Page 1 of 1
[Solved] Run route-up/down scripts as specific user
Posted: Sat Oct 13, 2018 10:11 am
by jogo
Hi,
I've got openvpn working mostly fine on a pi running Raspbian but I've got some issues when the route-up/down scripts are run as root. I'm looking to run my route-up and down scripts as a specific user instead, is this possible?
The issue I'm having is that when the scripts run I keep getting issues with user limits, e.g:
unable to execute [process]: Resource temporarily unavailable
I've tried to increase the process limit for all users, as this looks like the issue below but it doesn't seem to have any effect. If anyone has any ideas how to increase these limits too I'm open to that option instead, although I've tried a few things.
Changing my route-up script to:
Will log the following:
uid=0(root) gid=0(root) groups=0(root)
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 8192
coredump(blocks) 0
memory(kbytes) unlimited
locked memory(kbytes) 64
process 10
nofiles 1048576
vmemory(kbytes) unlimited
locks unlimited
rtprio 0
Thanks
Re: Run route-up/down scripts as specific user
Posted: Thu Nov 01, 2018 12:37 pm
by jogo
Bump. Any ideas on this would be really appreciated. I'm really stumped and haven't been able to get past this issue
Re: Run route-up/down scripts as specific user
Posted: Thu Nov 01, 2018 12:39 pm
by TinCanTech
Re: Run route-up/down scripts as specific user
Posted: Sun Nov 11, 2018 10:54 am
by jogo
Thanks for replying, I've included all of the info below.
OS:
Code: Select all
Linux pi2 4.9.59-v7+ #1047 SMP Sun Oct 29 12:19:23 GMT 2017 armv7l GNU/Linux
Network setup:
Code: Select all
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.15 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::8399:77d9:ca9:d3db prefixlen 64 scopeid 0x20<link>
inet6 fdaa:bbcc:ddee:0:b0e2:3840:385d:e90b prefixlen 64 scopeid 0x0<global>
ether b8:27:eb:c9:bc:78 txqueuelen 1000 (Ethernet)
RX packets 3857 bytes 438699 (428.4 KiB)
RX errors 0 dropped 45 overruns 0 frame 0
TX packets 1865 bytes 434806 (424.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 96 bytes 10120 (9.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 96 bytes 10120 (9.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Client config:
Code: Select all
client
auth-user-pass /etc/openvpn/userpass.data
management 127.0.0.1 5001
management-log-cache 50
dev tun
proto udp
#user pi
comp-lzo
fast-io
script-security 2
#mtu-disc yes
verb 4
#mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append /var/log/vpn.log
ca /etc/openvpn/ca.crt
status-version 3
status status
daemon
route-up /etc/openvpn/route-up.sh
down-pre
down /etc/openvpn/down.sh
remote x.x.x.x [port]
Log:
Code: Select all
Sat Nov 10 12:25:05 2018 us=502734 Current Parameter Settings:
Sat Nov 10 12:25:05 2018 us=502928 config = '/etc/openvpn/client.conf'
Sat Nov 10 12:25:05 2018 us=502971 mode = 0
Sat Nov 10 12:25:05 2018 us=503014 persist_config = DISABLED
Sat Nov 10 12:25:05 2018 us=503047 persist_mode = 1
Sat Nov 10 12:25:05 2018 us=503089 show_ciphers = DISABLED
Sat Nov 10 12:25:05 2018 us=503121 show_digests = DISABLED
Sat Nov 10 12:25:05 2018 us=503152 show_engines = DISABLED
Sat Nov 10 12:25:05 2018 us=503185 genkey = DISABLED
Sat Nov 10 12:25:05 2018 us=503218 key_pass_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=503253 show_tls_ciphers = DISABLED
Sat Nov 10 12:25:05 2018 us=503286 connect_retry_max = 0
Sat Nov 10 12:25:05 2018 us=503322 Connection profiles [0]:
Sat Nov 10 12:25:05 2018 us=503355 proto = udp
Sat Nov 10 12:25:05 2018 us=503391 local = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=503424 local_port = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=503457 remote = '[ my server name ]'
Sat Nov 10 12:25:05 2018 us=503489 remote_port = '[ portno ]'
Sat Nov 10 12:25:05 2018 us=503528 remote_float = DISABLED
Sat Nov 10 12:25:05 2018 us=503579 bind_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=503627 bind_local = DISABLED
Sat Nov 10 12:25:05 2018 us=503676 bind_ipv6_only = DISABLED
Sat Nov 10 12:25:05 2018 us=503711 connect_retry_seconds = 5
Sat Nov 10 12:25:05 2018 us=503742 connect_timeout = 120
Sat Nov 10 12:25:05 2018 us=503778 socks_proxy_server = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=503828 socks_proxy_port = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=503866 tun_mtu = 1500
