OpenVPN's security makes heavy use of SSL/TLS transmitting data across the wire, and the recommended authentication is through using PKI. If implemented correctly and configured properly, OpenVPN can be considered secure.
This all depends on you knowing what you are doing. For example, if you configured it to use 1024 bit RSA certificates for authentication, that is now considered weak. Using/not using a static hmac key can also have an overall effect on the overall security - the ISP in my country actively attacks OpenVPN traffic, without a static auth key I would not be able to establish a tunnel.
OpenVPN now allows you to use a couple of SSL librarries, OpenSSL (since LibreSSL is said to be API compatible with OpenSSL, it may work, but I haven't tried it myself) and PolarSSL. For example, I compiled OpenVPN from source on my VPS and told it to use PolarSSL instead of OpenSSL, and thus my server was immune to heartblead, but not some of my clients.
Do your research, lookup on best practices.
Does your VPN leaks any of your real address IPv4 or IPv6? That's the question. I recently remarks that my VPN (SoftEther) hide my IPv4 real IP address but leaks my real IPv6 IP address!!! Check here: http://test-ipv6.com/
– climenole – 2014-12-24T00:57:45.380