Messages

Und im OpenVPN log file ist leider gar nichts zu sehen ...   :-\

File /var/log/openvpn.log yielded no results.

PS: Suricata hatte ich deaktiviert, den WebGUI-Port auf 34343 geändert.

so, hier nur ein kurzer Post um zu zeigen, dass ich wirklich mir einer anderen IP online bin (DynDNS-Host wird mit IP 158.181.74.19 korrekt aufgelöst)

- ja, Verbindung wird "von extern" per Hotspot des iPhones getestet (das iPhone ist dabei nur per LTE online und das MacBook nur per WLan mit dem iPhone-Hotspot verbunden, per GeoLocation-Check sehe ich dann auch, dass das MacBook im Telekom-Netz statt TeleColumbus-Netz online ist)

- ja, DynDNS funktioniert (aktuelle IP-Adresse wird korrekt aufgelöst)

- was die Firewall-Regeln betrifft:

beim WAN-Interface ist als Firewall-Regel aktiv:

Proto: IPv4 TCP
Source: *
Port: *
Destination: WAN address
Port: 443 (HTTPS)
Gateway: *
Schedule: da ist nichts eingetragen
Description: OpenVPN-TCP-443 wizard

beim OPENVPN-Interface ist als Firewall-Regel aktiv:

Proto: IPv4 *
Source: *
Port: *
Destination: *
Port: *
Gateway: *
Schedule: da ist nichts eingetragen
Description: OpenVPN-TCP-443 wizard

(das sind die beiden Regeln, die automatisch per Wizard erstellt wurden)

- momentan läuft die WebGUI noch auf dem Standard-Port 443, aber das kann ich natürlich noch ändern (da es aber mit UDP Port 1194 auch nicht funktionierte, würde ich ja fast vermuten, dass das nicht das eigentliche Problem ist ...)

- bezüglich Suricata bin ich mir nicht sicher - damals unter 17.1 hatte ich trotz aktiviertem Suricata-Schutz keine Probleme (aber auch das kann ich ja erst einmal deaktivieren zum testen und Fehler eingrenzen)

- das OpenVPN log werde ich gleich noch einmal cleanen und dann posten, aber soweit ich mich erinnere hatte ich da gestern nur gesehen, dass der OpenVPN-Server überhaupt läuft ...

* Testest du die Verbindung auch von extern?
* ist die WAN Adresse korrekt (158...) bzw. nutzt du zur Verbindung die no-ip Domain und ist diese korrekt und aktuell in der Auflösung?
* hast du dein WAN Interface kontrolliert bezüglich der Regeln, dass diese auch angelegt wurden (in dem Fall 443 tcp)?
* Ist deine OPNsense GUI auf einen anderen Port konfiguriert? Ansonsten könnte es Probleme geben mit WebUI auf Port 443 vs OpenVPN 443?
* Blockt ggf. dein Suricata die VPN Verbindungen?`
* Was sagt das OpenVPN Log auf der sense?

[Vermutlich ist es also ein Problem der Firewall meines OPNsense Routers?Und da wäre jetzt die Frage, welche Infos Ihr braucht, damit das Problem eingegrenzt werden kann?]

Hallo,

hatte das alles schon mal am laufen vor einigen Monaten - aber nachdem ein Upgrade auf die aktuelle Version 17.7 das Filesystem Anfang August zerschossen hatte, musste ich nun alles noch einmal neu aufsetzen.

Was bisher läuft:

- DHCP-Server: 192.168.1.151-199
- DynDNS: bei NO-IP.org
- Network Time Daemon: de.pool.ntp.org
- OpenDNS: malware + botnet + phishing protection
- SSH Login: immer nur an wenn benötigt
- Unbound DNS: /var/unbound/ad-blacklist.conf
- Inline Intrusion Prevention: Suricata & Netmap (abuse.ch)
- Trust Authorities & Certificates: internal_CA

Aber OpenVPN will irgendwie nicht klappen, egal ob Standard UDP Port 1194 oder auch TCP Port 443.

Habe das alles extra per Wizard eingerichtet, da dann auch gleich die nötigen Firewall-Regeln mit erstellt werden, aber Viscosity bekommt einfach keine Verbindung hin und ich weiß nicht so recht, wie ich das Problem jetzt am besten eingrenzen kann.