Sat Nov 10 12:25:05 2018 us=503908 tun_mtu_defined = ENABLED
Sat Nov 10 12:25:05 2018 us=503951 link_mtu = 1500
Sat Nov 10 12:25:05 2018 us=503983 link_mtu_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=504015 tun_mtu_extra = 0
Sat Nov 10 12:25:05 2018 us=504047 tun_mtu_extra_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=504080 mtu_discover_type = -1
Sat Nov 10 12:25:05 2018 us=504112 fragment = 0
Sat Nov 10 12:25:05 2018 us=504144 mssfix = 1450
Sat Nov 10 12:25:05 2018 us=504183 explicit_exit_notification = 0
Sat Nov 10 12:25:05 2018 us=504216 Connection profiles END
Sat Nov 10 12:25:05 2018 us=504248 remote_random = DISABLED
Sat Nov 10 12:25:05 2018 us=504280 ipchange = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504312 dev = 'tun'
Sat Nov 10 12:25:05 2018 us=504344 dev_type = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504375 dev_node = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504407 lladdr = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504440 topology = 1
Sat Nov 10 12:25:05 2018 us=504472 ifconfig_local = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504505 ifconfig_remote_netmask = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504537 ifconfig_noexec = DISABLED
Sat Nov 10 12:25:05 2018 us=504570 ifconfig_nowarn = DISABLED
Sat Nov 10 12:25:05 2018 us=504605 ifconfig_ipv6_local = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504638 ifconfig_ipv6_netbits = 0
Sat Nov 10 12:25:05 2018 us=504676 ifconfig_ipv6_remote = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=504722 shaper = 0
Sat Nov 10 12:25:05 2018 us=504765 mtu_test = 0
Sat Nov 10 12:25:05 2018 us=504815 mlock = DISABLED
Sat Nov 10 12:25:05 2018 us=504848 keepalive_ping = 0
Sat Nov 10 12:25:05 2018 us=504893 keepalive_timeout = 0
Sat Nov 10 12:25:05 2018 us=504936 inactivity_timeout = 0
Sat Nov 10 12:25:05 2018 us=504969 ping_send_timeout = 0
Sat Nov 10 12:25:05 2018 us=505002 ping_rec_timeout = 0
Sat Nov 10 12:25:05 2018 us=505034 ping_rec_timeout_action = 0
Sat Nov 10 12:25:05 2018 us=505067 ping_timer_remote = DISABLED
Sat Nov 10 12:25:05 2018 us=505099 remap_sigusr1 = 0
Sat Nov 10 12:25:05 2018 us=505131 persist_tun = ENABLED
Sat Nov 10 12:25:05 2018 us=505163 persist_local_ip = DISABLED
Sat Nov 10 12:25:05 2018 us=505196 persist_remote_ip = DISABLED
Sat Nov 10 12:25:05 2018 us=505231 persist_key = ENABLED
Sat Nov 10 12:25:05 2018 us=505269 passtos = DISABLED
Sat Nov 10 12:25:05 2018 us=505311 resolve_retry_seconds = 1000000000
Sat Nov 10 12:25:05 2018 us=505380 resolve_in_advance = DISABLED
Sat Nov 10 12:25:05 2018 us=505413 username = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=505446 groupname = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=505480 chroot_dir = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=505516 cd_dir = '/etc/openvpn'
Sat Nov 10 12:25:05 2018 us=505550 writepid = '/run/openvpn/client.pid'
Sat Nov 10 12:25:05 2018 us=505582 up_script = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=505620 down_script = '/etc/openvpn/down.sh'
Sat Nov 10 12:25:05 2018 us=505659 down_pre = ENABLED
Sat Nov 10 12:25:05 2018 us=505691 up_restart = DISABLED
Sat Nov 10 12:25:05 2018 us=505726 up_delay = DISABLED
Sat Nov 10 12:25:05 2018 us=505770 daemon = ENABLED
Sat Nov 10 12:25:05 2018 us=505803 inetd = 0
Sat Nov 10 12:25:05 2018 us=505836 log = ENABLED
Sat Nov 10 12:25:05 2018 us=505867 suppress_timestamps = DISABLED
Sat Nov 10 12:25:05 2018 us=505899 machine_readable_output = DISABLED
Sat Nov 10 12:25:05 2018 us=505932 nice = 0
Sat Nov 10 12:25:05 2018 us=505964 verbosity = 4
Sat Nov 10 12:25:05 2018 us=505996 mute = 0
Sat Nov 10 12:25:05 2018 us=506027 gremlin = 0
Sat Nov 10 12:25:05 2018 us=506060 status_file = 'status'
Sat Nov 10 12:25:05 2018 us=506092 status_file_version = 3
Sat Nov 10 12:25:05 2018 us=506128 status_file_update_freq = 10
Sat Nov 10 12:25:05 2018 us=506161 occ = ENABLED
Sat Nov 10 12:25:05 2018 us=506193 rcvbuf = 0
Sat Nov 10 12:25:05 2018 us=506225 sndbuf = 0
Sat Nov 10 12:25:05 2018 us=506267 mark = 0
Sat Nov 10 12:25:05 2018 us=506320 sockflags = 0
Sat Nov 10 12:25:05 2018 us=506369 fast_io = ENABLED
Sat Nov 10 12:25:05 2018 us=506419 comp.alg = 2
Sat Nov 10 12:25:05 2018 us=506463 comp.flags = 1
Sat Nov 10 12:25:05 2018 us=506495 route_script = '/etc/openvpn/route-up.sh'
