diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index aba866d0db1..9fa9646cacb 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6709,6 +6709,13 @@
     githubId = 8211181;
     name = "Kevin Kandlbinder";
   };
+  kfears = {
+    email = "kfearsoff@gmail.com";
+    github = "KFearsoff";
+    githubId = 66781795;
+    matrix = "@kfears:matrix.org";
+    name = "KFears";
+  };
   kfollesdal = {
     email = "kfollesdal@gmail.com";
     github = "kfollesdal";
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index c6d8f4acba3..43ae28ac02c 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -197,6 +197,7 @@
   ./programs/npm.nix
   ./programs/noisetorch.nix
   ./programs/oblogout.nix
+  ./programs/openvpn3.nix
   ./programs/pantheon-tweaks.nix
   ./programs/partition-manager.nix
   ./programs/plotinus.nix
diff --git a/nixos/modules/programs/openvpn3.nix b/nixos/modules/programs/openvpn3.nix
new file mode 100644
index 00000000000..f3101d3cebd
--- /dev/null
+++ b/nixos/modules/programs/openvpn3.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.openvpn3;
+in
+{
+  options.programs.openvpn3 = {
+    enable = mkEnableOption "the openvpn3 client";
+  };
+
+  config = mkIf cfg.enable {
+    services.dbus.packages = with pkgs; [
+      openvpn3
+    ];
+
+    users.users.openvpn = {
+      isSystemUser = true;
+      uid = config.ids.uids.openvpn;
+      group = "openvpn";
+    };
+
+    users.groups.openvpn = {
+      gid = config.ids.gids.openvpn;
+    };
+
+    environment.systemPackages = with pkgs; [
+      openvpn3
+    ];
+  };
+
+}
diff --git a/pkgs/tools/networking/openvpn3/default.nix b/pkgs/tools/networking/openvpn3/default.nix
new file mode 100644
index 00000000000..30abf86b02f
--- /dev/null
+++ b/pkgs/tools/networking/openvpn3/default.nix
@@ -0,0 +1,125 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, asio
+, autoconf-archive
+, autoreconfHook
+, fetchpatch
+, glib
+, gtest
+, jsoncpp
+, libcap_ng
+, libnl
+, libuuid
+, lz4
+, openssl
+, pkg-config
+, protobuf
+, python3
+, tinyxml-2
+, wrapGAppsHook
+}:
+
+let
+  openvpn3-core = fetchFromGitHub {
+    owner = "OpenVPN";
+    repo = "openvpn3";
+    rev = "7765540e581c48721752bcad0b3d74b8397b1f73";
+    sha256 = "sha256-v/suF/tWfuukQO1wFiHRzC7ZW+3Gh1tav6qj0uYUP4E=";
+  };
+in
+stdenv.mkDerivation rec {
+  pname = "openvpn3";
+  # also update openvpn3-core
+  version = "17_beta";
+
+  src = fetchFromGitHub {
+    owner = "OpenVPN";
+    repo = "openvpn3-linux";
+    rev = "v${version}";
+    sha256 = "sha256-ITSnC105YNYFW1M2bOASFemPZAh+HETIzX2ofABWTho=";
+  };
+
+  patches = [
+    # remove when v18_beta hits
+    (fetchpatch {
+      name = "dont-hardcode-gio.patch";
+      url = "https://github.com/OpenVPN/openvpn3-linux/commit/f7d6d3ae1d52b18b398d3d3b6e21c720c98d0e89.patch";
+      sha256 = "sha256-Bo5uaHadMTDROpwM7Y5aXhCoGUrsAAkSxeXLLhvOeEg=";
+    })
+  ];
+
+  postPatch = ''
+    rm -r ./vendor/googletest
+    cp -r ${gtest.src} ./vendor/googletest
+    rm -r ./openvpn3-core
+    ln -s ${openvpn3-core} ./openvpn3-core
+
+    chmod -R +w ./vendor/googletest
+    shopt -s globstar
+
+    patchShebangs **/*.py **/*.sh ./src/python/{openvpn2,openvpn3-as,openvpn3-autoload} \
+    ./distro/systemd/openvpn3-systemd ./src/tests/dbus/netcfg-subscription-test
+
+    echo "3.git:v${version}:unknown" > openvpn3-core-version
+  '';
+
+  preAutoreconf = ''
+    substituteInPlace ./update-version-m4.sh --replace 'VERSION="$(git describe --always --tags)"' "VERSION=v${version}"
+    ./update-version-m4.sh
+  '';
+
+  nativeBuildInputs = [
+    autoconf-archive
+    autoreconfHook
+    python3.pkgs.docutils
+    python3.pkgs.jinja2
+    pkg-config
+    wrapGAppsHook
+    python3.pkgs.wrapPython
+  ] ++ pythonPath;
+
+  buildInputs = [
+    asio
+    glib
+    jsoncpp
+    libcap_ng
+    libnl
+    libuuid
+    lz4
+    openssl
+    protobuf
+    tinyxml-2
+  ];
+
+  # runtime deps
+  pythonPath = with python3.pkgs; [
+    dbus-python
+    pygobject3
+  ];
+
+  dontWrapGApps = true;
+  preFixup = ''
+    makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
+  '';
+  postFixup = ''
+    wrapPythonPrograms
+  '';
+
+  configureFlags = [
+    "--enable-bash-completion"
+    "--enable-addons-aws"
+    "--disable-selinux-build"
+    "--disable-build-test-progs"
+  ];
+
+  NIX_LDFLAGS = "-lpthread";
+
+  meta = with lib; {
+    description = "OpenVPN 3 Linux client";
+    license = licenses.agpl3Plus;
+    homepage = "https://github.com/OpenVPN/openvpn3-linux/";
+    maintainers = with maintainers; [ shamilton kfears ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 35063f031ed..ed9894e4516 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9065,6 +9065,8 @@ with pkgs;
     openvpn_24
     openvpn;
 
+  openvpn3 = callPackage ../tools/networking/openvpn3 { };
+
   openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { };
 
   openvpn-auth-ldap = callPackage ../tools/networking/openvpn/openvpn-auth-ldap.nix {