudo apk add openvpn-docopenvpn-openrc 2.7.3-r0
Robust, and highly configurable VPN (Virtual Private Network) (OpenRC init scripts)
sudo apk add openvpn-openrcopenvpn 2.7.4-1.fc45
A full-featured TLS VPN solution
https://community.openvpn.net/
sudo dnf install openvpnopenvpn-devel 2.7.4-1.fc45
Development headers and examples for OpenVPN plug-ins
https://community.openvpn.net/
sudo dnf install openvpn-developenvpn 2.7.4-1
An easy-to-use, robust and highly configurable VPN (Virtual Private Network)
https://openvpn.net/index.php/open-source.html
sudo pacman -S openvpnopenvpn 2.6.14-2.3
Full-featured SSL VPN solution using a TUN/TAP Interface
sudo zypper install openvpnopenvpn-auth-pam-plugin 2.6.14-2.3
OpenVPN auth-pam plugin
sudo zypper install openvpn-auth-pam-pluginopenvpn-devel 2.6.14-2.3
OpenVPN plugin header
sudo zypper install openvpn-developenvpn-down-root-plugin 2.6.14-2.3
OpenVPN down-root plugin
sudo zypper install openvpn-down-root-pluginopenvpn
choco install openvpnsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.