Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    syslog deforms openvpn.log

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 297 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Milan Bednar
      last edited by

      Hi,

      I use OpenVPN service in pfSense for client remote access SSL VPN with TLS authentication.

      Server side authetication is done via /usr/local/sbin/ovpn_auth_verify script. User certificates are stored on smart cards and issued by Czech accredited CA.

      I'm facing a problem with wrong chracter encoding in /var/log/openvpn.log. Some latin characters taken from user certificate subject are not logged correctly - e.g. the last character of my last name (Unicode Code Point U+159 - LATIN SMALL LETTER R WITH CARON).

      I tested this on pfSense v 2.4.5, 2.5.1, 2.6.0.

      No locale modification was made on OS level. I suspect syslog to deform these messages - please see details below.

      Can anyone help?

      Thank you
      Milan

      [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: cat /var/log/openvpn.log  | grep -A1 -B1 Milan
Apr 28 15:00:46 pfSense openvpn[2297]: 192.168.122.174:58699 [Milan Bedná�M-^Y] Peer Connection Initiated with [AF_INET]192.168.122.174:58699
Apr 28 15:00:46 pfSense openvpn[2297]: Milan Bedná�M-^Y/192.168.122.174:58699 MULTI_sva: pool returned IPv4=10.0.10.2, IPv6=(Not enabled)


      [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: hexdump -C  /var/log/openvpn.log | grep Milan
00000ca0  66 53 65 6e 73 65 20 6f  70 65 6e 76 70 6e 5b 32  |fSense openvpn[2|
00000cb0  32 39 37 5d 3a 20 4d 69  6c 61 6e 20 42 65 64 6e  |297]: Milan Bedn|
00000cc0  c3 a1 c5 4d 2d 5e 59 2f  31 39 32 2e 31 36 38 2e  |...M-^Y/192.168.|

      When I add custom config parameter log-append /var/log/test.log to openvpn, so it writes messages directly to this file, the records are correct:

      [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: grep Milan /var/log/test.log
2021-04-30 09:26:05 10.63.12.14:53998 [Milan Bednář] Peer Connection Initiated with [AF_INET]10.63.12.14:53998
2021-04-30 09:26:05 Milan Bednář/10.63.12.14:53998 MULTI_sva: pool returned IPv4=100.64.98.2, IPv6=(Not enabled)

      [2.6.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: hexdump -C  /var/log/test.log | grep Milan
00037460  30 2e 36 33 2e 31 32 2e  31 34 3a 35 33 39 39 38  |0.63.12.14:53998|
00037470  0a 32 30 32 31 2d 30 34  2d 33 30 20 30 39 3a 32  |.2021-04-30 09:2|
00037480  36 3a 30 35 20 4d 69 6c  61 6e 20 42 65 64 6e c3  |6:05 Milan Bedn.|
00037490  a1 c5 99 2f 31 30 2e 36  33 2e 31 32 2e 31 34 3a  |.../10.63.12.14:|
000374a0  35 33 39 39 38 20 4d 55  4c 54 49 5f 73 76 61 3a  |53998 MULTI_sva:|

      Also there is no message text in System Logs GUI for malformed records in original configuration.

      openvpn-log.png

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.