Chocolatey Community Coffee Break

Join the Chocolatey Team on our regular monthly stream where we discuss all things Community, what we do, how you can get involved and answer your Chocolatey questions.

Learn More

Chocolatey Product Spotlight

Join the Chocolatey Team on our regular monthly stream where we put a spotlight on the most recent Chocolatey product releases. You'll have a chance to have your questions answered in a live Ask Me Anything format.

Learn More

Announcing Chocolatey Central Management 0.10.0

Livestream from
Thursday, 06 October 2022

We recently released our largest update to Chocolatey Central Management so far. Join Gary and Steph to find out more about Chocolatey Central Management and the new features and fixes we've added to this release.

Watch On-Demand
Chocolatey and Intune Overview

Webinar Replay from
Wednesday, 30 March 2022

At Chocolatey Software we strive for simple, and teaching others. Let us teach you just how simple it could be to keep your 3rd party applications updated across your devices, all with Intune!

Watch On-Demand
Chocolatey For Business. In Azure. In One Click.

Livestream from
Thursday, 9 June 2022

Join James and Josh to show you how you can get the Chocolatey For Business recommended infrastructure and workflow, created, in Azure, in around 20 minutes.

Watch On-Demand
The Future of Chocolatey CLI

Livestream from
Thursday, 04 August 2022

Join Paul and Gary to hear more about the plans for the Chocolatey CLI in the not so distant future. We'll talk about some cool new features, long term asks from Customers and Community and how you can get involved!

Watch On-Demand
Hacktoberfest Tuesdays 2022

Livestreams from
October 2022

For Hacktoberfest, Chocolatey ran a livestream every Tuesday! Re-watch Cory, James, Gary, and Rain as they share knowledge on how to contribute to open-source projects such as Chocolatey CLI.

Watch On-Demand
Chocolatey Product Spotlight: Chocolatey 1.2.0 and Chocolatey Licensed Extension 5.0.0

Livestream from
Thursday, 03 November 2022

Join Paul and Gary for this months Chocolatey product livestream where we look at the latest release of Chocolatey 1.2.0, Chocolatey Licensed Extension 5.0.0 and shine a spotlight on the new hook scripts functionality. This opens up so many possibilities for Chocolatey CLI users!

Watch On-Demand
Chocolatey Coding Livestream

Livestream from
Tuesday, 29 November 2022

Join Josh as he adds the ability to manage Chocolatey GUI config and features with the Chocolatey Ansible Collection.

Watch On-Demand
Introduction into Chocolatey with Veeam

Webinar from
Tuesday, 13 December 2022

Join Gary, Paul, and Maurice as they introduce and demonstrate how to use Chocolatey! Questions will be answered live in an Ask Me Anything format.

Watch On-Demand



Downloads of v


Last Update:

20 Nov 2016

Package Maintainer(s):

Software Author(s):

  • OpenVPN Technologies
  • Inc


openvpn community tunnel ssl admin

OpenVPN Community

This is not the latest version of OpenVPN Community available.

  • 1
  • 2
  • 3 | Updated: 20 Nov 2016



Downloads of v



Software Author(s):

  • OpenVPN Technologies
  • Inc

OpenVPN Community

This is not the latest version of OpenVPN Community available.

  • 1
  • 2
  • 3

Some Checks Have Failed or Are Not Yet Complete

Not All Tests Have Passed

Validation Testing Passed

Verification Testing Passed


Scan Testing Resulted in Flagged:

This package was submitted (and approved) prior to automated virus scanning integration into the package moderation processs.

We recommend clicking the "Details" link to make your own decision on installing this package.

Learn More

Deployment Method: Individual Install, Upgrade, & Uninstall

To install OpenVPN Community, run the following command from the command line or from PowerShell:


To upgrade OpenVPN Community, run the following command from the command line or from PowerShell:


To uninstall OpenVPN Community, run the following command from the command line or from PowerShell:


Deployment Method:


This applies to both open source and commercial editions of Chocolatey.

1. Enter Your Internal Repository Url

(this should look similar to

2. Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Copy Your Script

choco upgrade openvpn -y --source="'INTERNAL REPO URL'" --version="''" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:

choco upgrade openvpn -y --source="'INTERNAL REPO URL'" --version="''" 

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0

Exit $exitCode

- name: Install openvpn
    name: openvpn
    version: ''
    state: present

See docs at

chocolatey_package 'openvpn' do
  action    :install
  source   'INTERNAL REPO URL'
  version  ''

See docs at

cChocoPackageInstaller openvpn
    Name     = "openvpn"
    Version  = ""
    Source   = "INTERNAL REPO URL"

Requires cChoco DSC Resource. See docs at

package { 'openvpn':
  ensure   => '',
  provider => 'chocolatey',
  source   => 'INTERNAL REPO URL',

Requires Puppet Chocolatey Provider module. See docs at

4. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.


