Opened 10 years ago

Closed 8 years ago

Last modified 8 years ago

#74 closed Bug / Defect (fixed)

openvpn-2.1.4 floods /var/log/messages when network is down / it is reconnecting

Reported by: mt Owned by:
Priority: minor Milestone: release 2.2.0
Component: Generic / unclassified Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: logging


Showing messages like:

OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

(in "verb 0" !!) and friends for the other script security levels or

WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

(in "verb 1") more than *once* at startup does not make much sense.
Currently, they're visible in each reconnect attempt (every ~20 sec).

Also message like e.g.:

Re-using SSL/TLS context
LZO compression initialized
RESOLVE: Cannot resolve host address: x.y.z: [TRY_AGAIN]
A temporary error occurred on an authoritative name server.
RESOLVE: Cannot resolve host address: x.y.z: [TRY_AGAIN]
A temporary error occurred on an authoritative name server.

are nice to know in first reconnect attempt - or in higher
"verb" levels than 1 - but may should be avoided in every
reconnect attempt.

Further, also the 1st (unmutable one) in this combination:

NOTE: --mute triggered...
2 variation(s) on previous 1 message(s) suppressed by --mute

does not make much sense except as a debug message ...

Change History (3)

comment:1 Changed 10 years ago by David Sommerseth

Keywords: logging added

I believe this one is partly fixed in the OpenVPN 2.2-beta releases. Can you give beta5 a whirl and see if it looks better?

commit c2533d18ce6da1bd43502f9f2923541c578864e9
Author: David Sommerseth <dazo@…>
Date: Thu Apr 29 23:35:45 2010 +0200

Revamped the script-security warning logging (version 2)

The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING
over and over again, in addition to not show this warning when it should not
be a problem. This general warning should now only appear once, and only when
--script-security is not set, 0 or 1. In all other cases this warning should
not appear.

In addition, this warning will come close to the script-hook which most probably
will fail. It will also give a little bit more concrete hint on which script-hook
which failed. If --script-security is 2 or 3, only the execve failure itself will
be shown. This message will on the other hand be shown repeatedly.

This is a new rewritten version which simplifies the implementaion of the new
openvpn_run_script() function. It was considered to remove it completely, but
due to code clearity and easy of use it was decided to make this function a static
inline function instead. Anyhow, this function will enforce openvpn_execve_check()
to be called with the S_SCRIPT flag.

Patch ACKed on the developers meeting 2009-04-29.

Signed-off-by: David Sommerseth <dazo@…>
Acked-by: James Yonan <james@…>

comment:2 Changed 8 years ago by David Sommerseth

Resolution: fixed
Status: newclosed

Closing as fixed, as the reporter has not indicated the issue still being present.

comment:3 Changed 8 years ago by David Sommerseth

Milestone: release 2.2.0
Note: See TracTickets for help on using tickets.