Das genau setup kann ich gern nachreichen wenn das hilfreich ist, aber sicher wollt ihr eher irgend welche log-files sehen um das Problem analysieren zu können?

Viscosity zeigt mir z.B. nur das hier an:

2017-11-09 23:03:04: Viscosity Mac 1.7.5 (1420)
2017-11-09 23:03:04: Viscosity OpenVPN Engine Started
2017-11-09 23:03:04: Running on macOS 10.13.1
2017-11-09 23:03:04: ---------
2017-11-09 23:03:04: State changed to verbinde
2017-11-09 23:03:04: Checking reachability status of connection...
2017-11-09 23:03:04: Connection is reachable. Starting connection attempt.
2017-11-09 23:03:04: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 27 2017
2017-11-09 23:03:04: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
2017-11-09 23:03:04: TCP/UDP: Preserving recently used remote address: [AF_INET]158.181.74.19:443
2017-11-09 23:03:04: Attempting to establish TCP connection with [AF_INET]158.181.74.19:443 [nonblock]

Aber es kommt einfach keine Verbindung zu stande - aber eben auch keine Fehlermeldung.

2017-11-09 23:03:41: State changed to Disconnecting
2017-11-09 23:03:41: SIGTERM[hard,init_instance] received, process exiting
2017-11-09 23:03:41: State changed to getrennt

Vermutlich ist es also ein Problem der Firewall meines OPNsense Routers?

Und da wäre jetzt die Frage, welche Infos Ihr braucht, damit das Problem eingegrenzt werden kann?

Danke für Unterstützung!

PS: Andere OpenVPN-Verbindungen laufen ohne Probleme mit Viscosity, es muss also ein Problem mit den settings im OPNsense Router sein (aktuelle Version 17.7.7).

Sorry, but I don't understand ...  ???

If I go to Interfaces / Other Types / Bridge I can "Add" something.

But here it only shows my "LAN" and "WAN" for the "Member Interfaces".

So maybe I have to assign the em2 and em3 first at Interfaces / Assignments?

(right now there is only LAN as em0 and WAN as em1 defined)

But this is what confuses me a lot: If I do add em2 and em3 as OPT1 and OPT2 in Interfaces / Assignments, what settings do I have to use here?

If I leave it all as default and create a bridge0 of LAN, OPT1 and OPT2 later, I do not get a DHCP address on OPT1 and OPT2.

So I'am wondering how to set this up correctly?

I use an Deciso OPNsense A10 Quad Core with SSD.

For me it would be also fine if the 3rd Port provides a different IP range because this Wifi-AccessPoint (the old Airport Extreme I wanna use for this) is only used by one of my flatmates, and she don't need access to my normal network.

But anyway - it would be nice to have the option as "normal switch mode" (it's called "bridged", right?).

For example the old Airport Extreme has this built-in (one WAN-Port, three normal Ethernet-Ports), nearly every standard home router on the market has it today (one WAN-Port, three or four Ethernet-Ports which can be used like a switch).

So why I should have bought an expensive router from the main supporter of the OPNsense project like my A10 from Deciso, if I can't use the four ports as I want?

Of course, I could connect my old Cisco switch to Port 1 (em0) like before and connect the Airport Extreme and also the HP ProCurve switch to this Cisco switch - but why should I have another device (the Cisco switch) always connected to power (and using some extra energy every day!!!) if I don't have to?

So any help is really appreciated.

Hello,

on my router I have 4 ports.

Port 1 (em0) is LAN (192.168.1.1/24) which is connected to my HP ProCurve switch.

Port 2 (em1) is WAN which is connected to the Cable Modem.

Now I'am wondering how to assign Port 3 and 4 (em2 and em3) to act like normal switch ports (connected to em0)?

The reason: My HP ProCurve switch is in another room (far away from the router) and I want to connect my old Airport Extreme as a WiFi Access Point directly to the router (Port 3 or 4).

Couldn't figure out yet how to configure this.

First of all: Thank you very much for your help and support!

It's working now again.  :)

And that's a good advice - test a major upgrade (like the 17.7 was) with a Live-System. It's a very nice option to import the settings, really great idea (didn't know about this feature yet).

