OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. The attack vector in OpenVPN is particularly dangerous because it s pre-authentication, putting all communication through a supposedly secure tunnel at risk. The vulnerability allows an attacker to take advantage of a vulnerability in the way Bash executes code attached to an environment variable. A number of patches have been produced, including two within the first 12 hours of discovery last week, and others from major vendors including Apple last night.
Source: https://threatpost.com/openvpn-vulnerable-to-shellshock-bash-vulnerability/108616/