"VPN Client already running" keeps appearing in logs

Discussion in 'Tomato Firmware' started by gfunkdave, Oct 9, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    Does anyone know the cause of this line that keeps showing up in my Tomato logs:

    Oct  9 17:35:01 router user.info init[1]: VPN_LOG_NOTE: 73: VPN Client 1 already running...
    I am running an OpenVPN client and a PPTP server on my E3000 running Toastman 7500. I have OpenVPN's log level set to zero with a --verb 0 directive. But, I don't think this is the OpenVPN client logging something. It seems that the router is continually trying to restart the VPN client?

    Thanks for any insight.
  2. koitsu

    koitsu Network Guru Member

    It doesn't look to me like it's trying to restart anything. It looks to me like it's a logging entry that's stating the tunnel is already up:


    I agree that the OpenVPN daemon --verb flag has absolutely nothing to do with this. This is purely a firmware thing, not an OpenVPN thing.

    Looking at the source code to the router firmware, the cause is a call to vpnlog() with a logging level of VPN_LOG_NOTE:

        if ( pidof(&buffer[0]) >= 0 )
            vpnlog(VPN_LOG_NOTE, "VPN Client %d already running...", clientNum);
            vpnlog(VPN_LOG_INFO,"PID: %d", pidof(&buffer[0]));
    vpnlog() is a macro:

    #define VPN_LOG_ERROR -1
    #define VPN_LOG_NOTE 0
    #define VPN_LOG_INFO 1
    #define VPN_LOG_EXTRA 2
    #define vpnlog(level,x...) if(nvram_get_int("vpn_debug")>=level) syslog(LOG_INFO, #level ": " __LINE_T__ ": " x)
    You can see that the NVRAM variable called vpn_debug is what controls the logging level. A value of 0 will not squelch the log message, but a value of -1 (negative one) will. The default value for this NVRAM variable is 0.

    If there is not a GUI option that lets you adjust this, then the solution is simple, and should only need to be done ONCE (unless you erase NVRAM (thorough or simple/quick) sometime in the future). From the CLI or from Tools -> System, do this:

    nvram set vpn_debug=-1
    nvram commit
    You should not need to reboot for this to take effect.

    Be aware this may impact other VPN-oriented logging notices from the firmware itself. You will need to look at the source code yourself and see what other calls to vpnlog() there are which use a value of VPN_LOG_NOTE, VPN_LOG_INFO, or VPN_LOG_EXTRA. All of those will be squelched if you set vpn_debug to -1.

    My opinion? The source code should be changed to use log level VPN_LOG_INFO for "VPN Client %d already running...", instead of VPN_LOG_NOTE.
    QQQTJ likes this.
  3. gfunkdave

    gfunkdave LI Guru Member

    Thanks much for the diagnosis and cure!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice