Upgrade because of heartbleed
-
I know an upgrade is recommended, but I have one machine running 2.0.2 or 2.0.1, I don't recall. It has openvpn installed and requires and cert and username and password to authenticate. Is that vulnerable to heartbleed? The device is in a location that is difficult to access in the event of needing a manual reboot. openvpn is also on a non-standard port. i am worried about an external vulnerability to heartbleed, not internal. any help is appreciated. thanks.
-
The vulerability was only introduced with 2.1 so you should not be vulnerable to heartbleed.
Additionally OpenVPN is not vulnerable in its default configuarion:
https://forum.pfsense.org/index.php?topic=74796.msg409174#msg409174However that doesn't mean that your outdated install isn't vulnerable to all the other fixes that have gone in since 2.0.2. ;)
Steve