If two or more client machines try to connect to
the server at the same time via TCP, using the same
client certificate, and when --duplicate-cn is not
enabled on the server, a race condition can crash the
server with "Assertion failed at mtcp.c:411"
If the client sends a packet which fails to decrypt
on the server, the OpenSSL error queue is not properly
flushed, which can result in another unrelated client
instance on the server seeing the error and responding
to it, resulting in disconnection of the unrelated client.
A malicious [authenticated] client in "dev tap"
ethernet bridging mode could theoretically flood the
server with packets appearing to come from hundreds of
thousands of different MAC addresses, causing the OpenVPN
process to deplete system virtual memory as it expands its
internal routing table.
DoS attack against server when run with "verb 0"
and without "tls-auth".
If a client connection to the server fails certificate
verification, the OpenSSL error queue is not properly
flushed, which can result in another unrelated client
instance on the server seeing the error and responding to it,
resulting in disconnection of the unrelated client.