Private CDN cached downloads available for licensed customers. Never experience 404 breakages again! Learn more...

Package Approved

This package was approved by moderator flcdrg on 26 Nov 2016.


OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

This package will be installed with the following options:
* /SELECT_OPENVPN=1 : Install OpenVPN user-space components, including openvpn.exe
* /SELECT_SERVICE=1 : Install the OpenVPN service wrappers
* /SELECT_INTERACTIVE_SERVICE=1 : Install the OpenVPN Interactive Service (allows running OpenVPN-GUI without admin privileges)
* /SELECT_TAP=1 : Install/upgrade the TAP virtual device driver
* /SELECT_OPENVPNGUI=1 : Install OpenVPN GUI by Mathias Sundman
* /SELECT_ASSOCIATIONS=1 : Register OpenVPN config file association (*.ovpn)
* /SELECT_OPENSSL_UTILITIES=0 : Install the OpenSSL Utilities (used for generating public/private key pairs)
* /SELECT_EASYRSA=1 : Install OpenVPN RSA scripts for X509 certificate management
* /SELECT_PATH=1 : Add OpenVPN executable directory to the current user's PATH
* /SELECT_SHORTCUTS=1 : Add OpenVPN shortcuts to the current user's Start Menu
* /SELECT_OPENSSLDLLS=1 : Install OpenSSL DLLs locally (may be omitted if DLLs are already installed globally)
* /SELECT_LZODLLS=1 : Install LZO DLLs locally (may be omitted if DLLs are already installed globally)
* /SELECT_PKCS11DLLS=1 : Install PKCS#11 helper DLLs locally (may be omitted if DLLs are already installed globally)

The only difference with the default package configuration is the EASYRSA option enabled while the default install disables it.

$packageName = 'openvpn'
$toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$fileType = 'exe'
$url = ''
$url64 = ''
# For a list of all silent arguments used
# For their description
$silentArgs = '/S /SELECT_EASYRSA=1'
$validExitCodes = @(0)
$checksum = '182c7d906a9fc081080dc3b4459e3ec867681e6cb645a75d2ebe04d1d06ed14605622c4f34ef4d352bbdf68d81b06e2de634bed75cdb7d939e7f2cdd7973d986'
$pgpKey = "samuli_public_key.asc"
$urlSig = ''
$urlSig64 = ''
$checksumSig = '8857ea92983a69cd31e2df6342e01231b3e934129056d33564e3cef0ddd3c2dc35bd0ecb52dfe4649a2df2421ad68b1d437eb7a21ad1a800993ae598b2f1372a'
$checksumSig64 = 'dc4ec34b30d8924dfd51975f72f12ee36d7b2bdb3c80a8b8916045d63823ac6ad5833b1f543096296b2d07c4c659ff28811a2328936d11aa1b072856975465bf'

# This function is based on part of the code of the command
# Install-ChocolateyPackage
# src.:
function GetTemporaryDirectory {

    $chocTempDir = $env:TEMP
    $tempDir = Join-Path $chocTempDir "$($env:chocolateyPackageName)"
    if ($env:chocolateyPackageVersion -ne $null) {
        $tempDir = Join-Path $tempDir "$($env:chocolateyPackageVersion)"
    $tempDir = $tempDir -replace '\\chocolatey\\chocolatey\\', '\chocolatey\'

    if (![System.IO.Directory]::Exists($tempDir)) {
        [System.IO.Directory]::CreateDirectory($tempDir) | Out-Null

    return $tempDir

Write-Host "Downloading package installer..."
$packageFileName = Get-ChocolateyWebFile `
    -PackageName $packageName `
    -FileFullPath $(Join-Path $(GetTemporaryDirectory) "$($packageName)Install.$fileType")`
    -Url $url `
    -Url64bit $url64 `
    -Checksum $checksum `
    -ChecksumType 'sha512' `
    -Checksum64 $checksum64 `
    -ChecksumType64 'sha512'

