[benchaney]

It is irrelevant what software the provider is using as long as they use the openvpn protocol. This will be obvious to anyone who tries to connect using openvpn.

[thinkloop]

Can you explain further, how can you be sure things weren't aded to the software?

[flavor8]

When you use a VPN service that supports openvpn, you:

a) Install OpenVPN yourself (open source)

b) Download an OpenVPN profile from the VPN company

c) Configure OpenVPN with the profile

Specifically, you don't have to install any binary software from the company itself.

[benchaney]

To the client side or the server side? On the client side, you should download the code from a location you trust. On the server side, it is irrelevant if something is added to the software for the attack we are discussing.

[thomnottom]

You can use your own OpenVPN client.