EDIT: (August 22, 2020) Theo Buehler has kindly reached out to me and informed me that this issue has just been fixed in a syspatch, and that OpenVPN now works correctly. Hi. Regarding https://blog.lambda.cx/posts/openvpn-issues-openbsd/, the issue you describe in this post should be fixed in 6.7-stable. It boils down to this: ProtonVPN appears to require clients to use P-521 for the TLSv1.3 key exchange. Released versions of OpenVPN do not permit customizing the curve to use for the key exchange (they added a –tls-groups option in their dev branch).
Posts with the tag libressl: