-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
On Tuesday, July 27th, 2021 at 14:16, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Thu, Jul 15, 2021 at 12:17:45PM +0200, Ralf Hildebrandt wrote: > > > I have quite a few users with old openvpn versions out there which are > > still using TLSv1.0. > > > > Problem: the log line doesn't contain the username: > > > > 2021-07-15 02:13:22 openvpn-gw201-int openvpn-udp 109.69.55.111:63169 > > Control Channel: TLSv1, cipher TLSv1.0 ECDHE-RSA-AES256-SHA, peer > > certificate: 2048 bit RSA, signature: RSA-SHA256 > > > > Right now I'm correlating using field #5 (IP:Port), but is there an easier > > way? > > > > Is the TLS version in any environment variable so I can log it using a > > > > client-connect or learn script? > > Unfortunately, as Richard already said, this is not exported anywhere > > useful. > > So I'd go for the IV_ variables (in the client-connect env, and the log) > > IV_VER=2.4.7 > > IV_PLAT=win > > IV_GUI_VER=OpenVPN_GUI_11 > > I thought we also send the client SSL library, but seems we do not. > It is sent but only if `push-peer-info` is defined in the client. EG: peer info: IV_SSL=OpenSSL_1.1.1k__25_Mar_2021 RR > "Only TLS 1.0" very much hints at "this is a 2.3 client", so should be easy > > to spot. And they really should upgrade. > > gert > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > "If was one thing all people took for granted, was conviction that if you > > feed honest figures into a computer, honest figures come out. Never doubted > > it myself till I met a computer with a sense of humor." > > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de > > Openvpn-users mailing list > > Openvpn-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-users -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJhAAqOACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ38cwf9FvjwbYA2R1pKJYRw0/ocDo6Bttd4todEh08Q/BAhIyykNc3/ SvmMf+cqU2gR0RpyA/rO5ueenbh+QS5H4bzTn+CebaTDjipVpo4wKWBtVrX6 5xr7C/l8S5faMQOL7pxIF1BDVbX1bRDrPCzsJZXDgoNtP1yurX+0W2j7d1Ay cnpYayRIG/glqJb5SmoiBRoVeFhlQ8A5+fM3STKQTHqXwUmkgW5QigXeK/nV dVXBUGWw9OH0q547EQsRQqVWYk0mbKY8UTn6E7rWurFQPNik5mQZR5rivctD y757eHCtEiNiasv/eJdyD+TasHiBoQUEmRE3i5uOVMVylqVGCAT3iw== =MJI5 -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
