Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Sun Jul 27, 2014 0:04 Post subject:
None of the DD-WRT versions actually have the "Heartbleed" problem. (As far as I know.) The reasoning behind that is that DD-WRT has versions long time prior to the "Heartbleed" option even being implemented. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Sun Jul 27, 2014 15:44 Post subject:
It seems I may have misunderstood what the developer <Kong> had previously wrote elsewhere on this board. Maybe the following will help you more.
<Kong> wrote:
xantarios wrote:
All,
You all may have heard of the massive Heartbleed bug that was disclosed that affects many versions of OpenSSL.
I use DD-WRT VPN, I would like to know how to do the following:
1. List of DD-WRT versions that are affected
2. How to find version of OpenSSL my version of DD-WRT is running
3. Links to builds for all router models to update to in order to no longer be affected.
EDIT: I think I found the post I was previously referring to:
<Kong> wrote:
obilan wrote:
I have been trying to figure out whether the recent openSSL bug affects build 14929 but I could not find the answer on google or by browsing through the directories on the router.
I use openVPN on a WRT54GL.
Not affected as it uses the old openssl lib without heartbeat support.
Here is another one which might be useful:
<Kong> wrote:
marbon wrote:
Hi everybody,
i succesfully flashed dd-wrt.v24-23919_NEWD-2_K3.x_mega-e3000.bin on my E3000.
I want to use the openvpn server on the router but i am a little bit confused about heartbleed vulnerability.
I read in different posts that 23919 should not be vulnerable against the heartbleed bug but the command "openvpn --version" says openvpn server version 2.3.2 is included which is vulnerable for heartbleed.
I also could not checked the installed version of openssl because command openssl is not found and i could not find a lib from openssl everywhere.
So is the included version of openvpn vulnerable or not?
Cheers,
marbon
You are mixing things up only 2.3.2 is vuklerable on windows, since it ships the older openssl version on linux/dd-wrt etc. it uses the shipped openssl version.
Latest builds come with fixed openssl.
I hope the above information helps. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.