# Download signature and saving it as the original name
# The GPG signature needs to have the same filename as the file checked but
# with the .asc suffix, otherwise gpg reports it cannot verify the file with
# the following message:
# gpg: no signed data
# gpg: can't hash datafile: No data
Write-Host "Downloading package signature..."
$sigFileName = Get-ChocolateyWebFile `
    -PackageName $packageName `
    -FileFullPath $(Join-Path $(GetTemporaryDirectory) "$($packageName)Install.$fileType.asc")`
    -Url $urlSig `
    -Url64bit $urlSig64 `
    -Checksum $checksumSig `
    -ChecksumType 'sha512' `
    -Checksum64 $checksumSig64 `
    -ChecksumType64 'sha512'

# If GPG has been just added, need to refresh to access to it from this session

if (!(Get-Command "gpg.exe" -ErrorAction SilentlyContinue)) {
    throw "Cannot find 'gpg.exe'. Unable to check signatures."

if (!(Test-Path "$toolsDir\$pgpKey")) {
    throw "Cannot find the PGP key '$pgpKey'. Unable to check signatures."

Write-Host "Importing '$pgpKey' in GPG trusted keyring..."
# Simply invoing the command gpg.exe and checking the value of $? was not
# enough. Using the following method worked and was indeed more reliable.
# src.:
$ReturnFromEXE = Start-Process `
    -FilePath "gpg.exe" `
    -ArgumentList "--import $toolsDir\$pgpKey" `
    -NoNewWindow -Wait -Passthru
if (!($ReturnFromEXE.ExitCode -eq 0)) {
    throw "Unable to import PGP key '$pgpKey'. Unable to check signatures."

Write-Host "Trusting '$pgpKey'..."
# src.:
$psi = New-object System.Diagnostics.ProcessStartInfo
$psi.CreateNoWindow = $true
$psi.UseShellExecute = $false
$psi.RedirectStandardOutput = $true
$psi.RedirectStandardError = $true
$psi.FileName = 'gpg.exe'
$psi.Arguments = @("--with-fingerprint --with-colons $toolsDir\$pgpKey")
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $psi
# The [void] casting is actually needed to avoid True or False to be displayed
# on stdout.
# Get the full fingerprint of the key
$pgpFingerprint = $process.StandardOutput.ReadToEnd()

# Parse output
$pgpFingerprint = $pgpFingerprint -split ':'
$pgpFingerprint = $pgpFingerprint[18]

$psi = New-object System.Diagnostics.ProcessStartInfo
$psi.CreateNoWindow = $true
$psi.UseShellExecute = $false
$psi.RedirectStandardInput = $true
$psi.FileName = 'gpg.exe'
$psi.Arguments = @("--import-ownertrust")
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $psi

# Specify the fingerprint and the trust level to stdin
# e.g.: ABCDEF01234567890ABCDEF01234567890ABCDEF:6:
$input = $process.StandardInput

# Even if the number 6 corresponds to the level 5 (ultimate trust) which is
# usually dedicated to our own keys. Using the number 5 corresponding to the
# level 4 (trully trust) is not enough for this case. Checking a signature
# requires an ultimate trust in the key.
$input.WriteLine($pgpFingerprint + ":6:")
# Not written until the stream is closed. If not closed, the process will still
# run and the software will hang.
# src.:

Write-Host "Checking PGP signatures..."
# Surrounding $sigFileName by 2 double quotes is needed, otherwise of the user
# folder has a space in it, the space is not taken into account and gpg cannot
# find the signed data to verify.
$ReturnFromEXE = Start-Process `
    -FilePath "gpg.exe" `
    -ArgumentList "--verify ""$sigFileName"" ""$packageFileName""" `
    -NoNewWindow -Wait -Passthru
if (!($ReturnFromEXE.ExitCode -eq 0)) {
    throw "The OpenVPN installer signature does not match. Installation aborted."

Write-Host "Untrusting and removing '$pgpKey'..."
$ReturnFromEXE = Start-Process `
    -FilePath "gpg.exe" `
    -ArgumentList "--batch --yes --delete-keys ""$pgpFingerprint""" `
    -NoNewWindow -Wait -Passthru
if (!($ReturnFromEXE.ExitCode -eq 0)) {
    Write-Warning "The OpenVPN installer signature cannot be removed after it has been trusted. Manual intervention required."

