Modify

Opened 6 years ago

Last modified 4 years ago

#10443 new enhancement

OpenVPN 2.2.1 --tls-remote and --script-security warning patch

Reported by: David Schueler <david.schueler@…> Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: other Version: Trunk
Keywords: openvpn tls-remote script-security warning Cc:

Description

Since version 2.1 openvpn spits out a warning to syslog saying:

Nov 17 15:55:54 daemon.warn openvpn(custom_config)[2134]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Nov 17 15:55:54 daemon.warn openvpn(custom_config)[2134]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

This is okay. But if you've understood the warning and what the --tls-remote and --script-security switches are doing, you've no option to turn this warnings off.

So here's a little patch for OpenVPN 2.2.1 to remove the warnings in init.c

Attachments (1)

002-remove-tls-warnings (1.3 KB) - added by David Schueler <david.schueler@…> 6 years ago.
Patch to remove the warnings.

Download all attachments as: .zip

Change History (4)

Changed 6 years ago by David Schueler <david.schueler@…>

Patch to remove the warnings.

comment:1 follow-up: Changed 6 years ago by jow

I do understand your point here but wouldn't this be better directed upstream?

comment:2 in reply to: ↑ 1 Changed 6 years ago by David Schueler <david.schueler@…>

Replying to jow:

I do understand your point here but wouldn't this be better directed upstream?

Maybe, but the developers of OpenVPN still remain at the point to not include a function to turn the warnings off (see http://forums.openvpn.net/topic8529.html).

I think its the main goal of OpenVPN on OpenWRT is to establish a secure VPN tunnel and not to fill the logs with warnings you cant turn off. Because the size of the log on an embedded device is limited, its better to remove the warnings in the code for the WRT-Version of OpenVPN.

Reagrds

David

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.