Page 1 of 1

Security issue with "route-pre-down"

Posted: Wed Sep 06, 2017 6:25 am
by Revox
I have used the "route-pre-down" script described on your support page. Now with version 1.7.4 I get a Error warning when trying to connect. The text says:

"Error: Unsafe OpenVPN command detected. The connection could not be started as an unsafe OpenVPN command ('route-pre-down') is present. Unsafe commands are blocked to ensure the security of your computer. Please edit your connection and remove the command from under the advanced tab, or turn on 'Allow Unsafe OpenVPN commands' option in the Advanced Preferences area."

Feels like moment 22. What are the security issue if I use the option "Allow Unsafe OpenVPN commands"?
And why is "route-pre-down" a unsafe script?

Re: Security issue with "route-pre-down"

Posted: Wed Sep 06, 2017 10:05 am
by James
Hi Revox,

There is no security issue to be concerned about in this instance. Rather Viscosity resets any security related options when updated to ensure secure defaults are used for the version. It sounds likely you've enabled the "AllowOpenVPNScripts" option, which has reset back to off after the update. This can be re-enabled using the command at:
https://www.sparklabs.com/support/kb/ar ... ect-occurs

More information about Viscosity's unsafe command detection can be found at:
https://www.sparklabs.com/support/kb/ar ... -detected/

Cheers,
James

Re: Security issue with "route-pre-down"

Posted: Thu Sep 07, 2017 5:08 am
by Revox
Thanks James!

The reset was the cause of the problem everything works as normal now!