OpenVPN is affected by Heartbleed too
I guess you would not have landed here if you don’t read about Heartbleed. In case you really don’t know what its all about, catch up here. Since OpenVPN makes use of SSL/TLS (and most distributions use OpenSSL as the implementation of choice), OpenVPN is affected too (check the official page). Most test utilities out there can test HTTP and other protocols, however, I didn’t found a test which validates that a OpenVPN installation is safe. So I created one.
You can find the Python script over at Github. My version is an heavily altered version I found at Fox-It created by Jared Stafford and Yonathan Klijnsma.
Right now, the utility only supports UDP (which is used by default). The first arguments need to be the test server which then will be contacted and a TLS session initialized. The script then sends a invalid heartbeat request, which the server will respond to if he is vulnerable.
$ ./heartbleed_test_openvpn.py my.server.com my.server.com|VULNERABLE 0000 18 03 01 10 13 02 10 00 48 65 61 72 74 62 6C 65 ........Heartble 0010 65 64 20 74 65 73 74 20 70 61 79 6C 6F 61 64 E2 ed test payload. 0020 0B 9E 38 34 EC 3D 66 2B 9C D5 63 00 00 68 C0 14 ..84.=f+..c..h.. 0030 C0 0A 22 C0 C0 21 00 39 00 38 00 88 00 87 C0 0F ...".!.9.8...... 0040 C0 05 00 35 00 84 C0 21 C4 08 1C 1C C0 1B 00 16 ...5............ 0050 00 13 C0 0D C0 03 00 0A C0 13 C0 09 C0 1F C0 1E ................ 0060 00 00 00 32 ...2