In the future I will do this for sure, because somehow the upgrade to 17.7 "killed" the file system on my router.

At the end I've re-installed now from scratch (booted from the USB key live system, logged in as installer and run the installation setup wizard to install fresh on the internal SSD).

There was the option to import my configuration (and I did this in the beginning) but at the end it was faster for me to setup everything new again (now, as I'am a little more used to the OPNsense web interface it was much faster than some months ago).  ;D

The Unbound DNS is working fine again (to use an ad-blacklist.conf to avoid advertisements) and other features like the OpenVPN server are setup also fast and easy.

One last question to the developers of OPNsense: I can understand you can't control the state of the file system and something bad could happen all the time if there is an "power off" in the wrong moment. But wouldn't it be great to have the option to use a file system which is SAFE against situations like this?

Like ZFS for example? APFS on my Mac is "closed source" so this is no option, but in the future maybe ZFS would be the best choice if we want something like this?

I'am not a network expert (nor an file system expert), but you get the idea?

ok, two questions now to get a little clearer:

1) If I login to the web GUI now, it says

,,You are currently running in LiveCD mode. A reboot will reset the configuration. SSH remote login is enabled for the users ,,root" and ,,installer" using the same password."

So the router started now a LIVE system from the USB key and my personal configuration was imported from the internal SSD to this LIVE system, right?

How to move now this working LIVE system including my good old personal configuration to the internal SSD?

Do I have to SSH now into the router and copy the complete data from the USB key to the internal SSD? If so, how exactly?

2) The WAN interface (connected to the cable modem) still getting no internet connection.

I've switched off now the cable modem and will wait around 30 minutes before switching it on again.

As far as I remember the MAC address reservation is often a problem with cable modems (here it's an THOMPSON THG570K which works fine if connected to my old Airport Extreme).

But now the problem could be it's looking for the MAC address of this Airport Extreme station and it ,,don't accept" the new MAC address from port 2 of my Deciso router.

So I hope after 30 minutes it will accept the new MAC address and working?

Or is there a better way to fix this behaviour?

Thanks a lot for all the help!

[PS: Oh my god, I'am really BLIND - of course I have to connect WAN to Port 2 and the "normal home network" to Port 1!Like it sayd:]

But now I'am again a little confused - I could import my configuration from the SSD, but what should I do now as next step?

See what happened:

SeaBIOS (version rel-1.9.0.0-deciso-netboard-a10)
BUILD: gcc: (coreboot toolchain v1.33 November 25th, 2015) 5.2.0 binutils: (GNU Binutils) 2.25
Found mainboard Deciso Netboard A10

Press ESC for boot menu.

Select boot device:

1. AHCI/0: TS128GSSD420K ATA-9 Hard-Disk (119 GiBytes)
2. USB MSC Drive Kingston DT microDuo 3.0 PMAP
3. iPXE (PCI 00:00.0)
4. Payload [memtest]

Searching bootorder for: HALT
drive 0x000f3250: PCHS=0/0/0 translation=lba LCHS=1024/255/63 s=60555264
drive 0x000f3280: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 s=250069680
Space available for UMB: c1000-ee800, f0000-f3250
Returned 253952 bytes of ZoneHigh
e820 map has 7 items:
  0: 0000000000000000 - 000000000009fc00 = 1 RAM
  1: 000000000009fc00 - 00000000000a0000 = 2 RESERVED
  2: 00000000000f0000 - 0000000000100000 = 2 RESERVED
  3: 0000000000100000 - 00000000df175000 = 1 RAM
  4: 00000000df175000 - 00000000e0000000 = 2 RESERVED
  5: 00000000f8000000 - 00000000fc000000 = 2 RESERVED
  6: 0000000100000000 - 0000000120000000 = 1 RAM
enter handle_19:
  NULL
Booting from Hard Disk...
Booting from 0000:7c00
/boot/config: -S115200 -D
Consoles: internal video/keyboard  serial port
BIOS drive C: is disk0
BIOS drive D: is disk1
BIOS 639kB/3654100kB available memory

FreeBSD/x86 bootstrap loader, Revision 1.1
(root@sensey64, Sat Aug 26 10:46:58 CEST 2017)
Loading /boot/defaults/loader.conf

## ... to much info, deleted this ...

Press any key to start the configuration importer: ......

