Author Topic: WZR-600DHP, OpenVPN, and Heartbleed  (Read 3056 times)

jjbirdz

  • Calf
  • *
  • Posts: 1
WZR-600DHP, OpenVPN, and Heartbleed
« on: May 30, 2014, 10:11:38 PM »
Tried emailing this to support, but never got an answer... maybe someone has some more info here...

I have the router listed in the subject line and I'd like to use OpenVPN, but am concerned that the version of Openssl installed on the router could be affected by heartbleed based on what I've read about DD-WRT (I'm running the Pro/DD-WRT firmware from Buffalo). The build showing on my router is 20180 and there are no newer updates on Buffalo's site.

Is the Buffalo build of DD-WRT affected by this bug? If so can someone tell me if a newer firmware is going to be released that addresses this issue? One of the main reasons I purchased this router was for OpenVPN capabilities among other features offered with DD-WRT. 

Thanks!

coypu76

  • Calf
  • *
  • Posts: 3
Re: WZR-600DHP, OpenVPN, and Heartbleed
« Reply #1 on: June 04, 2014, 02:36:12 PM »
The current Buffalo firmware shipping for this router is affected by the Heartbleed vulnerability as it uses an unremediated OpenSSL code set.
Please see my post here:  http://forums.buffalotech.com/index.php?topic=20154.msg77643#msg77643 for further discussion of the issue and the download location of non-Buffalo firmware from DD-WRT which has a remediated OpenSSL code stack.  The post also includes my own opinion on the actual risk represented by Heartbleed on an OpenVPN tunnel.  It's just a personal opinion and it's not official, so you're on your own as to how you respond.  Good luck!