DD-WRT Syslog warnings

[billchaney64 0]

I've been getting the following warnings in my dd-wrt syslog.

 

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible

Jan 29 18:23:06 DD-WRT daemon.notice openvpn[8830]: OpenVPN 2.4.4 arm-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 19 2018

Jan 29 18:23:06 DD-WRT daemon.notice openvpn[8830]: library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09

Jan 29 18:23:06 DD-WRT daemon.notice openvpn[8833]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8833]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8833]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

 

 

Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: ERROR: Linux route add command failed: external program exited with error status: 1

Jan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.0.1

Jan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.0.1

Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Jan 29 18:23:08 DD-WRT daemon.notice openvpn[8833]: Initialization Sequence Completed

 

Everything seems to be behind the VPN and I'm not having any problems accessing websites and there's no dns leaks.

 

Any help with understanding these errors and warning would be appreciated.

 

Billy

[billchaney64 0]

This is my openVPN log.

 

20180129 14:08:50 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 
20180129 14:08:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20180129 14:08:50 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
20180129 14:08:50 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
20180129 14:08:50 I TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443 
20180129 14:08:50 Socket Buffers: R=[180224->180224] S=[180224->180224] 
20180129 14:08:50 I UDPv4 link local: (not bound) 
20180129 14:08:50 I UDPv4 link remote: [AF_INET]96.47.229.58:443 
20180129 14:08:50 TLS: Initial packet from [AF_INET]96.47.229.58:443 sid=9bf1eca4 785d67a4 
20180129 14:08:50 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 
20180129 14:08:50 VERIFY OK: nsCertType=SERVER 
20180129 14:08:50 NOTE: --mute triggered... 
20180129 14:08:51 2 variation(s) on previous 3 message(s) suppressed by --mute 
20180129 14:08:51 I [server] Peer Connection Initiated with [AF_INET]96.47.229.58:443 
20180129 14:08:52 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 
20180129 14:08:52 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.1.129 255.255.0.0' 
20180129 14:08:52 OPTIONS IMPORT: timers and/or timeouts modified 
20180129 14:08:52 NOTE: --mute triggered... 
20180129 14:08:52 5 variation(s) on previous 3 message(s) suppressed by --mute 
20180129 14:08:52 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 
20180129 14:08:52 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 
20180129 14:08:52 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 
20180129 14:08:52 NOTE: --mute triggered... 
20180129 14:08:52 1 variation(s) on previous 3 message(s) suppressed by --mute 
20180129 14:08:52 I TUN/TAP device tun1 opened 
20180129 14:08:52 TUN/TAP TX queue length set to 100 
20180129 14:08:52 D do_ifconfig tt->did_ifconfig_ipv6_setup=0 
20180129 14:08:52 I /sbin/ifconfig tun1 10.4.1.129 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255 
20180129 14:08:53 /sbin/route add -net 96.47.229.58 netmask 255.255.255.255 gw 8.17.126.1 
20180129 14:08:53 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.0.1 
20180129 14:08:53 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.0.1 
20180129 14:08:53 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 

 

Is this anything I should worry about?

[Staff 9973]

Hello!

 

About the following entries:

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

Jan 29 18:23:06 DD-WRT daemon.warn openvpn[8830]: WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible

 

the fix (if you find it really necessary...) must come from you side by setting the attributes you wish for those files.

 

About this:

Jan 29 18:23:08 DD-WRT daemon.warn openvpn[8833]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

 

you can safely ignore it because authentication is not based on passwords.

 

Kind regards

[billchaney64 0]

Thanks for the reply. I take it that these warnings aren't critical. So I'll leave them alone. Again thanks for the reply

 

Billy

[billchaney64 0]

One more question. What is the following warning and do I need to fix this? If I do, how do I fix it?

 

20180129 14:08:50 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.