<TS128GSSD420K O0918B>             at scbus0 target 0 lun 0 (pass0,ada0)
<Kingston DT microDuo 3.0 PMAP>    at scbus2 target 0 lun 0 (pass1,da0)

Select device to import from (e.g. ada0) or leave blank to exit: ada0

## So here I've selected ada0 to import the configuration from my internal TS128GSSD

Starting import for partition '/dev/ada0s1a'.

Running fsck...done.
Restoring config.xml...done.
Restoring dhcpleases.tgz...done.
Restoring rrd.tgz...done.
Restoring backup...done.
Restoring sshd...done.
Configuring crash dump device: /dev/null
.ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/ipsec /usr/local/lib/perl5/5.24/mach/CORE
32-bit compatibility ldconfig path:
done.
>>> Invoking early script 'update'
>>> Invoking early script 'configd'
Starting configd.
>>> Invoking early script 'php'
Configuring PHP: OK
>>> Invoking early script 'backup'
Launching the init system...done.
Initializing............done.
Starting device manager...done.
Configuring login behaviour...done.
Configuring loopback interface...done.
Configuring kernel modules...done.
Setting up extended sysctls...done.
Setting timezone...done.
Writing firmware setting...done.
Setting hostname: OPNsense17MacOn.localdomain
Generating /etc/hosts...done.
Starting syslog...done.
Creating OpenVPN instances...done.
Configuring loopback interface...done.
Creating wireless clone interfaces...done.
Configuring WAN interface...done.
Configuring LAN interface...done.
Syncing OpenVPN settings...done.
Generating /etc/resolv.conf...done.
Configuring firewall......done.
Setting up gateway monitors...done.
Configuring OpenSSH...done.
Starting web GUI...done.
Configuring CRON...done.
Setting up routes...done.
Starting Unbound DNS...done.
Starting DHCP service...done.
Generating /etc/hosts...done.
Configuring firewall......done.
Configuring dynamic DNS clients...done.
Starting NTP service...deferred.
Generating RRD graphs...done.
Starting syslog...done.
>>> Invoking start script 'freebsd'
Starting suricata.
8/11/2017 -- 12:17:18 - <Info> - Including configuration file installed_rules.yaml.
>>> Invoking start script 'carp'
>>> Invoking start script 'cron'
Starting Cron: OK
>>> Invoking start script 'beep'
Root file system: /dev/ufs/OPNsense_Install

*** OPNsense17MacOn.localdomain: OPNsense 17.7.5 (amd64/OpenSSL) ***

LAN (em0)       -> v4: 192.168.1.1/24
WAN (em1)       ->
WIFIPORT (em2)  ->

Welcome!  Both `root' and `installer' users are availabe for system
setup or invoking the installer, respectively.  The predefined root
password works for both accounts.  Remote login via SSH is possible.

FreeBSD/amd64 (OPNsense17MacOn.localdomain) (ttyu0)

login: root
Password:
----------------------------------------------
|      Hello, this is OPNsense 17.7          |         @@@@@@@@@@@@@@@
|                                            |        @@@@         @@@@
| Website:      https://opnsense.org/        |         @@@\\\   ///@@@
| Handbook:     https://docs.opnsense.org/   |       ))))))))   ((((((((
| Forums:       https://forum.opnsense.org/  |         @@@///   \\\@@@
| Lists:        https://lists.opnsense.org/  |        @@@@         @@@@
| Code:         https://github.com/opnsense  |         @@@@@@@@@@@@@@@
----------------------------------------------

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Upgrade from console
  6) Reboot system                      13) Restore a backup

Looks like it didn't realised yet what the WAN interface is?

Have connected my Thompson Cable Modem to Port 1 and my normal network to port 2 and my Mac to Port 3.

PS: Oh my god, I'am really BLIND - of course I have to connect WAN to Port 2 and the "normal home network" to Port 1!

Like it sayd:

LAN (em0)       -> v4: 192.168.1.1/24
WAN (em1)       ->
WIFIPORT (em2)  ->

[iTerm2]

Ok, thanks for the hint.

I couldn't see any boot options in the Terminal.app (Version 2.8 Build 400 of macOS 10.13.1 "High Sierra"), so I've switched to iTerm2 https://www.iterm2.com/index.html now which seems to be more useful especially when using the console mode.

Now I could do this:

cd /dev/
ls -la ./*usb*
screen /dev/tty.usbmodem1421 115200

to see the advice "Press ESC for boot menu."

which I did, but then it was not "F12" but key "2" to select the option to use the USB key:

Press ESC for boot menu.

Select boot device:

1. AHCI/0: TS128GSSD420K ATA-9 Hard-Disk (119 GiBytes)
2. USB MSC Drive Kingston DT microDuo 3.0 PMAP
3. iPXE (PCI 00:00.0)
4. Payload [memtest]

Searching bootorder for: HALT
drive 0x000f3250: PCHS=0/0/0 translation=lba LCHS=1024/255/63 s=60632064
drive 0x000f3280: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 s=250069680
Space available for UMB: c1000-ee800, f0000-f3250
Returned 253952 bytes of ZoneHigh
e820 map has 7 items:
  0: 0000000000000000 - 000000000009fc00 = 1 RAM
  1: 000000000009fc00 - 00000000000a0000 = 2 RESERVED
  2: 00000000000f0000 - 0000000000100000 = 2 RESERVED
  3: 0000000000100000 - 00000000df175000 = 1 RAM
  4: 00000000df175000 - 00000000e0000000 = 2 RESERVED
  5: 00000000f8000000 - 00000000fc000000 = 2 RESERVED
  6: 0000000100000000 - 0000000120000000 = 1 RAM
enter handle_19:
  NULL
Booting from Hard Disk...
Booting from 0000:7c00

Sadly now it hangs at:

Booting from Hard Disk...
Booting from 0000:7c00

since around 5 minutes, should I wait a little longer or better do a dd again with:

sudo dd if=/Users/localadmin/Downloads/OPNsense-17.7.5-OpenSSL-serial-amd64.img of=/dev/disk2s2 bs=1m

instead of

sudo dd if=/Users/localadmin/Downloads/OPNsense-17.7.5-OpenSSL-serial-amd64.img of=/dev/disk2 bs=1m

Ok, sorry - forget this post ... I'am so stupid  ;D

Was using the wrong USB key, now it's booting fine so the normal dd with disk2 instead of disk2s2 was building a working bootable USB key.

[So how can I restart the device and let it boot from the stick to install OPNsense from scratch? Can I force this in any way via the console?]

Ok, now I've created an USB-Stick to re-install OPNsense, but I don't know, how to boot from this stick?

What I've done on my MacBook Pro:

1) Downloaded the OPNsense Image (AMD64 serial) from Hiho.ch

OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2
7a85ae36b52d6f85239b7a936cefa5c53dddfa272b968e24bc6b61c77f4dfbce

2) Formated an 32 GB USB Stick with Disk Utility as FAT32 MBR stick named T1

3) Proofed the checksum:

openssl sha256 /Users/localadmin/Downloads/OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2
SHA256(/Users/localadmin/Downloads/OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2)= 7a85ae36b52d6f85239b7a936cefa5c53dddfa272b968e24bc6b61c77f4dfbce

4) Unpacked the OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2 to get the OPNsense-17.7.5-OpenSSL-serial-amd64.img

5) Used dd to copy the IMG to my USB-Stick

diskutil list

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *31.0 GB    disk2
   1:                 DOS_FAT_32 T1                      31.0 GB    disk2s1

sudo diskutil unmountDisk /dev/disk2

Unmount of all volumes on disk2 was successful

sudo dd if=/Users/localadmin/Downloads/OPNsense-17.7.5-OpenSSL-serial-amd64.img of=/dev/disk2 bs=1m

Interesting: You don't see anything, the unpacked image is nearly 1 GB in size and the dd command will take around 5 minutes to copy everything to the USB stick. But you can use the Activity Monitor.app of macOS and search for a process in the cpu section called dd (it will disappear if dd has finished the job).

Then you will see something like the following on your Terminal.app window:

885+1 records in
885+1 records out
928120832 bytes transferred in 331.571088 secs (2799161 bytes/sec)

So far, so good.

