Hello,
UPdate: I found out that there is a new strongswan release strongswan-5.9.5-released, but it does not show up for updating in my OPN and I do not know why. Maybe I need to uninstall it.
Here is the information should anyone else be needing it
https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).htmlI find this:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.8 (amd64/LibreSSL) at Tue Feb 1 10:01:11 PST 2022
Fetching vuln.xml.bz2: .......... done
strongswan-5.9.4 is vulnerable:
strongswan - Incorrect Handling of Early EAP-Success Messages
1 problem(s) in 1 installed package(s) found.
***DONE***
So I reinstalled Strongswan, ran the test again, and the error remains - I have no idea what to do now, this will be a recurring theme as this posts goes along.
I also received this:
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
Checking integrity... done (0 conflicting)
This means nothing to me, and again I have no idea what to do.
Any help is greatly appreciated :/
