I am unsure whether the pfSense 2.4 version will include the OpenVPN 2.4.2 version or just 2.4. However, in light of this recent investigation:
I think it would be in all our interests to have pfSense 2.4 roll out with OpenVPN 2.4.2 which contains fixes for all the security risks mentioned in that audit - some of which are quite severe.
I would like to know thoughts :)
#3 Updated by Jim Pingle almost 3 years ago
I just cherry-picked the OpenVPN 2.4.2 port update commit to the ports branch for pfSense 2.4 snapshots, so the next new snapshot should have it. I'll leave this assigned to Renato so he can check it and make sure it was done properly (he's a bit busy right this moment).