Recently, two independent audits have investigated the code and cryptographic mechanisms used in OpenVPN. After they were deployed, the development team of OpenVPN introduced the necessary patches for the software, and only after the release of version 2.4.2 detected bugs and irregularities were released to the public.
The audits are carried out by:
- Quarkslab (audit financed by OSTIF ). The results of the audit can be found here .
- Cryptography Engineering LCC (audit financed by Private Internet Access ). You can read the results of the audit on the PIA blog .
With the official release of OpenVPN about the audits and the patches implemented in connection with them, please see this page: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits