What releases of OpenVPN are in pfSense 2.0 release through 2.0.3 alpha?
-
I apologize if this seems like a lazy question. I have searched quite a bit before asking.
I'm asking because I've read in the OpenVPN forum that OpenVPN 2.2.2 and later may not be secure. So I'd rather stick with, or revert to, OpenVPN 2.2.1.
If someone can point me to this in documentation, that would be great too.
Thank you.
Edit: Upon reflection, in pfSense 2.0.2-RELEASE …
$ openvpn --version
OpenVPN 2.2.0 amd64-portbld-freebsd8.1 ...No problem.
-
Can you include a link to the OpenVPN forums regarding this? The latest pfSense 2.1 Snapshot uses OpenVPN 2.3.0, and I've been looking at getting the new OpenVPN elliptical curve TLS cipher suites working. Any news of OpenVPN 2.3.0 not being secure is of interest.
-
The OpenVPN Forum thread is:
Involvement of FOX-IT in OpenVPN
https://forums.openvpn.net/topic10180.htmlI saw it in a Wilders Security Forum thread:
Involvement of FOX-IT in OpenVPN
https://www.wilderssecurity.com/showthread.php?p=2196713The Wikipedia page on FOX-IT:
http://en.wikipedia.org/wiki/Fox-IT
Edit: The AirVPN forum admin just said this:
Basically the statements by Sommerseth hold and Yonan's analysis, as well as the OpenVPN community work and
the peer-review of OpenVPN after 4 months from that thread, show that there's no such vulnerability neither on
OpenVPN 2.2.x nor on OpenVPN 2.3.0. Additionally, Palatinux team members have proved unable to support their
claims, even after a clear invitation to do so by Bakker from PolarSSL (see his message on the very same thread).
Unless Palatinux provides evidence of their claims (and in 4 months they failed to do so), all the stuff is just an
attempt to inject FUD (Fear, Uncertainty and Doubt) for purposes we are not willing to comment.https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=8070&Itemid=142