How do I stop logging for an OpenVPN connection?

**snipehunter** · March 29th, 2013

I have been an Ubuntu user for 5 years and have learned by fiddling, googling, and forum ghosting, so I have moderate abilities. I am running Ubuntu 10.04 from a CD install.

I have been trying to get a vpn working using OpenVPN and privatetunnel.com. I have managed to get it up and running, after some work but there is still a flood of log traffic that's being recorded for all my connections through VPN.

I could not get the vpn working, and eventually tracked it down to firewall settings. The last few steps I did to get past the firewall was use these commands. (I couldn't figure out how to do this on firestarter so I ended up using the cli)

Code:

sudo iptables -F
sudo iptables -A INPUT -i tun+ -j ACCEPT
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o eth0 -j ACCEPT
sudo iptables -A FOWARD -i eth0 -o tun+ -j ACCEPT

However, even though my vpn will now successfully work, I am still getting a ton of data in my log files. Here's an except with ip's removed.

Code:

Mar 29 13:39:24 derrick-laptop kernel: [122937.307744] Unknown InputIN=tun0 OUT= MAC= 
Mar 29 13:39:24 derrick-laptop kernel: [122937.312044] Unknown OutputIN= OUT=tun0  
Mar 29 13:39:24 derrick-laptop kernel: [122937.318113] Unknown InputIN=tun0 OUT= MAC=

Based on this, I think the TUN connection is not being recognised.

I noticed in the syslog was registering the creation of the TUN interface.

Code:

Mar 29 13:39:30 derrick-laptop NetworkManager:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)

Any suggestions on what I am missing to get the logs to stop screaming at me when I am using VPN?

**The Cog** · March 29th, 2013

I suspect there is some old firewall configuration still in there. To see the full iptables configuration, I think the best command is

Code:

sudo iptables-save -c

which will also show you the counters as for how many bytes/packets were recognised by each line, useful for debugging.

**snipehunter** · April 1st, 2013

Ok. So this long weekend I tried running the VPN at home and got a different response. No flood of log information. Here is the output, from the iptables-save command. Will try running this from the office as well (which is where the problem occured), and will mark this solved if it seems resolved there too.

Code:

# Generated by iptables-save v1.4.4 on Mon Apr  1 16:24:07 2013
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [293:23209]
:OUTPUT ACCEPT [293:23209]
COMMIT
# Completed on Mon Apr  1 16:24:07 2013
# Generated by iptables-save v1.4.4 on Mon Apr  1 16:24:07 2013
*mangle
:PREROUTING ACCEPT [10594:9956297]
:INPUT ACCEPT [10565:9953538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8733:1001807]
:POSTROUTING ACCEPT [8854:1020548]
COMMIT
# Completed on Mon Apr  1 16:24:07 2013
# Generated by iptables-save v1.4.4 on Mon Apr  1 16:24:07 2013
*filter
:INPUT ACCEPT [10565:9953538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8733:1001807]
COMMIT
# Completed on Mon Apr  1 16:24:07 2013

**snipehunter** · April 3rd, 2013

I ran the VPN at work and got a flood in the log file. At home I was mostly using wireless, which is not eth0. I ran the iptables-save command. I took a look and wondered if this is the offending line. I am hestitant to post the whole thing because of IP's. Please let me know if the below is the problem, and what to do to fix it. Also, if it is not, what would help diagnose the problem, (i.e. how much should or shouldn't I post to the forum.

[102:4789] -A OUTPUT -j LOG_FILTER
[102:4789] -A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6

**SeijiSensei** · April 3rd, 2013

Without knowing what is above that rule, it will log every single outbound packet that hasn't matched another output rule above it. My guess is your traffic doesn't match any rule since it is probably using an arbitrary UDP port, so every outbound packet gets logged.

A quick solution is to add a line above those rules like

Code:

/sbin/iptables -A OUTPUT -o tun0 -j ACCEPT

so that outbound tunnel traffic matches that rule and will not be logged.

**snipehunter** · April 3rd, 2013

Originally Posted by SeijiSensei

Without knowing what is above that rule, it will log every single outbound packet that hasn't matched another output rule above it. My guess is your traffic doesn't match any rule since it is probably using an arbitrary UDP port, so every outbound packet gets logged.

A quick solution is to add a line above those rules like

Code:

/sbin/iptables -A OUTPUT -o tun0 -j ACCEPT

so that outbound tunnel traffic matches that rule and will not be logged.

Thanks for the suggestion. I thought I had done this already, but just to check I flushed the logs and reentered the following.

sudo iptables -F
sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A OUTPUT -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

Still no luck. Getting lots of logs of unkown connection for both input and output through tun0.

Is there a way to add tun0 as a known connection? It's allowing the traffic, but logging it as an unknown connection.

**SeijiSensei** · April 4th, 2013

Are you sure it's using tun0? What does ifconfig show?

**snipehunter** · April 4th, 2013

Here is the output from ifconfig as far as the tun connection is concerned. Just so you are aware, the tun connection is not there unless it is created by a call to openvpn, and is deleted afterwards.

Code:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:*.*.*.* [edited]  P-t-P:*.*.*.* [edited]  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)