Upgrade because of heartbleed



  • I know an upgrade is recommended, but I have one machine running 2.0.2 or 2.0.1, I don't recall. It has openvpn installed and requires and cert and username and password to authenticate.  Is that vulnerable to heartbleed? The device is in a location that is difficult to access in the event of needing a manual reboot.  openvpn is also on a non-standard port.  i am worried about an external vulnerability to heartbleed, not internal. any help is appreciated. thanks.


  • Netgate Administrator

    The vulerability was only introduced with 2.1 so you should not be vulnerable to heartbleed.

    Additionally OpenVPN is not vulnerable in its default configuarion:
    https://forum.pfsense.org/index.php?topic=74796.msg409174#msg409174

    However that doesn't mean that your outdated install isn't vulnerable to all the other fixes that have gone in since 2.0.2.  ;)

    Steve


Log in to reply