Recently I have been assigned (after intense negotiations) an openVPN profile to a local company in the Netherlands. Guess the results:
killall -USR2 openvpn ; tail -f /var/log/messages
Mar 7 18:09:29 povilas nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts... Mar 7 18:09:38 povilas nm-openvpn: write to TUN/TAP : Invalid argument (code=22) Mar 7 18:09:46 povilas NetworkManager: <info> [1583597386.7472] audit: op="connection-deactivate" uuid="ecde2fbc-ad83-49b 7-8c86-8b2a926acad4" name="ovpn01-UDP4-1194-brilius-config" pid=4939 uid=1000 result="success"
Apparently, user tries to launch operation emission, but it gets hanged, because TUN device does’t recognize parametrized connection packets.
Weird to state, though, it’s a malware breach attempt from inside site, recognizing user affinity to TLS tunnel and so called Netherlands local network, but in effect it mal-breaches the very internet usage attempt; alluring – deviating – user to uncharted waters like dealing with tech admin guys to convince them change this or that checkbox in order the VPN works.
Immediately after connection attempt openVPN client closes connection, though nothing suspicious in a distributed profile is located, unless an extended negotiation period and control phases to gain/retrieve a working profile itself.