billchaney64 0 Posted ... I've been getting the following warnings in my dd-wrt syslog. Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessibleJan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessibleJan 29 18:23:06 DD-WRT daemon.notice openvpn[8830]: OpenVPN 2.4.4 arm-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 19 2018Jan 29 18:23:06 DD-WRT daemon.notice openvpn[8830]: library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09Jan 29 18:23:06 DD-WRT daemon.notice openvpn[8833]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8833]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8833]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: ERROR: Linux route add command failed: external program exited with error status: 1Jan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.0.1Jan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.0.1Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent thisJan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: Initialization Sequence Completed Everything seems to be behind the VPN and I'm not having any problems accessing websites and there's no dns leaks. Any help with understanding these errors and warning would be appreciated. Billy Quote Share this post Link to post
billchaney64 0 Posted ... This is my openVPN log. 20180129 14:08:50 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 20180129 14:08:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20180129 14:08:50 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20180129 14:08:50 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20180129 14:08:50 I TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443 20180129 14:08:50 Socket Buffers: R=[180224->180224] S=[180224->180224] 20180129 14:08:50 I UDPv4 link local: (not bound) 20180129 14:08:50 I UDPv4 link remote: [AF_INET]96.47.229.58:443 20180129 14:08:50 TLS: Initial packet from [AF_INET]96.47.229.58:443 sid=9bf1eca4 785d67a4 20180129 14:08:50 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 20180129 14:08:50 VERIFY OK: nsCertType=SERVER 20180129 14:08:50 NOTE: --mute triggered... 20180129 14:08:51 2 variation(s) on previous 3 message(s) suppressed by --mute 20180129 14:08:51 I [server] Peer Connection Initiated with [AF_INET]96.47.229.58:443 20180129 14:08:52 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 20180129 14:08:52 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.1.129 255.255.0.0' 20180129 14:08:52 OPTIONS IMPORT: timers and/or timeouts modified 20180129 14:08:52 NOTE: --mute triggered... 20180129 14:08:52 5 variation(s) on previous 3 message(s) suppressed by --mute 20180129 14:08:52 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 20180129 14:08:52 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 20180129 14:08:52 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 20180129 14:08:52 NOTE: --mute triggered... 20180129 14:08:52 1 variation(s) on previous 3 message(s) suppressed by --mute 20180129 14:08:52 I TUN/TAP device tun1 opened 20180129 14:08:52 TUN/TAP TX queue length set to 100 20180129 14:08:52 D do_ifconfig tt->did_ifconfig_ipv6_setup=0 20180129 14:08:52 I /sbin/ifconfig tun1 10.4.1.129 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255 20180129 14:08:53 /sbin/route add -net 96.47.229.58 netmask 255.255.255.255 gw 8.17.126.1 20180129 14:08:53 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.0.1 20180129 14:08:53 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.0.1 20180129 14:08:53 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Is this anything I should worry about? Quote Share this post Link to post
Staff 10018 Posted ... Hello! About the following entries:Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessibleJan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible the fix (if you find it really necessary...) must come from you side by setting the attributes you wish for those files. About this:Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this you can safely ignore it because authentication is not based on passwords. Kind regards Quote Share this post Link to post
billchaney64 0 Posted ... Thanks for the reply. I take it that these warnings aren't critical. So I'll leave them alone. Again thanks for the reply Billy Quote Share this post Link to post
billchaney64 0 Posted ... One more question. What is the following warning and do I need to fix this? If I do, how do I fix it? 20180129 14:08:50 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Quote Share this post Link to post