compile openvpn to use cryptolib

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
Koxx
OpenVpn Newbie
Posts: 1
Joined: Fri Feb 26, 2016 3:37 pm

compile openvpn to use cryptolib

Post by Koxx » Fri Feb 26, 2016 3:44 pm

Hello,

I am running openvpn on an SBC (Hardkernel Odroid c1).
The default Ubuntu offered on this board doesn't have cryptodev.

So, I decided to recompile the kernel, compile cryptodev, compile openvpn THEN compile openvpn.

The issue is : openvpn still use the stock openssl librairies instead of the compiled openssl librairies.
The stock openssl doesn't manage the cryptodev :(

stock : 1.0.1f
compiled : 1.0.2f

$ openvpn --version
OpenVPN 2.3.9 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 25 2016
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06

here is my full process to compile it.
can you tell me what is missing ?

Thanks.

Code: Select all

root@odroid:/home/odroid#

### cryptodev
$ apt-get install git
$ mkdir cryptodev
$ cd cryptodev
$ git clone https://github.com/cryptodev-linux/cryptodev-linux
$ cd cryptodev-linux
$ make
$ make install
$ echo "cryptodev" >> /etc/modules
$ modprobe cryptodev
$ ls /dev/crypto

### required for next steps
sudo apt-get install libpam0g-dev

### openssl
$ cd /home/odroid
$ wget https://www.openssl.org/source/openssl-1.0.2f.tar.gz
$ tar zxf openssl*
$ cd openssl-1.0.2f/
$ ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic -DHAVE_CRYPTODEV -DUSE_CRYPTDEV_DIGESTS
$ make
$ make install

$ openssl version
OpenSSL 1.0.2f  28 Jan 2016

$ which openssl
OpenSSL 1.0.2f  28 Jan 2016

$ openssl engine cryptodev
(cryptodev) BSD cryptodev engine

### openvpn
$ cd /home/odroid/
$ wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.9.tar.xz
$ tar xvf openvpn-*
$ cd openvpn-2.3.9
##./configure --prefix=/opt/custom-openvpn OPENSSL_SSL_LIBS="-L/home/odroid/openssl-1.0.2f/ -lssl" OPENSSL_SSL_CFLAGS="-I/home/odroid/openssl-1.0.2f/include/" OPENSSL_CRYPTO_LIBS="-L/home/odroid/openssl-1.0.2f/ -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/home/odroid/openssl-1.0.2f/include/"
##./configure OPENSSL_SSL_LIBS="-L/usr/local/ssl/lib/ -lssl" OPENSSL_CRYPTO_LIBS="-L/usr/local/ssl/lib/ -lcrypto" OPESSL_SSL_CFLAGS="-I/usr/local/ssl/include/" OPENSSL_CRYPTO_CFLAGS="-I/usr/local/ssl/include/"
$ ./configure OPENSSL_SSL_LIBS="-L/usr/lib/ -lssl" OPENSSL_CRYPTO_LIBS="-L/usr/lib/ -lcrypto" OPESSL_SSL_CFLAGS="-I/usr/include/openssl/" OPENSSL_CRYPTO_CFLAGS="-I/usr/include/openssl/"
$ make
$ make install

$ openvpn --version
OpenVPN 2.3.9 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 25 2016
library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no

$ openvpn --show-engines
OpenSSL Crypto Engines
Dynamic engine loading support [dynamic]

$ openvpn --engine cryptodev  --cd /etc/openvpn --config /etc/openvpn/config.conf --script-security 2 -v
$ tail -10 /var/log/syslog
Feb 26 10:56:00 odroid openvpn[6686]: OpenVPN 2.3.9 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 25 2016
Feb 26 10:56:00 odroid openvpn[6686]: library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Feb 26 10:56:00 odroid openvpn[6698]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 26 10:56:00 odroid openvpn[6698]: OpenSSL error: cannot load engine 'cryptodev'
Feb 26 10:56:00 odroid openvpn[6698]: Exiting due to fatal error


Post Reply