Private Internet Access funds OpenVPN 2.4 audit by noted cryptographer Dr. Matthew Green

Posted on Dec 7, 2016 by Caleb Chen
Share Tweet

private internet access announcement

Private Internet Access is happy to announce that an OpenVPN 2.4 audit is going to be completed by noted cryptographer Dr. Matthew Green, assistant professor at the Johns Hopkins Information Security Institute. Dr. Green has a long, distinguished history in the fields of applied cryptography and cryptographic engineering and has previously lead the Truecrypt audit.

Private Internet Access funds OpenVPN 2.4 audit

Private Internet Access has contracted Dr. Green as an independent consultant to do a comprehensive evaluation of the version of OpenVPN that is currently available on GitHub and search for security vulnerabilities. Once OpenVPN 2.4 is out of beta and released, the final version will be compared and evaluated to complete the security audit.

The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect. Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company.

Once the independent audit is completed, Private Internet Access will share the final report with OpenVPN prior to releasing the results to the public. Furthermore, we will work with OpenVPN to ensure that any discovered vulnerabilities are fixed before publishing.

We look forward to verifying the security of OpenVPN 2.4 and will keep the privacy community posted about developments in the OpenVPN 2.4 audit.

About Caleb Chen

Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.

VPN Service

Comments are closed.


  1. Mario Miniaci

    This is a good example of corporate responsibility – working with the ecosystem of which you are part. Well done!

    3 years ago
  2. Joe

    Another reason why PIA is great.

    3 years ago
  3. disqus_8o9HGWO0cw

    Tried another VPN service but you have convinced me to come back. 🙂

    3 years ago
  4. PendragonUK

    Nice to see my duckets being put to good use. Been a happy customer for a few years now.

    3 years ago
  5. terrywang

    Does PIA use strongSwan (which I personally think is the best in the business) as IPsec VPN solution? If so, do you have plan to do an audit for strongSwan as well? Thanks.

    3 years ago
  6. Uberjannie

    Thanks, PIA. Another reason to keep being a customer.

    3 years ago
  7. c0d3r1

    Does OpenVpn give free port forwarding

    3 years ago
  8. Michael Nolan

    That is great but how about supporting OpenVPN on the Chromebook? My personal laptop screen broke on my last business trip. I used to travel with work laptop, personal laptop, and tablet. I replaced the personal laptop and tablet with a convertible Chromebook for about the price of a tablet. With the Android app store working well this is going to become an important tool. But I had a disappointing exchange with customer support trying to get a user cert to use OpenVPN with PIA. They told me to use IPsec. Provide a client or the user cert, which PIA must be generating for the OpenVPN clients on other platforms

    3 years ago
  9. Nikhil

    Very true. Definitely going above and beyond. If PIA was based in a country without ridiculous data retention laws and could provide a log-less VPN service PIA would be without doubt one of the best VPN service providers. I have used PIA in the past and they provide good service, broad server selection & excellent speeds.

    3 years ago
    1. Brian D

      AFAIK PIA doesn’t log. In this court case

      PIA was unable to provide anything identifying the user. The only thing they could tell them is what server the user connected to. Multiple PIA users share the same external IP address, so it is very hard for them to figure out who-is-who after the fact.

      If the government takes control of their system that is another thing, but no company could stay secure under those circumstances.

      3 years ago
  10. Dusty

    That’s great, thanks.

    But I’m interested in knowing how much is the cost of the audit of OpenVPN, can you please share that information?

    3 years ago