Openvpn and cryptodev fails test-crypto

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
drbrains
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 27, 2017 4:48 pm

Openvpn and cryptodev fails test-crypto

Post by drbrains » Sun Mar 18, 2018 11:09 am

Running OpenVPN on my OpenWRT router works perfect. I have build it with OpenSSL. But as soon as I add “-engine cryptodev” it fails. The ultimate goal is to use hardware encryption, but it fails using just software as well.

The —test-crypto always fails at 560 bytes with the RAND-bytes fail, resulting in an assertion failure. I have a random number generator installed and the “/dev/urandom” is present.

Any ideas what I’m missing??

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5002
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn and cryptodev fails test-crypto

Post by TinCanTech » Sun Mar 18, 2018 9:01 pm

drbrains wrote:
Sun Mar 18, 2018 11:09 am
Running OpenVPN on my OpenWRT router works perfect
OK.
drbrains wrote:
Sun Mar 18, 2018 11:09 am
I have build it with OpenSSL. But as soon as I add “-engine cryptodev” it fails. The ultimate goal is to use hardware encryption, but it fails using just software as well
Does openvpn work or not ? You have confused me ..
drbrains wrote:
Sun Mar 18, 2018 11:09 am
Any ideas what I’m missing
No idea .. perhaps your RNG is not working ..

Your openvpn log may help.

drbrains
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 27, 2017 4:48 pm

Re: Openvpn and cryptodev fails test-crypto

Post by drbrains » Mon Mar 19, 2018 6:46 am

Thanks for the suggestions. I will see if there is a better explanation in the logs besides the RAND_bytes fail.

I think the RNG works, how can I verify that? Is it using something else when using the cryptodev engine in stead of the OpenSSL library?

To be sure: openvpn + OpenSSL works. It just as soon as I add the cryptodev as engine it fails. And always as soon as the test hits 560 bytes.

amaze100
OpenVpn Newbie
Posts: 3
Joined: Thu Jun 28, 2018 12:24 pm

Re: Openvpn and cryptodev fails test-crypto

Post by amaze100 » Thu Jun 28, 2018 1:34 pm

Hi drbrains,

Did you find the solution for this issue?
I am also facing the same problem for openvpn with cryptdev on openwrt.

In addition to that, in client-server mode, I get the following error on openvpn server after some packet exchange among openvpn server and client.

...
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 RAND_bytes() failed
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 ERROR: Random number generator cannot obtain entropy for PRNG
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Exiting due to fatal error
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Closing TUN/TAP interface
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 /sbin/ifconfig tun0 0.0.0.0
ifconfig: SIOCSIFADDR: Operation not permitted
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Linux ip addr del failed: external program exited with error status: 1
...

This works fine without cryptodev.

Post Reply