Upgrade because of heartbleed

  • I know an upgrade is recommended, but I have one machine running 2.0.2 or 2.0.1, I don't recall. It has openvpn installed and requires and cert and username and password to authenticate.  Is that vulnerable to heartbleed? The device is in a location that is difficult to access in the event of needing a manual reboot.  openvpn is also on a non-standard port.  i am worried about an external vulnerability to heartbleed, not internal. any help is appreciated. thanks.

  • Netgate Administrator

    The vulerability was only introduced with 2.1 so you should not be vulnerable to heartbleed.

    Additionally OpenVPN is not vulnerable in its default configuarion:

    However that doesn't mean that your outdated install isn't vulnerable to all the other fixes that have gone in since 2.0.2.  ;)


Log in to reply