# The setup to install a driver for the virtual network device TAP asks us if
# we want to trust the certificate from OpenVPN Technologies, Inc. In order to
# have a complete silent install, we will add that certificate to the Windows
# keystore.
# In order to get that certificate, we had to
# - install the driver accepting the certificate,
# - tick the checkbox "Always trust software from "OpenVPN Technologies, Inc.""
#   which has the effect to consider OpenVPN as a trusted publisher
# - then run certmgr.msc,
# - expand "Certificates (Local Computer) –> Trusted Publishers –> Certificates",
# - right click the OpenVPN Technologies certificate
# - select "All Tasks –> Export..."
# - click Next
# - select Base64 encoded x.509 (.CER) and click Next
# - click Browse, navigate to the location you wish to save the certificate and click Next
# - click Finish
# - click OK
# The certificate is now in the location specified.
# src.:
# Next time we install the software, even if we remove that certificate,
# Windows will not ask us to confirm the installation as the driver is cached
# in the Drivers Store (C:\Windows\Inf). To simulate a first install we need to
# remove the cached drivers as well.
# src.:
Write-Host "Adding OpenVPN certificate to have a silent install of the OpenVPN TAP driver..."
Start-ChocolateyProcessAsAdmin "certutil -addstore 'TrustedPublisher' '$toolsDir\openvpn.cer'"

Write-Host "Getting the state of the current OpenVPN service (if any)..."
# Get-Service returns a System.ServiceProcess.ServiceController. Get-WmiObject
# returns a Win32_Service (cf. __CLASS property of the returned object). The
# query in the like statement is case insensitive.
[array]$service = Get-WmiObject -Query "select * from win32_service where name like '%openvpn%'"
if ($service.Count -gt 1) {
    Write-Warning "$service.Count matches of the OpenVPN service found!"
    Write-Warning "Please alert package maintainer with configuration details,"
    Write-Warning "especially the output of services.msc related to OpenVPN."
    Write-Warning "The OpenVPN service configuration might fail and a manual"
    Write-Warning "intervention might be required."

$serviceNeedsRestart = $False
$serviceStartMode = "Manual"
if ($service) {
    if ($service[0].State -eq "Running") {
        $serviceNeedsRestart = $True

    # The property StartType of the class ServiceController might not available
    # in the .NET Framework when used with PowerShell 2.0
    # (cf. This property has been made available since
    # .NET 4.6.1 (src.: Since we cannot rely on this
    # property, we have two solutions, either using a WMI object or parsing
    # the registry manually. Let's use WMI as it's available since a long time.
    $serviceStartMode = $service[0].StartMode

    # Convert Win32_service types to .NET types
    if ($serviceStartMode -eq "Auto") {
        # Using the following type does not work
        # [System.ServiceProcess.ServiceStartMode]::Automatic
        $serviceStartMode = "Automatic"
    } elseif ($serviceStartMode -eq "Manual") {
        $serviceStartMode = "Manual"
    } elseif ($serviceStartMode -eq "Disabled") {
        $serviceStartMode = "Disabled"

Install-ChocolateyInstallPackage `
    -PackageName $packageName `
    -FileType $fileType `
    -SilentArgs $silentArgs `
    -File $packageFileName `
    -ValidExitCodes $validExitCodes

[array]$service = Get-Service | Where-Object {$_.Name -like "*OpenVPN*"}
if ($service.Count -eq 0) {
    Write-Error "The OpenVPN server cannot be found."
    Write-Error "Please alert the package maintainer."
} elseif ($service.Count -gt 1) {
    Write-Warning "$service.Count matches of the OpenVPN service found!"
    Write-Warning "Please alert package maintainer with configuration details,"
    Write-Warning "especially the output of services.msc related to OpenVPN."
    Write-Warning "The OpenVPN service configuration might fail and a manual"
    Write-Warning "intervention might be required."

if ($serviceNeedsRestart) {
    try {
        Write-Host "OpenVPN service was previously started. Trying to restart it..."
        Restart-Service $service[0].Name
        Write-Host "OpenVPN service restarted with successful."
    } catch {
        # Do not use Write-Error, otherwise chocolatey will think the installation has failed.
        Write-Warning "OpenVPN service failed to be restarted. Manual intervention required."

if ($serviceStartMode -ne 'Manual') {
    try {
        Write-Host "Trying to reset the OpenVPN service to ""$serviceStartMode""..."
        Set-Service $service[0].Name -StartupType $serviceStartMode
        Write-Host "OpenVPN service reset to ""$serviceStartMode"" with successful."
    } catch {
        Write-Warning "OpenVPN service failed to be reset to ""$serviceStartMode"". Manual intervention required."

# The installer changes the PATH, apply these changes in the current PowerShell
# session (limited to this script).
$packageName = 'openvpn'
$fileType = 'exe'
$silentArgs = '/S'
$validExitCodes = @(0)

# If we specify to Uninstall-ChocolateyPackage a silent argument but without
# a path, the command throws an exception. We cannot thus rely on the
# Chocolatey Auto Uninstaller feature. We will need to do manually what the
# PowerShell command does i.e. looking for the right path in the registry
# manually.

