OpenVPN sometimes stop working with cipher_ctx_update: EVP_CipherUpdate() failed

Use this forum to share your network setup and what's been working for you.
Post Reply
SipriusPT
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 07, 2017 9:04 am

OpenVPN sometimes stop working with cipher_ctx_update: EVP_CipherUpdate() failed

Post by SipriusPT » Fri Aug 17, 2018 4:14 pm

Hello,

I have an OpenVPN client from site to site who have been working without any issue in last 2 months, since it was installed, and today from time to time, it stops working, and cannot turn it on again manually, till a restart is made.

There is no issues with lack of hardware performance/resourses that could be triggering this, the behaviour is the same like it was until I start having this issue.

Anyone knows what can be?

This is the error that it gives:

Code: Select all

Aug 17 15:36:41	openvpn	20992	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Aug 17 15:36:41	openvpn	20992	MANAGEMENT: CMD 'state 1'
Aug 17 15:36:41	openvpn	20992	MANAGEMENT: CMD 'status 2'
Aug 17 15:36:41	openvpn	20992	MANAGEMENT: Client disconnected
Aug 17 15:37:21	openvpn	20992	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Aug 17 15:37:21	openvpn	20992	MANAGEMENT: CMD 'state 1'
Aug 17 15:37:21	openvpn	20992	MANAGEMENT: CMD 'status 2'
Aug 17 15:37:21	openvpn	20992	MANAGEMENT: Client disconnected
Aug 17 15:37:24	openvpn	20992	cipher_ctx_update: EVP_CipherUpdate() failed
Aug 17 15:37:24	openvpn	20992	Exiting due to fatal error
Aug 17 15:37:24	openvpn	20992	/sbin/route delete -net 10.0.0.0 10.0.9.1 255.255.255.0
Aug 17 15:37:25	openvpn	20992	Closing TUN/TAP interface
Aug 17 15:37:25	openvpn	20992	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1575 10.0.9.2 10.0.9.1 init
Aug 17 15:38:00	openvpn	11923	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Aug 17 15:38:00	openvpn	11923	OpenVPN 2.4.4 armv6-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018
Aug 17 15:38:00	openvpn	11923	library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
Aug 17 15:38:00	openvpn	12227	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Aug 17 15:38:00	openvpn	12227	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 17 15:38:00	openvpn	12227	Initializing OpenSSL support for engine 'cryptodev'
Aug 17 15:38:00	openvpn	12227	Outgoing Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
Aug 17 15:38:00	openvpn	12227	Outgoing Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 17 15:38:00	openvpn	12227	Incoming Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
Aug 17 15:38:00	openvpn	12227	Incoming Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 17 15:38:00	openvpn	12227	ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=mvneta2 HWADDR=00:08:a2:0d:8c:2e
Aug 17 15:38:00	openvpn	12227	TUN/TAP device ovpnc1 exists previously, keep at program end
Aug 17 15:38:00	openvpn	12227	TUN/TAP device /dev/tun1 opened
Aug 17 15:38:00	openvpn	12227	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 17 15:38:00	openvpn	12227	/sbin/ifconfig ovpnc1 10.0.9.2 10.0.9.1 mtu 1500 netmask 255.255.255.255 up
Aug 17 15:38:00	openvpn	12227	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1575 10.0.9.2 10.0.9.1 init
Aug 17 15:38:00	openvpn	12227	/sbin/route add -net 10.0.0.0 10.0.9.1 255.255.255.0
Aug 17 15:38:00	openvpn	12227	TCP/UDP: Preserving recently used remote address: [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
Aug 17 15:38:00	openvpn	12227	Socket Buffers: R=[65228->65228] S=[65228->65228]
Aug 17 15:38:00	openvpn	12227	Attempting to establish TCP connection with [AF_INET]x.x.173.62:51195 [nonblock]
Aug 17 15:38:01	openvpn	12227	TCP connection established with [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
Aug 17 15:38:01	openvpn	12227	TCPv4_CLIENT link local (bound): [AF_INET]192.168.1.147:0
Aug 17 15:38:01	openvpn	12227	TCPv4_CLIENT link remote: [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
Aug 17 15:38:01	openvpn	12227	cipher_ctx_update: EVP_CipherUpdate() failed
Aug 17 15:38:01	openvpn	12227	Exiting due to fatal error

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6032
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN sometimes stop working with cipher_ctx_update: EVP_CipherUpdate() failed

Post by TinCanTech » Sat Sep 01, 2018 3:26 pm

Is this post viewtopic.php?f=4&t=24268&p=70809#p70809 related to this thread ?

Can you please confirm the details of the system which this error occurs on.

SipriusPT
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 07, 2017 9:04 am

Re: OpenVPN sometimes stop working with cipher_ctx_update: EVP_CipherUpdate() failed

Post by SipriusPT » Tue Sep 04, 2018 11:37 am

TinCanTech wrote:
Sat Sep 01, 2018 3:26 pm
Is this post viewtopic.php?f=4&t=24268&p=70809#p70809 related to this thread ?

Can you please confirm the details of the system which this error occurs on.
No its not.

OpenVPN is running on a pfSense box with version pfsense 2.4.3-RELEASE-p1 (arm) on FreeBSD 11.1-RELEASE-p10, and after got those two situations, I have turned off and on the uplink router, and since then I didnt had any more issues. I really dont know what was the source of this, but at least since then I have not got more issues, and there was no updates done in this system, or changes in the configuration.

Post Reply