Sat Nov 10 12:25:05 2018 us=506528 route_default_gateway = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=506575 route_default_metric = 0
Sat Nov 10 12:25:05 2018 us=506625 route_noexec = DISABLED
Sat Nov 10 12:25:05 2018 us=506662 route_delay = 0
Sat Nov 10 12:25:05 2018 us=506707 route_delay_window = 30
Sat Nov 10 12:25:05 2018 us=506743 route_delay_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=506776 route_nopull = DISABLED
Sat Nov 10 12:25:05 2018 us=506808 route_gateway_via_dhcp = DISABLED
Sat Nov 10 12:25:05 2018 us=506841 allow_pull_fqdn = DISABLED
Sat Nov 10 12:25:05 2018 us=506874 management_addr = '127.0.0.1'
Sat Nov 10 12:25:05 2018 us=506907 management_port = '5001'
Sat Nov 10 12:25:05 2018 us=506941 management_user_pass = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=506985 management_log_history_cache = 50
Sat Nov 10 12:25:05 2018 us=507018 management_echo_buffer_size = 100
Sat Nov 10 12:25:05 2018 us=507050 management_write_peer_info_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=507083 management_client_user = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=507116 management_client_group = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=507149 management_flags = 0
Sat Nov 10 12:25:05 2018 us=507182 shared_secret_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=507215 key_direction = 0
Sat Nov 10 12:25:05 2018 us=507247 ciphername = 'bf-cbc'
Sat Nov 10 12:25:05 2018 us=507280 ncp_enabled = ENABLED
Sat Nov 10 12:25:05 2018 us=507314 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Nov 10 12:25:05 2018 us=507346 authname = 'sha1'
Sat Nov 10 12:25:05 2018 us=507378 prng_hash = 'SHA1'
Sat Nov 10 12:25:05 2018 us=507414 prng_nonce_secret_len = 16
Sat Nov 10 12:25:05 2018 us=507448 keysize = 0
Sat Nov 10 12:25:05 2018 us=507487 engine = DISABLED
Sat Nov 10 12:25:05 2018 us=507528 replay = ENABLED
Sat Nov 10 12:25:05 2018 us=507570 mute_replay_warnings = DISABLED
Sat Nov 10 12:25:05 2018 us=507620 replay_window = 64
Sat Nov 10 12:25:05 2018 us=507652 replay_time = 15
Sat Nov 10 12:25:05 2018 us=507699 packet_id_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=507744 use_iv = ENABLED
Sat Nov 10 12:25:05 2018 us=507777 test_crypto = DISABLED
Sat Nov 10 12:25:05 2018 us=507810 tls_server = DISABLED
Sat Nov 10 12:25:05 2018 us=507871 tls_client = ENABLED
Sat Nov 10 12:25:05 2018 us=507904 key_method = 2
Sat Nov 10 12:25:05 2018 us=507936 ca_file = '/etc/openvpn/ca.crt'
Sat Nov 10 12:25:05 2018 us=507969 ca_path = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508001 dh_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508035 cert_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508077 extra_certs_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508120 priv_key_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508156 pkcs12_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508190 cipher_list = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508223 tls_verify = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508254 tls_export_cert = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508292 verify_x509_type = 0
Sat Nov 10 12:25:05 2018 us=508327 verify_x509_name = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508359 crl_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=508392 ns_cert_type = 0
Sat Nov 10 12:25:05 2018 us=508481 remote_cert_ku[i] = 160
Sat Nov 10 12:25:05 2018 us=508524 remote_cert_ku[i] = 136
Sat Nov 10 12:25:05 2018 us=508557 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508592 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508634 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508669 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508712 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508744 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508776 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508809 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508840 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508872 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508904 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508936 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=508968 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=509000 remote_cert_ku[i] = 0
