Jump to content


Openvpn has been audited and security issues have been Identified

openvpn Eddie security

  • Please log in to reply
2 replies to this topic

#1 Keksjdjdke


    Advanced Member

  • Members
  • PipPipPip
  • 204 posts

Posted 12 May 2017 - 10:07 PM

Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF).

Here is a link to the audit information.



#2 Staff


    Advanced Member

  • Staff
  • PipPipPip
  • 7252 posts

Posted 13 May 2017 - 09:58 AM



AirVPN is the 4th OSTIF top donor:



We contributed specifically for the OpenVPN audit.


We're glad to see that the audit completed quickly and that no serious security vulnerabilities have been found client-side. Even server-side, the only two security issues are not particularly worrying. A denial of service can be triggered by a client sending at least 196 GB in a certain way, while another denial of service can be caused by having the tls-auth key.


Let's remember anyway that the bug bounty remains open.


Our upgrade schedules sever-side remain unchanged, as well as Air client software release cycle. Each new release of our software is packaged with the latest OpenVPN version and keep in mind that you can configure the software to use any OpenVPN version you prefer.


Kind regards

#3 trekkie.forever


    Advanced Member

  • Members
  • PipPipPip
  • 39 posts

Posted 17 May 2017 - 10:01 PM

Since I am unsure what you're server side upgrade schedule is, can you please advise by approximately when the servers will be updated to 2.4.2?



Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13111 - BW: 39507 Mbit/sYour IP: Access.