Warning from log file?

[JT Strickland]

RT-AC86U with Asus Merlin F/W and RT-AC68U aimesh node, diversion & skynet.

I have refrained in the past from asking questions about the messages from the log file and beyond because I got the impression that the guys that know what is going on don't appreciate those of us who don't asking silly questions about errors, warnings, and other jibberish from the log file. I got to this once, though.

Does this mean anything significant?

"Jan 3 21:15:17 ovpn-client1[9257]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"

 

[Butterfly Bones]

RT-AC86U with Asus Merlin F/W and RT-AC68U aimesh node, diversion & skynet.

I have refrained in the past from asking questions about the messages from the log file and beyond because I got the impression that the guys that know what is going on don't appreciate those of us who don't asking silly questions about errors, warnings, and other jibberish from the log file. I got to this once, though.

Does this mean anything significant?

"Jan 3 21:15:17 ovpn-client1[9257]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this"

It means exactly what it states. To STOP caching passwords in memory (where they may be read by nefarious means) use the "auth-nocache" options in the Custom Configuration section at the very bottom of the VPN Client configuration. Here are mine:

fast-io
ping-restart 120
remote-random
remote-cert-tls server
auth-nocache
route-metric 1

It is an openvpn config parameter, not specific to any vpn provider, this one has a good explanation.
https://www.surfbouncer.com/auth-nocache.htm

That said, if you search with the SNB Search feature and find nothing, please ask. The other day a forum user stated, "Search then seek." Good advice.

 

[JT Strickland]

Thank you. I have learned a lot from searching the forums and from people such as you. The search, for me, often turns up either so much that it is intimidating, or nothing at all.
I have also followed your example for the custom configuration, and mine now reads:

resolv-retry infinite
mute-replay-warnings
fast-io
ping-restart 120
remote-random
remote-cert-tls server
auth-nocache
route-metric 1

The "remote-cert-tls server" was already there as well as the top two, so I added to them. Please let me know if I need to take them out. I do understand it better after reading your link, although I am not completely fluent in the terms and dialog.
thanks again,
jts

 

[Butterfly Bones]

Thank you. I have learned a lot from searching the forums and from people such as you. The search, for me, often turns up either so much that it is intimidating, or nothing at all.
I have also followed your example for the custom configuration, and mine now reads:

resolv-retry infinite
mute-replay-warnings
fast-io
ping-restart 120
remote-random
remote-cert-tls server
auth-nocache
route-metric 1

The "remote-cert-tls server" was already there as well as the top two, so I added to them. Please let me know if I need to take them out. I do understand it better after reading your link, although I am not completely fluent in the terms and dialog.
thanks again,
jts

Some options will throw up errors, depending on the provider. It is mostly trial and error looking at the log file for warnings. If you really want to learn more about OpenVPN options, take a look at this reference. I keep it bookmarked and over time I begin to understand those options.
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/

–auth-nocache
Don’t cache –askpass or –auth-user-pass username/passwords in virtual memory.If specified, this directive will cause OpenVPN to immediately forget username/password inputs after they are used. As a result, when OpenVPN needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an OpenVPN session.

This directive does not affect the –http-proxy username/password. It is always cached.

 

[JT Strickland]

Thanks again. I find all of the networking very interesting. I didn't have a clue it was as complex as it is.
Here's another error that I have seen from time to time:

"Jan 4 19:22:29 ovpn-client1[15690]: TLS Error: local/remote TLS keys are out of sync: [AF_INET]" .....(Then_IP_address_numbers_I_took_out)....

It would be nice if there was a legend of the error messages, or the more serious ones at least. That's about what your link is for OpenVPN. I will study that some. The answer to the TLS sync is in there I bet.
A very senior fossil seemed to scold another noob for digging around in the log files, so I was a little hesitant about saying anything, but hey, that's how I learn.

One thing's for sure, there a lots of entries for blocked kernels in there by skynet and diversion (I assume), so they are doing their jobs.
thanks again,
jts

RT-AC86U with Asus Merlin F/W and RT-AC68U aimesh node, diversion & skynet.