IP exposure via UDP ports

We have recently become aware of a newly published method for deanonymizing VPN users. For this to work, the user must be running some software that listens to and communicates via a UDP port and either be connecting directly to the internet without a NAT router or be behind a NAT router with port forwarding enabled.

You can read more about the issue and how to mitigate it.