Here’s a pro tip If you make VPN…

Here’s a pro-tip: If you make VPN software which can auto-update itself, don’t update over unsecured connections.

Such an obvious order of operations oversight doesn’t bode well. It’s exactly the sort of marker which people look for when evaluating this sort of things. Those that know anyway…

Next up is to evaluate DNS security. I’m starting to get very concerned about attacks via that vector.