Sat Nov 10 12:25:05 2018 us=509038 remote_cert_eku = 'TLS Web Server Authentication'
Sat Nov 10 12:25:05 2018 us=509072 ssl_flags = 0
Sat Nov 10 12:25:05 2018 us=509104 tls_timeout = 2
Sat Nov 10 12:25:05 2018 us=509136 renegotiate_bytes = -1
Sat Nov 10 12:25:05 2018 us=509187 renegotiate_packets = 0
Sat Nov 10 12:25:05 2018 us=509244 renegotiate_seconds = 3600
Sat Nov 10 12:25:05 2018 us=509291 handshake_window = 60
Sat Nov 10 12:25:05 2018 us=509334 transition_window = 3600
Sat Nov 10 12:25:05 2018 us=509366 single_session = DISABLED
Sat Nov 10 12:25:05 2018 us=509399 push_peer_info = DISABLED
Sat Nov 10 12:25:05 2018 us=509450 tls_exit = DISABLED
Sat Nov 10 12:25:05 2018 us=509488 tls_auth_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=509530 tls_crypt_file = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=509576 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509609 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509642 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509674 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509708 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509740 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509773 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509817 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509850 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509882 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509914 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509947 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=509979 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=510012 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=510045 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=510079 pkcs11_protected_authentication = DISABLED
Sat Nov 10 12:25:05 2018 us=510114 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510147 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510212 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510246 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510285 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510331 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510382 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510425 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510462 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510496 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510529 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510561 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510594 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510626 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510659 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510693 pkcs11_private_mode = 00000000
Sat Nov 10 12:25:05 2018 us=510726 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510759 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510809 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510850 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510884 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510916 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510949 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=510983 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511019 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511051 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511084 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511120 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511160 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511193 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511228 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511274 pkcs11_cert_private = DISABLED
Sat Nov 10 12:25:05 2018 us=511311 pkcs11_pin_cache_period = -1
Sat Nov 10 12:25:05 2018 us=511343 pkcs11_id = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=511375 pkcs11_id_management = DISABLED
Sat Nov 10 12:25:05 2018 us=511436 server_network = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511482 server_netmask = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511543 server_network_ipv6 = ::
Sat Nov 10 12:25:05 2018 us=511578 server_netbits_ipv6 = 0
