OpenVPN 2.4.2 fixes critical issues discovered in OpenVPN audit reports

Posted on May 11, 2017 by Caleb Chen
openvpn audit

Private Internet Access is happy to release the results of our OpenVPN audit. In concurrence with the release of this report, OpenVPN has released OpenVPN 2.4.2 which is the latest update to the recently released OpenVPN 2.4 technology. The privacy and security community has banded together behind this open source technology to use the Internet openly and freely.

This new, audited version of OpenVPN, OpenVPN 2.4.2, is a technically sound package which has passed not one but two recent security audits. The first audit was conducted by Dr. Matthew Green of Cryptography Engineering on behalf of PIA. Dr. Green previously completed the TrueCrypt audit with the Open Crypto Audit Project. The second audit was conducted by the team at QuarksLab thanks to a community crowdfunding campaign from the Open Source Technology Improvement Fund (OSTIF). QuarksLab and OSTIF previously did the VeraCrypt audit.

The author of the Cryptography Engineering OpenVPN audit, Dr. Green, summarized the audit and the results:

“We took a detailed look at the implementation of OpenVPN 2.4. We focused on the cryptography and software quality of the project. With the release of OpenVPN 2.4.2 several issues uncovered in both our audit and a larger audit conducted by Quarks Lab will be resolved.  Our finding is that the OpenVPN 2.4.2 package is technically sound. We’d like to thank Private Internet Access for their sponsorship of both audits and their continued efforts on behalf of the security community.”

Here is the full OpenVPN 2.4 Evaluation Summary and Report.

Here is the synopsis of OSTIF’s QuarksLab OpenVPN 2.4 report.

Here is the OpenVPN security announcement about OpenVPN 2.4.2.