Hi *,
this is definitely not off-topic, I just did not find a better place to make this comment (is there any ?).
I'm using
OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Windows version 6.2 (Windows 8 or greater) 64bit
library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
I have "verb 0" in the config file, which in the manual https://community.openvpn.net/openvpn/w ... n24ManPage says "0 -- No output except fatal errors." .
Still, my log file is filled with
Fri Jun 01 13:42:59 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jun 01 13:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 13:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 13:43:01 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Fri Jun 01 13:43:01 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
(etc.)
Are these fatal errors ? The connection works (although it does not say so in the log...).
Thanks for help (and perhaps some fix),
jvejv
--verb 0
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: --verb 0
This is not Off Topic 
server administration or configuration would have done but never mind ..
You are correct that --verb 0 does not do what it says on the tin .. I have raised this with the developers but, unfortunately, it is more difficult to fix than it first appears and also not very important, so it probably will not get fixed. Sorry about that.
server administration or configuration would have done but never mind ..You are correct that --verb 0 does not do what it says on the tin .. I have raised this with the developers but, unfortunately, it is more difficult to fix than it first appears and also not very important, so it probably will not get fixed. Sorry about that.
-
jvejv
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jun 01, 2018 11:52 am
Re: --verb 0
Thank you, TinCanTech,
it's a client thing, filling the client log with a red warning again and again, in fact telling windows users to come to their administrator / provider and demand a fix for this most important (it's printed in red, so..) security issue. Too bad.
jvejv
Fri Jun 01 13:43:01 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 01 14:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 14:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 15:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 15:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 16:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 16:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 17:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 17:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 18:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 18:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 19:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 19:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
(etc. etc.)
it's a client thing, filling the client log with a red warning again and again, in fact telling windows users to come to their administrator / provider and demand a fix for this most important (it's printed in red, so..) security issue. Too bad.
jvejv
Fri Jun 01 13:43:01 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 01 14:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 14:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 15:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 15:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 16:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 16:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 17:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 17:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 18:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 18:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 19:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Jun 01 19:43:01 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
(etc. etc.)