Sat Nov 10 12:25:05 2018 us=511614 server_bridge_ip = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511656 server_bridge_netmask = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511693 server_bridge_pool_start = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511728 server_bridge_pool_end = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511768 ifconfig_pool_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=511824 ifconfig_pool_start = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511885 ifconfig_pool_end = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511941 ifconfig_pool_netmask = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=511975 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=512008 ifconfig_pool_persist_refresh_freq = 600
Sat Nov 10 12:25:05 2018 us=512045 ifconfig_ipv6_pool_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=512098 ifconfig_ipv6_pool_base = ::
Sat Nov 10 12:25:05 2018 us=512134 ifconfig_ipv6_pool_netbits = 0
Sat Nov 10 12:25:05 2018 us=512179 n_bcast_buf = 256
Sat Nov 10 12:25:05 2018 us=512220 tcp_queue_limit = 64
Sat Nov 10 12:25:05 2018 us=512253 real_hash_size = 256
Sat Nov 10 12:25:05 2018 us=512286 virtual_hash_size = 256
Sat Nov 10 12:25:05 2018 us=512320 client_connect_script = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=512353 learn_address_script = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=512394 client_disconnect_script = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=512431 client_config_dir = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=512464 ccd_exclusive = DISABLED
Sat Nov 10 12:25:05 2018 us=512496 tmp_dir = '/tmp'
Sat Nov 10 12:25:05 2018 us=512529 push_ifconfig_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=512600 push_ifconfig_local = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=512637 push_ifconfig_remote_netmask = 0.0.0.0
Sat Nov 10 12:25:05 2018 us=512673 push_ifconfig_ipv6_defined = DISABLED
Sat Nov 10 12:25:05 2018 us=512713 push_ifconfig_ipv6_local = ::/0
Sat Nov 10 12:25:05 2018 us=512748 push_ifconfig_ipv6_remote = ::
Sat Nov 10 12:25:05 2018 us=512781 enable_c2c = DISABLED
Sat Nov 10 12:25:05 2018 us=512816 duplicate_cn = DISABLED
Sat Nov 10 12:25:05 2018 us=512849 cf_max = 0
Sat Nov 10 12:25:05 2018 us=512882 cf_per = 0
Sat Nov 10 12:25:05 2018 us=512929 max_clients = 1024
Sat Nov 10 12:25:05 2018 us=512974 max_routes_per_client = 256
Sat Nov 10 12:25:05 2018 us=513023 auth_user_pass_verify_script = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=513061 auth_user_pass_verify_script_via_file = DISABLED
Sat Nov 10 12:25:05 2018 us=513095 auth_token_generate = DISABLED
Sat Nov 10 12:25:05 2018 us=513129 auth_token_lifetime = 0
Sat Nov 10 12:25:05 2018 us=513161 port_share_host = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=513195 port_share_port = '[UNDEF]'
Sat Nov 10 12:25:05 2018 us=513228 client = ENABLED
Sat Nov 10 12:25:05 2018 us=513259 pull = ENABLED
Sat Nov 10 12:25:05 2018 us=513293 auth_user_pass_file = '/etc/openvpn/userpass.data'
Sat Nov 10 12:25:05 2018 us=513332 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Sat Nov 10 12:25:05 2018 us=513380 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sat Nov 10 12:25:05 2018 us=515105 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:5001
Sat Nov 10 12:25:05 2018 us=516205 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 10 12:25:05 2018 us=521188 LZO compression initializing
Sat Nov 10 12:25:05 2018 us=521669 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Nov 10 12:25:05 2018 us=540933 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sat Nov 10 12:25:05 2018 us=541128 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Nov 10 12:25:05 2018 us=541170 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Nov 10 12:25:05 2018 us=541255 TCP/UDP: Preserving recently used remote address: [AF_INET]Server_ip_address:PORTNO
Sat Nov 10 12:25:05 2018 us=541315 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Nov 10 12:25:05 2018 us=541368 UDP link local: (not bound)
Sat Nov 10 12:25:05 2018 us=541409 UDP link remote: [AF_INET]Server_ip_address:PORTNO
Sat Nov 10 12:25:05 2018 us=556367 TLS: Initial packet from [AF_INET]Server_ip_address:PORTNO, sid=1f542161 9a190302
Sat Nov 10 12:25:05 2018 us=556671 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Nov 10 12:25:05 2018 us=580321 VERIFY OK: [ cert details ]
Sat Nov 10 12:25:05 2018 us=581475 Validating certificate key usage
