-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hello!

We have released OpenVPN-NL 2.5.11-nl2. This release contains backported fixes for CVE-2026-35058 and CVE-2026-40215 and should be installed as soon as possible. Previous releases have been marked as untrusted on the website.

On Linux, you might receive warnings regarding our name change to Sentyron when updating. Please check the output of your package manager to make sure that it performed the update.

The Windows release has been signed with a new key: https://openvpn.sentyron.com/repos/sentyron-win.pem

The fingerprint is f89b8466bb696e037917bced17dc19bcb2b58bc9.

This key does not yet appear on the website of Unit Weerbaarheid. You can check the authenticity of the Windows installer by verifying the SHA256 hash in https://openvpn.sentyron.com/repos/sha256sums.txt and checking that https://openvpn.sentyron.com/repos/sha256sums.txt.asc is a valid signature for that file made with our code-signing GPG key (https://openvpn.sentyron.com/repos/sentyron-gpg.asc).

A note about the tap-windows6 driver: We are including an older version of the driver that was signed with our previous key. This is still accepted by Windows due to timestamping. We hope to make another release with an updated driver in the near future.

Best regards, Max Fillinger