Security issue with "route-pre-down"

Got a problem with Viscosity or need help? Ask here!

Revox

Posts: 3
Joined: Wed Jul 19, 2017 3:51 pm

Post by Revox » Wed Sep 06, 2017 6:25 am
I have used the "route-pre-down" script described on your support page. Now with version 1.7.4 I get a Error warning when trying to connect. The text says:

"Error: Unsafe OpenVPN command detected. The connection could not be started as an unsafe OpenVPN command ('route-pre-down') is present. Unsafe commands are blocked to ensure the security of your computer. Please edit your connection and remove the command from under the advanced tab, or turn on 'Allow Unsafe OpenVPN commands' option in the Advanced Preferences area."

Feels like moment 22. What are the security issue if I use the option "Allow Unsafe OpenVPN commands"?
And why is "route-pre-down" a unsafe script?

James

User avatar
Posts: 1865
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Sep 06, 2017 10:05 am
Hi Revox,

There is no security issue to be concerned about in this instance. Rather Viscosity resets any security related options when updated to ensure secure defaults are used for the version. It sounds likely you've enabled the "AllowOpenVPNScripts" option, which has reset back to off after the update. This can be re-enabled using the command at:
https://www.sparklabs.com/support/kb/ar ... ect-occurs

More information about Viscosity's unsafe command detection can be found at:
https://www.sparklabs.com/support/kb/ar ... -detected/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Revox

Posts: 3
Joined: Wed Jul 19, 2017 3:51 pm

Post by Revox » Thu Sep 07, 2017 5:08 am
Thanks James!

The reset was the cause of the problem everything works as normal now!
3 posts Page 1 of 1