OpenVPN was analyzed by Guido Vranken using a fuzzer, which uncovered several vulnerabilities. Some of these vulnerabilities have the potential to be remotely exploitable in certain circumstances. For the full details, read the security advisory issued by OpenVPN. These vulnerabilities have been assigned IDs CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522.
We strongly recommend all users upgrade the OpenVPN package on pfSense® software installations to OpenVPN 2.3.17 (pfSense 2.3.4, pfSense 2.3.5 snapshots) or OpenVPN 2.4.3 (pfSense 2.4 snapshots) as soon as possible.
Users of the OpenVPN Client Export package should also update that package on pfSense installations (See item #2 below), and update all client devices with the latest version of OpenVPN. The latest version of the OpenVPN Client Export Package (1.4.9 or later) contains Windows installers for OpenVPN 2.4.3 and 2.3.17. Re-running an exported installer will not update the client; OpenVPN must be removed from the client first before installing a new exported client. Alternately, manually download and install the latest client directly from OpenVPN. For clients on other operating systems, check with the client vendor for updates.
For users running pfSense software version 2.3.4-RELEASE, this update can be accomplished in one of three different ways. Choose and perform one of the following methods:
Using a Upgrade Openvpn Access Server Virtual Appliance Upgrade Openvpn Access Server Virtual Appliance allows you to virtually change your location so that you get the 1 last update 2019/12/30 same great experience from anywhere in Nordvpn Expressvpn China the 1 last update 2019/12/30 world. Discuss: The best VPN services for 2019 Sign in to comment. Be respectful, keep it civil and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time Openvpn Access Server Appliance Upgrade at our discretion.
- Perform a manual update from a shell prompt (console or ssh option 8) using the following set of commands:This command sequence will update the pkg database, then update OpenVPN to version 2.3.17, and then restart all instances of OpenVPN so they are running the latest version. A firewall reboot is optional, but may be used in place of the last command.NOTE: Do not run /etc/rc.openvpn from the GUI using Diagnostics > Command Prompt, that command must be run from a shell prompt. Alternately, manually restart each instance of OpenVPN from Status > Services or reboot the firewall.
- If a firewall currently has the OpenVPN Client Export package installed:
- Update the package to version 1.4.12 or later from System > Package Manager on the Installed Packages tab, which will also update openvpn in the base system.
- Manually restart each instance of OpenVPN from Status > Services or reboot the firewall.
- If a firewall does not have the OpenVPN Client Export package installed:
- Install the OpenVPN Client Export package (version 1.4.12 or later) from System > Package Manager on the Available Packages tab
- Click the “reinstall” button for the OpenVPN Client Export Package on System > Package Manager on the Installed Packages tab, which will trigger an update of openvpn in the base system.
- Manually restart each instance of OpenVPN from Status > Services or reboot the firewall.
Users on versions prior to pfSense 2.3.4 should update to pfSense 2.3.4 and then apply the update as described above.
For users on pfSense 2.4 or pfSense 2.3.5 snapshots, update to the latest available snapshot to obtain an updated version of OpenVPN.
To check the current version of OpenVPN and its related packages, run the following command from a shell prompt or Diagnostics > Command:
An errata release containing this and other updates for pfSense 2.3.4 users, 2.3.4-p1, is pending and will be released once the (unrelated) FreeBSD corrections for CVE-2017-1000364 are completed, merged, and tested.
Related
1-Click Deploy: OpenVPN Access Server Marketplace
How To Install WordPress with OpenLiteSpeed on Ubuntu 18.04 Tutorial
How to Use Ansible to Install and Set Up Apache on Ubuntu 18.04 Tutorial
Status: Deprecated
This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:
- Upgrade to Ubuntu 14.04.
Reason:Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
Introduction
OpenVPN Access Server, from the official website is 'a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux OS environments.'
The installation of OpenVPN AS is much simpler compared to the traditional OpenVPN (without any GUI). Another great thing about about OpenVPN AS (Access Server) is that it has a mobile application for both Android and iOS platforms, enabling you to access your OpenVPN server on your smartphone as well.
Basic Server Setup
In this tutorial, we are using an Ubuntu 12.04 64-bit cloud server. Go ahead and create one to follow along. If you need help with this, you can refer to this tutorial here. After you have started up your cloud server, let's make some adjustments before we install OpenVPN AS. Please follow this guide to prepare our cloud server for installation.
Installing OpenVPN Acess Server
Let's begin by logging in as the root user. From here, download the OpenVPN AS package:
The above link is for 64-bit cloud servers since that is what we've decided to use. If by any chance you're using a 32-bit version, the download link would be:
To install OpenVPN AS, enter the following command:
If you are using a 32-bit cloud server, enter the following command instead:
That's it. OpenVPN AS is now installed. However, there are still some things left to do before we can use it. During the installation, OpenVPN has created a default admin user called 'openvpn'. We need to set a password for 'openvpn'. To do that, enter the following command:
You'll be prompted to enter your desired password. Make sure your password is secure.
Administration and Client Software Setup
OpenVPN AS web interfaces can be found at:
Replace 'YourIPAddress' with your actual cloud server's IP address. Then, head over to the Client UI to use the access server. You'll see a big bad security warning. But don't be alarmed, it is perfectly okay since we've self-signed our server's SSL. Ignore the warning and click Ok/Proceed and you'll be prompted for username and password. Enter 'openvpn' as the username and the password should be what you've set for 'openvpn' before. After filling out username/password, click 'Go' and you'll see a screen like this:
Download the 'OpenVPN Connect' software by clicking the link. After it has finished downloading, run it and enter your login credentials. And voilà! You are now connected to your OpenVPN Access Server.
You can login to the Admin UI if you need to make changes to your access server, although default settings works fine.
One more thing: remember that you can use OpenVPN access server with your smartphone? Download the official Android app here and the iOS app here.
Now, have fun with your OpenVPN Access Server!
Update:
As of OpenVPN Access Server v2.0, OpenVPN will no longer uses the
5.5.16.0/20
subnetwork for clients and will use the 172.27.240.0/20
subnet instead.