But now, if I connect this stick to the device and reboot from console:

/usr/local/etc/rc.reboot

Sadly it's not booting into the live-installer, all I get is still the normal boot and again these information after login:

FreeBSD/amd64 (Amnesiac) (ttyu0)

Warning: require_once(config.inc): failed to open stream: No such file or directory in /usr/local/sbin/opnsense-auth on line 32

Fatal error: require_once(): Failed opening required 'config.inc' (include_path='.:/usr/local/share/pear') in /usr/local/sbin/opnsense-auth on line 32
Last login: Tue Nov  7 18:40:25 on ttyu0

So how can I restart the device and let it boot from the stick to install OPNsense from scratch? Can I force this in any way via the console?

PS: I'am really lost here and can't understand how and why this router was completely unusable after a normal upgrade process!  :-\

Hello,

I've bought an OPNsense A10 Quad Core SSD from Deciso some months ago and it worked very well all the time (liked it a lot).  :)

SKU: OPN20078B
S/N: 21230

I've always used the web GUI to configure this peace of hardware, never the console.

Some weeks ago I've made an update/upgrade to version 17.7 (don't remember the exact build and version, but I can remember I've changed the source where the update was downloaded from) and after some days I've lost the internet connection and at the end I also could not connect anymore to the web interface of the router. :(

As a fast troubleshoot I've used my old Apple Airport Extreme as router and it worked fine (with an THOMPSON Cable Modem).

So the OPNsense router was powered off for some weeks ...

Now I would like to get my OPNsense router running again, but there is no chance for me!

- also after a factory reset I don't get any IP on any of the 4 ethernet ports (only self-signed 169.254.44.197)
- if I use a hard-coded IP address like 192.168.1.2 for my Mac and as Gateway 192.168.1.1 I also can't connect (on any of the ethernet ports)

So I decided to connect via USB Console.

Which works, but there is no console menu, all I can see is this:

FreeBSD/amd64 (Amnesiac) (ttyu0)

login: root
Password: opnsense (did not changed this yet)

Warning: require_once(config.inc): failed to open stream: No such file or directory in /usr/local/sbin/opnsense-auth on line 32

Fatal error: require_once(): Failed opening required 'config.inc' (include_path='.:/usr/local/share/pear') in /usr/local/sbin/opnsense-auth on line 32

Last login: Tue Nov  7 10:05:37 on ttyu0
----------------------------------------------
|      Hello, this is OPNsense 17.7          |         @@@@@@@@@@@@@@@
|                                            |        @@@@         @@@@
| Website:      https://opnsense.org/        |         @@@\\\   ///@@@
| Handbook:     https://docs.opnsense.org/   |       ))))))))   ((((((((
| Forums:       https://forum.opnsense.org/  |         @@@///   \\\@@@
| Lists:        https://lists.opnsense.org/  |        @@@@         @@@@
| Code:         https://github.com/opnsense  |         @@@@@@@@@@@@@@@
----------------------------------------------

As far as I remember I've bought this router including some extra support from Deciso (don't remember the exact details) but I got no answer yet ...

Google'ing around I've found not a real solution, also a restart via Console with:

/usr/local/etc/rc.reboot

gave me the same "fatal error" after login.

Looks like I have to reinstall OPNsense completely?

Thanks for ideas and help,
all the best,
Marcel

Hello,

it's well known since over 1 week now that OpenVPN versions older than 2.3.17 or 2.4.3 are not secure anymore!

see:

https://www.packetmischief.ca/2017/06/23/openvpn-2-3-17-on-openbsd-6-0/

and

https://www.heise.de/security/meldung/Sicherheitsluecken-Angreifer-koennten-OpenVPN-crashen-3751852.html

On my device it's still the vulnerable version 2.3.15.

openvpn23
2.3.15

And if you check in the Dashboard for updates, it says "There are no updates available on the selected mirror."

If I do the "Audit now" it talks only about the vulnerable curl version, but not about the openvpn version:

***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.54.0 is vulnerable:
cURL -- URL file scheme drive letter buffer overflow
CVE: CVE-2017-9502
WWW: https://vuxml.freebsd.org/freebsd/9314058e-5204-11e7-b712-b1a44a034d72.html

1 problem(s) in the installed packages found.
***DONE***

I'am really wondering about that and I'am some kind of shocked about this situation.

Any ideas when we will get the updated versions?

PS: PFsense updates are already out, so I'am wondering why OPNsense is so slow ... :/