OpenVPN CVE-2026-40215 | will CE 2.8.1 also received the update to 2.6.20?
-
Hi,
I saw during openvpn-client-export update/reinstall on pfSense 26.03 the OpenVPN upgrade from 2.6.16 to 2.6.20.
Will pfSense 2.8.1 also receive this update?Installed packages to be UPGRADED: openvpn: 2.6.16 -> 2.6.20 [pfSense] openvpn-client-export: 2.7.1 -> 2.7.4 [pfSense] pfSense-pkg-openvpn-client-export: 1.9.11 -> 1.9.13 [pfSense] -
'Ask' your 2.8.1 and tell us (and yourself) ^^) ?
Console or SSH, option 8, and
pkg upgradeYou'll receive a list with package(s) avaible for upgrading.
Then you'll see the question : "Continue Y/n N". Just type N to stop.
Or Y to install the updates.Imho : security updates like this are avaible for CE and Plus.
edit : Btw : I've re read this, and I understand your question.
-
we have this discussion some time ago, I can remember :)
Maybe Netgate can provide a system patch to trigger all this updates to ensure all pfSense systems (CE/Plus) are on the same version?
At the moment only unbound is available, was there something with this package, maybe I missed it?
Installed packages to be UPGRADED: unbound: 1.23.0 -> 1.24.2 [pfSense] Number of packages to be upgraded: 1 -
Really unsure since Plus has the upgrade now a few days and not any word of CE.
Since there is also support of 2.8.1 CE, OpenVPN should receive the update also?https://docs.netgate.com/pfsense/en/latest/releases/versions.html#pfsense-ce-software
-
Since there is also support of 2.8.1 CE, OpenVPN should receive the update also?
Giving Netgate the benefit of the doubt, there's a legitimate (QA?) reason it's taking longer to push an updated package to CE. It's likely something to do with the fact that CE is still on FreeBSD 15.0-CURRENT I would think.
-
@tinfoilmatt I'm absolut not familiarly with FreeBSD, but it look like there is a OpenVPN 2.6.20 for FreeBSD 15?
-
@slu said in 26.03 openvpn 2.6.16 -> 2.6.20, will 2.8.1 also received the update to 2.6.20?:
ut it look like there is a OpenVPN 2.6.20 for FreeBSD 15?
Even for the FreeBSD pfSense uses : version 16.
Let's check the version :
[26.03-RELEASE][root@pfSense.bhf.tld]/root: openvpn --version OpenVPN 2.6.20 amd64-portbld-freebsd16.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] library versions: OpenSSL 3.5.5 27 Jan 2026, LZO 2.10 DCO version: FreeBSD 16.0-CURRENT #36 plus-RELENG_26_03-n256531-4923e82e59d1: Fri Mar 20 18:22:49 UTC 2026 root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-26_03-main/obj/amd64/TVcqnR7U/var/jenkins/workspace/pfSe Originally developed by James Yonan Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net> ......I have 2.6.20 on my pfSense (since a couple of days ^^ there are other forum threads mentioning this version)
-
@Gertjan said in 26.03 openvpn 2.6.16 -> 2.6.20, will 2.8.1 also received the update to 2.6.20?:
I have 2.6.20 on my pfSense (since a couple of days ^^ there are other forum threads mentioning this version)
Yes, on my pfSense+ boxes this is true, but not for my 2.8.1 boxes:
[2.8.1-RELEASE][root@fw.local]/root: openvpn --version OpenVPN 2.6.16 amd64-portbld-freebsd15.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] library versions: OpenSSL 3.0.16 11 Feb 2025, LZO 2.10Tried it again with pkg upgrade, still no update available.
Edit: I renamed the topic to be clear the question is not about pfSense+
-
I would appreciate a response from Netgate, even if there is no update...
-
@slu I'm sure they'll get around to it someday...
Meanwhile, some other BSD-based system was patched for this 2 weeks ago. Just saying.
-
Good thing there's always WireGuard. You're a fan, no?
-
It's now fixed in Plus and CE:
