I’ve been tinkering with opensource VPNs for a while and had this idea around using the CRIME style compression oracle attacks on VPN’s packet compressions as well. This is an extension of my earlier research on predicting how CRIME could affect SPDY
The OpenVPN team has written an excellent article on this attack here
Resources
There were a few VPN providers who wrote about this and how they mitigated this attack.
Make sure you turn off compression on your OpenVPN clients and servers