NoviceNetworker
New Around Here
I was running an ASUS RT-AC66U B1 router that this morning was having trouble connecting to the internet. I was receiving a warning that my ISP's DHCP does not function properly. I restarted the router and cable modem multiple times with the same result and also tried to manually update the firmware on the router and it would not update. I pulled up the router system log and saw what appears to be an OpenVPN connection trying to be established (I don't remember ever turning this on). The log times are also late in the evening and I was not up on any computer. I'm not a networking guy, so I'm curious if those smarter than I see anything suspicious in the below portions of the log? The "out_fd is a pipe" entry occurred over and over for about 45 minutes and this is where the log starts. I'm using a different router now but would like to know if this was just an error with my router or something more? I've removed any specific IP or MAC ADDRESS info in the below:
May 16 23:27:09 kernel: out_fd is a pipe
May 16 23:27:09 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:21 DualWAN: skip single wan wan_led_control - WANRED off
May 16 23:27:26 WAN Connection: WAN(0) link up.
May 16 23:27:26 rc_service: wanduck XXX:notify_rc restart_wan_if 0
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:39 kernel: out_fd is a pipe
May 16 23:27:40 kernel: out_fd is a pipe
May 16 23:27:40 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:48 kernel: out_fd is a pipe
May 16 23:27:48 kernel: out_fd is a pipe
May 16 23:28:01 WAN Connection: WAN(0) link up.
May 16 23:28:01 rc_service: wanduck XXX:notify_rc restart_wan_if 0
May 16 23:28:03 kernel: out_fd is a pipe
May 16 23:28:21 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:21 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:38 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:38 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:59 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS status: Successful (0), rssi:0
May 16 23:28:59 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:29:07 wan: finish adding multi routes
May 16 23:29:08 vpnserver1[9724]: Multiple --up scripts defined. The previously configured script is overridden.
May 16 23:29:08 vpnserver1[9724]: OpenVPN 2.4.11 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 2 2021
May 16 23:29:08 vpnserver1[9724]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.03
May 16 23:29:08 vpnserver1[9731]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 16 23:29:08 vpnserver1[9731]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
May 16 23:29:08 vpnserver1[9731]: Diffie-Hellman initialized with 2048 bit key
May 16 23:29:08 vpnserver1[9731]: TUN/TAP device tun21 opened
May 16 23:29:08 vpnserver1[9731]: TUN/TAP TX queue length set to 100
May 16 23:29:08 vpnserver1[9731]: /sbin/ifconfig tun21 10.8.x.x pointopoint 10.8.x.x mtu 1500
May 16 23:29:09 vpnserver1[9731]: /bin/sh /jffs/updater tun21 1500 1622 10.8.x.x 10.8.x.x init
May 16 23:29:09 vpnserver1[9731]: WARNING: Failed running command (--up/--down): external program exited with error status: 2
May 16 23:29:09 vpnserver1[9731]: Exiting due to fatal error
May 16 23:29:17 dhcp client: bound 192.168.x.x/255.255.x.x via for 20 seconds.
May 16 23:29:21 wan: finish adding multi routes
May 16 23:30:25 BWDPI: fun bitmap = 5ff
May 16 23:30:25 A.QoS: qos_count=0, qos_check=0
May 16 23:30:30 dhcp client: bound EXTERNAL IP ADDRESS/255.255.255.0 via EXTERNAL IP ADDRESS for 4549 seconds.
May 16 23:27:09 kernel: out_fd is a pipe
May 16 23:27:09 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:11 kernel: out_fd is a pipe
May 16 23:27:21 DualWAN: skip single wan wan_led_control - WANRED off
May 16 23:27:26 WAN Connection: WAN(0) link up.
May 16 23:27:26 rc_service: wanduck XXX:notify_rc restart_wan_if 0
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:33 kernel: out_fd is a pipe
May 16 23:27:39 kernel: out_fd is a pipe
May 16 23:27:40 kernel: out_fd is a pipe
May 16 23:27:40 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:47 kernel: out_fd is a pipe
May 16 23:27:48 kernel: out_fd is a pipe
May 16 23:27:48 kernel: out_fd is a pipe
May 16 23:28:01 WAN Connection: WAN(0) link up.
May 16 23:28:01 rc_service: wanduck XXX:notify_rc restart_wan_if 0
May 16 23:28:03 kernel: out_fd is a pipe
May 16 23:28:21 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:21 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:38 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:38 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:28:59 syslog: wlceventd_proc_event(527): eth1: Auth MAC ADDRESS status: Successful (0), rssi:0
May 16 23:28:59 syslog: wlceventd_proc_event(556): eth1: Assoc MAC ADDRESS, status: Successful (0), rssi:0
May 16 23:29:07 wan: finish adding multi routes
May 16 23:29:08 vpnserver1[9724]: Multiple --up scripts defined. The previously configured script is overridden.
May 16 23:29:08 vpnserver1[9724]: OpenVPN 2.4.11 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 2 2021
May 16 23:29:08 vpnserver1[9724]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.03
May 16 23:29:08 vpnserver1[9731]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 16 23:29:08 vpnserver1[9731]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
May 16 23:29:08 vpnserver1[9731]: Diffie-Hellman initialized with 2048 bit key
May 16 23:29:08 vpnserver1[9731]: TUN/TAP device tun21 opened
May 16 23:29:08 vpnserver1[9731]: TUN/TAP TX queue length set to 100
May 16 23:29:08 vpnserver1[9731]: /sbin/ifconfig tun21 10.8.x.x pointopoint 10.8.x.x mtu 1500
May 16 23:29:09 vpnserver1[9731]: /bin/sh /jffs/updater tun21 1500 1622 10.8.x.x 10.8.x.x init
May 16 23:29:09 vpnserver1[9731]: WARNING: Failed running command (--up/--down): external program exited with error status: 2
May 16 23:29:09 vpnserver1[9731]: Exiting due to fatal error
May 16 23:29:17 dhcp client: bound 192.168.x.x/255.255.x.x via for 20 seconds.
May 16 23:29:21 wan: finish adding multi routes
May 16 23:30:25 BWDPI: fun bitmap = 5ff
May 16 23:30:25 A.QoS: qos_count=0, qos_check=0
May 16 23:30:30 dhcp client: bound EXTERNAL IP ADDRESS/255.255.255.0 via EXTERNAL IP ADDRESS for 4549 seconds.