OpenVPN --script-security logs

Discussion in 'Tomato Firmware' started by _wb_, May 19, 2014.

  1. _wb_

    _wb_ Networkin' Nut Member

    Is there a way to disable these reoccurring logs?

    May 19 08:34:23 tomato daemon.warn openvpn[6896]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    I have already added "verb 0" but that doesn't seem to do anything for these logs.

  2. koitsu

    koitsu Network Guru Member

    From the OpenVPN ChangeLog:

    2008.11.16 -- Version 2.1_rc14
    * Added additional method parameter to --script-security to preserve
      backward compatibility with system() call semantics used in OpenVPN
      2.1_rc8 and earlier.  To preserve backward compatibility use:
        script-security 3 system
    * Added additional warning messages about --script-security 2
      or higher being required to execute user-defined scripts or
    The code itself is in src/openvpn/init.c (around line 2564) which you can read.

    The short version is that without setting --script-security 1 you will see this message, and doing that will inhibit behaviour such as being able to run user scripts for up/down events (ex. run some script/code when the VPN tunnel goes up or down). Tomato uses --script-security 2 because there are up/down scripts which get used to accomplish tasks (legitimately/justified). There is no other way to inhibit this message. --verb has no effect (see the code).

    If you have qualms with this, please contact the OpenVPN folks directly / file a ticket with them, as this matter has nothing to do with Tomato/TomatoUSB.
  3. EOC_Jason

    EOC_Jason Networkin' Nut Member

    I think "verb 3" is hardcoded in the tomato stuff... I don't know if adding a different verb level in the custom box will override it.

    My OpenVPN spits out a bunch of useless stuff in the logs, you just kind of have to live with ignoring it.
  4. _wb_

    _wb_ Networkin' Nut Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice