1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN --script-security logs

Discussion in 'Tomato Firmware' started by _wb_, May 19, 2014.

  1. _wb_

    _wb_ Networkin' Nut Member

    Is there a way to disable these reoccurring logs?

    May 19 08:34:23 tomato daemon.warn openvpn[6896]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    I have already added "verb 0" but that doesn't seem to do anything for these logs.

  2. koitsu

    koitsu Network Guru Member

    From the OpenVPN ChangeLog:

    2008.11.16 -- Version 2.1_rc14
    * Added additional method parameter to --script-security to preserve
      backward compatibility with system() call semantics used in OpenVPN
      2.1_rc8 and earlier.  To preserve backward compatibility use:
        script-security 3 system
    * Added additional warning messages about --script-security 2
      or higher being required to execute user-defined scripts or
    The code itself is in src/openvpn/init.c (around line 2564) which you can read.

    The short version is that without setting --script-security 1 you will see this message, and doing that will inhibit behaviour such as being able to run user scripts for up/down events (ex. run some script/code when the VPN tunnel goes up or down). Tomato uses --script-security 2 because there are up/down scripts which get used to accomplish tasks (legitimately/justified). There is no other way to inhibit this message. --verb has no effect (see the code).

    If you have qualms with this, please contact the OpenVPN folks directly / file a ticket with them, as this matter has nothing to do with Tomato/TomatoUSB.
  3. EOC_Jason

    EOC_Jason Networkin' Nut Member

    I think "verb 3" is hardcoded in the tomato stuff... I don't know if adding a different verb level in the custom box will override it.

    My OpenVPN spits out a bunch of useless stuff in the logs, you just kind of have to live with ignoring it.
  4. _wb_

    _wb_ Networkin' Nut Member

Share This Page