Since years there are certain rumors that the usage of MD5 is a security risk, mainly coming from nearly-informed 'specialists', but unfortunately also from VPN review pages.
How does this happen?
MD5 is a hash function, generating a limited quantity out from an endless input quantity. Goal is to create a one way function, so it will be impossible or nearly impossible to extract an original initial value from a known hash value. Very often this operation is used to avoid saving passwords in plain text in databases, but instead just its respective hash. An attacker shouldn't be able the unveil the password from the hash, when having access to the database. Also a hacker shouldn't find a password creating the same hash, so it will be possible to log-in with a different password than the original one.
The latter is meanwhile possible with MD5 and/or SHA-1: With reasonable effort, a value can be found which generates a certain desired hash. This is called 'collision'. However, this also requires some effort, and it is fundamentally questionable whether such collisions can occur in real-time, e.g. while OpenVPN data transmission takes place.
MD5 is used at CyberGhost to generate a signature of data packets in conjunction with HMAC. Goal is to prevent an attacker from modifying encrypted data without the communication parties (client and server) being able to detect this.
Why should an attacker want to modify the packages?
An attacker can't read the contents of packages because of the strong AES encryption. Thus, he can't specifically modify packets and, e.g. during an online banking transaction, change the account numbers in an encrypted packet to its own. However, he could modify the encrypted data as desired, so that 'corrupted' data emerge during decryption, which might be capable to endanger the stability of the receiving. For example, an application is expecting a data length field at a certain position in the received user data, but instead gets insane values due to the now defective data of this length field, a buffer overflow attack might occur.
Fact is, an attacker should not be allowed to read, modify, or resend the contents of encrypted packets (replay). The latter is realized with OpenVPN by sequence numbers, which can not be changed because of the signature.
Why is the signature with OpenVPN safe with MD5?
OpenVPN does not form the signature by merely forming a hash value of the encrypted data, but also uses a (between the parties ) securely negotiated key to calculate the signature. This method is called Keyed Hash Message Authentication Code (HMAC). See also wikipedia.org/wiki/Keyed-Hash_Message_Authentication_Code.
Cryptologists have shown that the security of HMAC does not depend on the collision resistance of the hash algorithm used, but on the secret key and the assumption that the hash algorithm is a PRF (Pseudo Random Function, cseweb.ucsd.edu/~mihir/papers/hmac-new.pdf). This applies to MD5.
Because the OpenVPN key is transmitted via a secure TLS channel (as is the key for the actual encryption), it is wrong to argue that the use of MD5 is uncertain for HMAC.