1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Warning from log file?

Discussion in 'ASUS AC Routers & Adapters' started by JT Strickland, Jan 3, 2020.

  1. JT Strickland

    JT Strickland Regular Contributor

    Joined:
    Sep 19, 2019
    Messages:
    194
    RT-AC86U with Asus Merlin F/W and RT-AC68U aimesh node, diversion & skynet.

    I have refrained in the past from asking questions about the messages from the log file and beyond because I got the impression that the guys that know what is going on don't appreciate those of us who don't asking silly questions about errors, warnings, and other jibberish from the log file. I got to this once, though.

    Does this mean anything significant?

    "Jan 3 21:15:17 ovpn-client1[9257]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"
     
  2. Butterfly Bones

    Butterfly Bones Very Senior Member

    Joined:
    Apr 10, 2017
    Messages:
    1,332
    Location:
    USA
    It means exactly what it states. :D To STOP caching passwords in memory (where they may be read by nefarious means) use the "auth-nocache" options in the Custom Configuration section at the very bottom of the VPN Client configuration. Here are mine:
    Code:
    fast-io
    ping-restart 120
    remote-random
    remote-cert-tls server
    auth-nocache
    route-metric 1
    
    It is an openvpn config parameter, not specific to any vpn provider, this one has a good explanation.
    https://www.surfbouncer.com/auth-nocache.htm

    That said, if you search with the SNB Search feature and find nothing, please ask. The other day a forum user stated, "Search then seek." Good advice.
     
    Last edited: Jan 3, 2020
  3. JT Strickland

    JT Strickland Regular Contributor

    Joined:
    Sep 19, 2019
    Messages:
    194
    Thank you. I have learned a lot from searching the forums and from people such as you. The search, for me, often turns up either so much that it is intimidating, or nothing at all.
    I have also followed your example for the custom configuration, and mine now reads:

    resolv-retry infinite
    mute-replay-warnings
    fast-io
    ping-restart 120
    remote-random
    remote-cert-tls server
    auth-nocache
    route-metric 1

    The "remote-cert-tls server" was already there as well as the top two, so I added to them. Please let me know if I need to take them out. I do understand it better after reading your link, although I am not completely fluent in the terms and dialog.
    thanks again,
    jts
     
    Butterfly Bones likes this.
  4. Butterfly Bones

    Butterfly Bones Very Senior Member

    Joined:
    Apr 10, 2017
    Messages:
    1,332
    Location:
    USA
    Some options will throw up errors, depending on the provider. It is mostly trial and error looking at the log file for warnings. If you really want to learn more about OpenVPN options, take a look at this reference. I keep it bookmarked and over time I begin to understand those options. :)
    https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/
    Code:
    –auth-nocache
    Don’t cache –askpass or –auth-user-pass username/passwords in virtual memory.If specified, this directive will cause OpenVPN to immediately forget username/password inputs after they are used. As a result, when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session.
    
    This directive does not affect the –http-proxy username/password. It is always cached.
    
     
    L&LD likes this.
  5. JT Strickland

    JT Strickland Regular Contributor

    Joined:
    Sep 19, 2019
    Messages:
    194
    Thanks again. I find all of the networking very interesting. I didn't have a clue it was as complex as it is.
    Here's another error that I have seen from time to time:

    "Jan 4 19:22:29 ovpn-client1[15690]: TLS Error: local/remote TLS keys are out of sync: [AF_INET]" .....(Then_IP_address_numbers_I_took_out)....

    It would be nice if there was a legend of the error messages, or the more serious ones at least. That's about what your link is for OpenVPN. I will study that some. The answer to the TLS sync is in there I bet.
    A very senior fossil seemed to scold another noob for digging around in the log files, so I was a little hesitant about saying anything, but hey, that's how I learn.

    One thing's for sure, there a lots of entries for blocked kernels in there by skynet and diversion (I assume), so they are doing their jobs.
    thanks again,
    jts

    RT-AC86U with Asus Merlin F/W and RT-AC68U aimesh node, diversion & skynet.
     
    Butterfly Bones likes this.