If you're using OpenVPN site-to-site with the default BF-CBC cipher and pre-shared-key mode you should probably change to AES-128-CBC. Use
set interfaces openvpn vtun# encryption aes128
Don't forget to make the change on both ends, and if the tunnel is the only method you have of accessing the remote site, change the remote end first.
More info:
It seems like if an attacker can observe about 750GB of data they can break the encryption. In their examples they used malicious javascript to generate the necessary traffic (the vulnerability also affects HTTP over TLS) but if you have a busy tunnel that wouldn't be necessary.
I think you would be safe if you are using TLS instead of a pre shared key as it re-keys the data channel hourly by default, unless you are passing a lot of data... if you were passing 1.5TB per hour then in theory they could break it in 30 minutes and have 30 minutes to observe your data before it is re-keyed. With a pre-shared-key though once they have broken it then can decrypt any tunnel data they capture/have captured from the past or future.
Even more info:
https://community.openvpn.net/openvpn/wiki/SWEET32 - keep in mind on this link the version they are referencing is much newer than what we're using on EdgeOS but the basics still apply