# Let's remove the certificate we inserted
Write-Host "Removing OpenVPN driver signing certificate added by this installer..."
Start-ChocolateyProcessAsAdmin "certutil -delstore 'TrustedPublisher' 'OpenVPN Technologies, Inc.'"

[array]$key = Get-UninstallRegistryKey -SoftwareName "OpenVPN*"

if ($key.Count -eq 1) {
    $key | % {
        $file = $key.UninstallString

        Write-Host "Removing OpenVPN... The OpenVPN service will be automatically stopped and removed."
        Uninstall-ChocolateyPackage `
            -PackageName "$packageName" `
            -FileType "$fileType" `
            -SilentArgs "$silentArgs" `
            -ValidExitCodes "$validExitCodes" `
            -File "$file"
} elseif ($key.Count -eq 0) {
    Write-Warning "$packageName has already been uninstalled by other means."
} elseif ($key.Count -gt 1) {
    Write-Warning "$key.Count matches found!"
    Write-Warning "To prevent accidental data loss, no programs will be uninstalled."
    Write-Warning "Please alert package maintainer the following keys were matched:"
    $key | % {Write-Warning "- $_.DisplayName"}

# After the uninstall has performed, choco checks if there are uninstall
# registry keys left and decides to launch or not its auto uninstaller feature.
# However, here, we have a race condition. When choco checks if the following
# registry key is still present, it's already gone.
# SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenVPN
# A fix for this issue is already present in choco 0.10.4
if ($Env:CHOCOLATEY_VERSION -lt "0.10.4") {
    # Let's sleep. Still failing with only 3 secs. 5 seems to work.
    Start-Sleep -s 5

# The uninstaller changes the PATH, apply these changes in the current PowerShell
# session (limited to this script).

# This script does not have to take care of removing the gpg4win-vanilla
# dependency as Chocolatey as a built-in function for that. To notify the user
# that a dependency can be removed is unneccessary. If a user wants to
# uninstall a package and its dependencies (as long as no other package depends
# on it) a user can run choco uninstall -x when uninstalling a package.

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Add to Builder Version Downloads Last Updated Status
OpenVPN - Open Source SSL VPN Solution 2.5.8 43678 Thursday, November 3, 2022 Approved
OpenVPN - Open Source SSL VPN Solution 2.5.7 72557 Wednesday, June 1, 2022 Approved
OpenVPN - Open Source SSL VPN Solution 2.5.6 36838 Thursday, March 17, 2022 Approved
OpenVPN - Open Source SSL VPN Solution 2.5.5 16619 Thursday, February 17, 2022 Approved
OpenVPN - Open Source SSL VPN Solution 2.5.4 233 Wednesday, February 16, 2022 Approved
OpenVPN 2.4.7 214406 Saturday, March 23, 2019 Approved
OpenVPN 12881 Sunday, January 20, 2019 Approved
OpenVPN 93460 Tuesday, July 10, 2018 Approved
OpenVPN 2.4.6 4685 Monday, June 25, 2018 Approved
OpenVPN 2.4.5 454 Monday, June 25, 2018 Approved
OpenVPN 2.4.4 23968 Tuesday, October 3, 2017 Approved
OpenVPN 2.4.3 7687 Thursday, June 22, 2017 Approved
OpenVPN 2.4.2 3485 Friday, May 26, 2017 Approved
OpenVPN 2.4.1 2486 Saturday, May 13, 2017 Approved
OpenVPN Community 2.4.0 6780 Sunday, January 8, 2017 Approved
OpenVPN Community 3110 Sunday, November 20, 2016 Approved
OpenVPN Community 2.3.13 3216 Monday, November 7, 2016 Approved
OpenVPN Community 2.3.11 5238 Monday, June 20, 2016 Approved
OpenVPN Community for Windows (incl. OpenVPN GUI) 2.3.10 2803 Monday, January 11, 2016 Approved
OpenVPN 2.3.6 4385 Thursday, December 18, 2014 Approved
openvpn 2.3.2 1657 Tuesday, July 16, 2013 Approved
openvpn 517 Thursday, July 18, 2013 Approved
openvpn 2.2.2 581 Thursday, July 18, 2013 Approved

Discussion for the OpenVPN Community Package

Ground Rules:

  • This discussion is only about OpenVPN Community and the OpenVPN Community package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or OpenVPN Community, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus