Should I trash my router if it still runs OpenSSL 0.9.8p and OpenVPN 2.2.2 in 2017?

Should I trash my router if it still runs OpenSSL 0.9.8p and OpenVPN 2.2.2 in 2017?

I have the Easybox 904 xDSL router from Vodafone (Germany) running the latest firmware 03.17.01.17.
I wanted to upgrade the firmware but found out that the latest version is from 2015 - no updates since then. There's a list of all open source software used in this router, including:

OpenSSL 0.9.8p
OpenVPN 2.2.2
linux kernel modules, V2.6.32

What I actually want to accomplish is to gain access to a Synology DS916+ running the latest OS, having letsencrypt certificates and lots of security configured:

access CloudStation and FileStation using dynamic DNS and port-forwarding
access Gitlab by using a VPN-connection to my network

Is it still secure using this router or should I get a new one?

Solutions/Answers:

Answer 1:

You may disable all the features you don’t want to use on your router. You can enable SSH only when needed and keep it disabled at all other times. Port forwarding and connection over VPN to your local devices is very good approach. Also make sure there is no way to connect to your router from the internet – allow access only from your local network and always via SSL if possible. Use UPS to power your router and if you have to REBOOT it do it offline, then connect the internet wire once fully rebooted. Routers tend to be vulnerable during the boot sequence, typical attack might be to force the user to reboot the router and then attack it.

Our Awesome Free Tools

References