Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How to disable logging on OpenVPN server?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to disable logging on OpenVPN server?

miktarqmiktarq Member
in Help

Log files are taking up too much space.

http://hack.training/create-logless-vpn/

https://securityblog.gr/2185/disable-openvpn-logs-in-centos-2/

I have tried these two sites, but I have not. Could not connect to the server. Could you write a sample configuration file?

I'm waiting for your help.

Comments

  • simonindiasimonindia Member
    edited March 2017

    The below works for me

         port 1125   <--- change this to your own spec
     proto udp
    dev tun
    user nobody
    group nogroup
    persist-key
    persist-tun
    keepalive 10 120
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 84.200.69.80"
    push "dhcp-option DNS 84.200.70.40"
    push "redirect-gateway def1 bypass-dhcp" 
    crl-verify crl.pem
    ca ca.crt
    cert server.crt
    key server.key
    tls-auth tls-auth.key 0
    dh dh.pem
    auth SHA256
    cipher AES-128-CBC
    tls-server
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
    verb 0
    log /dev/null
    status /dev/null
  • miktarqmiktarq Member
    edited March 2017

    @simonindia

    port 443
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 46.227.67.134"
push "dhcp-option DNS 192.165.9.158"
push "redirect-gateway def1 bypass-dhcp"
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3

    This is my default config file.

    What do I need to change here?

    port 443
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 46.227.67.134"
push "dhcp-option DNS 192.165.9.158"
push "redirect-gateway def1 bypass-dhcp"
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
!!!status openvpn.log!!! ?? -> delete
verb 0
log /dev/null
status /dev/null

    Should this be like this? Thank you. @simonindia

  • miktarqmiktarq Member

    I solve the problem manually. I use the Angristan script. I downloaded the script and changed the contents of 'verb 3' to 'verb 0'.

    in continuation..

    status openvpn.log (delete) to /dev/null

    I just added it to the bottom.

    log /dev/null

    'Verb 0' must be at the end.

    Save the file.

    Thank you for the help. @simonindia

  • postcdpostcd Member

    Following 2 commands seems to disable logging.

    sed -i '/openvpn-status.log/d' /etc/openvpn/server.conf;sed -i '/verb /d' /etc/openvpn/server.conf;echo -e "log /dev/null\nstatus /dev/null\nverb 0" >> /etc/openvpn/server.conf

    service openvpn restart

  • zekarczekarc Member

    I've used this tutorial in the past: https://hack.training/create-logless-vpn/

    Verb 0 is not good locally as you cannot see your own logs for checking for issues.

  • sureiamsureiam Member
    edited April 2018

    Why not just use log rotate?

Sign In or Register to comment.