On Mon, Sep 8, 2025, at 4:38 PM, Gert Doering wrote: > Hi, > > On Mon, Sep 08, 2025 at 04:24:48PM -0400, Dan Langille wrote: >> I'm using openvpn-2.6.14 on FreeBSD 14.2 >> >> I've noticed these log entries: >> >> Sep 8 18:32:02 gw01 openvpn[63572]: pro06.int.example.org/10.0.0.10:64601 >> OPTIONS IMPORT: reading client specific options from: >> /usr/local/etc/openvpn/ccd/pro06.int.example.org >> Sep 8 18:32:02 gw01 foo[38754]: pro06.int.example.org connected with IP >> 10.0.0.10 >> Sep 8 18:32:02 gw01 openvpn[63572]: pro06.int.example.org/10.0.0.10:64601 >> OPTIONS IMPORT: reading client specific options from: >> /tmp/openvpn_cc_7e069917a782727053dbfb713ff7e3d6.tmp >> >> Why would the second entry be running as user foo? > > Ignore my previous mail, I was assuming "this is an openvpn log prefix", > but that's on the other side of "name[pid]:". > > So this is from a different process than openvpn (pid=63572). No idea > what is running there - do a "ps axwu |grep 38754" to find out...
The processes appear to be short-lived. I think I know why: client-connect /usr/local/sbin/serverlocal-events.sh client-disconnect /usr/local/sbin/serverlocal-events.sh # ls -l /usr/local/sbin/serverlocal-events.sh -rwxr-xr-x 1 root wheel 395 Sep 5 19:22 /usr/local/sbin/serverlocal-events.sh # cat /usr/local/sbin/serverlocal-events.sh #!/bin/sh # Taken from https://forums.openvpn.net/viewtopic.php?t=43899 # Executed on the server side for client connect and disconnect events. # Log client connect or disconnect event with IP address case "$script_type" in client-connect) logger "$common_name connected with IP $trusted_ip" ;; client-disconnect) logger "$common_name disconnected with IP $trusted_ip" esac That's the script which produces the foo entry. I see no reason for it to run as foo. -- Dan Langille [email protected] _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