Sat Nov 10 12:25:05 2018 us=581524 ++ Certificate has key usage 00a0, expects 00a0
Sat Nov 10 12:25:05 2018 us=581558 VERIFY KU OK
Sat Nov 10 12:25:05 2018 us=581602 Validating certificate extended key usage
Sat Nov 10 12:25:05 2018 us=581645 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Nov 10 12:25:05 2018 us=581680 VERIFY EKU OK
Sat Nov 10 12:25:05 2018 us=581713 VERIFY OK: [ cert details ]
Sat Nov 10 12:25:05 2018 us=790080 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 10 12:25:05 2018 us=790240 [790bdc3fe236222129407734e906b872] Peer Connection Initiated with [AF_INET]Server_ip_address:PORTNO
Sat Nov 10 12:25:07 2018 us=10759 SENT CONTROL [790bdc3fe236222129407734e906b872]: 'PUSH_REQUEST' (status=1)
Sat Nov 10 12:25:07 2018 us=25815 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS [ dns ],dhcp-option DNS [ dns ],ping 10,comp-lzo no,route 10.31.10.1,topology net30,ifconfig 10.31.10.6 10.31.10.5,auth-token'
Sat Nov 10 12:25:07 2018 us=26318 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov 10 12:25:07 2018 us=26396 OPTIONS IMPORT: compression parms modified
Sat Nov 10 12:25:07 2018 us=26471 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov 10 12:25:07 2018 us=26538 OPTIONS IMPORT: route options modified
Sat Nov 10 12:25:07 2018 us=26606 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov 10 12:25:07 2018 us=26717 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:406 ET:0 EL:3 ]
Sat Nov 10 12:25:07 2018 us=27603 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 10 12:25:07 2018 us=27688 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Nov 10 12:25:07 2018 us=27774 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 10 12:25:07 2018 us=28078 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 10 12:25:07 2018 us=28157 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Nov 10 12:25:07 2018 us=28243 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 10 12:25:07 2018 us=28318 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sat Nov 10 12:25:07 2018 us=28908 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:c9:bc:78
Sat Nov 10 12:25:07 2018 us=33651 TUN/TAP device tun0 opened
Sat Nov 10 12:25:07 2018 us=33843 TUN/TAP TX queue length set to 100
Sat Nov 10 12:25:07 2018 us=33956 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Nov 10 12:25:07 2018 us=34082 /sbin/ip link set dev tun0 up mtu 1500
Sat Nov 10 12:25:07 2018 us=45386 /sbin/ip addr add dev tun0 local 10.31.10.6 peer 10.31.10.5
Sat Nov 10 12:25:07 2018 us=54072 /sbin/ip route add Server_ip_address/32 via 192.168.1.1
Sat Nov 10 12:25:07 2018 us=60447 /sbin/ip route add 0.0.0.0/1 via 10.31.10.5
Sat Nov 10 12:25:07 2018 us=66669 /sbin/ip route add 128.0.0.0/1 via 10.31.10.5
Sat Nov 10 12:25:07 2018 us=75032 /sbin/ip route add 10.31.10.1/32 via 10.31.10.5
uid=0(root) gid=0(root) groups=0(root)
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 8192
coredump(blocks) 0
memory(kbytes) unlimited
locked memory(kbytes) 64
process 10
nofiles 1048576
vmemory(kbytes) unlimited
locks unlimited
rtprio 0
Sat Nov 10 12:25:09 2018 us=182330 Initialization Sequence Completed
terminate called after throwing an instance of 'boost::system::system_error'
what(): thread: Resource temporarily unavailable
route-up.sh:
Code: Select all
#!/bin/sh
id
ulimit -a
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE
sudo -u pi deluged
Re: Run route-up/down scripts as specific user
Posted: Sun Nov 11, 2018 12:47 pm
by TinCanTech
jogo wrote: ↑Sun Nov 11, 2018 10:54 am
OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
This is old, is there an upgrade available for your distro?
jogo wrote: ↑Sun Nov 11, 2018 10:54 am
route-up.sh
Openvpn does not search your $PATH so all these commands need to be in full, eg: "/sbin/iptables" (Not sure how your script is running)
jogo wrote: ↑Sat Oct 13, 2018 10:11 am
process 10
I presume this by systemd, if so you can edit the openvpn*.service file (Which ever you are using)
Re: Run route-up/down scripts as specific user
Posted: Tue Nov 13, 2018 9:12 pm
by jogo
Thanks so much! I managed to find/fix the process limit by editing the service file (as below in my case).
/run/systemd/generator/openvpn.service.wants/
openvpn@client.service
Fixed that script up too and checked for updates and I'm on the latest.
Thanks again, really saved me from so much frustration!