Openvpn with cryptodev engine crashes with entropy error

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
amaze100
OpenVpn Newbie
Posts: 3
Joined: Thu Jun 28, 2018 12:24 pm

Openvpn with cryptodev engine crashes with entropy error

Post by amaze100 » Thu Jun 28, 2018 2:35 pm

My openvpn server process on openwrt crashes if openvpn is started with cryptodev engine, with below logs,

Please note, crash happens only during packet exchange between server and client that to after some duration,
and duration differs if cipher is changed or prng nsl is changed.
i.e. higher the nsl longer the duration

Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 RAND_bytes() failed
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 ERROR: Random number generator cannot obtain entropy for PRNG

Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Exiting due to fatal error
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Closing TUN/TAP interface
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 /sbin/ifconfig tun0 0.0.0.0
ifconfig: SIOCSIFADDR: Operation not permitted
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Linux ip addr del failed: external program exited with error status: 1
...


Openvpn works fine if cryptodev engine is not used!

Am I missing some configuration here ? or cryptodev needs to be compiled with some specific flags?
Any pointers , suggestions would greatly help

Thanks.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5091
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn with cryptodev engine crashes with entropy error

Post by TinCanTech » Thu Jun 28, 2018 3:10 pm

We already read your other post: viewtopic.php?f=4&t=26063#p79691

Please do not post duplicates.
amaze100 wrote:
Thu Jun 28, 2018 2:35 pm
My openvpn server process on openwrt crashes if openvpn is started with cryptodev engine
Openvpn does not crash it exits with the reason why.
amaze100 wrote:
Thu Jun 28, 2018 2:35 pm
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 ERROR: Random number generator cannot obtain entropy for PRNG
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Exiting due to fatal error
So you have to fix your PRNG or entropy source ..
wrote:--engine [engine-name]
  • Enable OpenSSL hardware-based crypto engine functionality.
So this is openssl ..
amaze100 wrote:
Thu Jun 28, 2018 2:35 pm
Openvpn works fine if cryptodev engine is not used!
So why use it ? :geek:

amaze100
OpenVpn Newbie
Posts: 3
Joined: Thu Jun 28, 2018 12:24 pm

Re: Openvpn with cryptodev engine crashes with entropy error

Post by amaze100 » Fri Jun 29, 2018 5:24 am

Sorry for the duplicate.

How should I fix the entropy source for engine? In case of w/o engine, /dev/random and /dev/urandom take care of it.
any pointers for hw engine?

We use 'cryptodev engine' because we want use available hardware acceleration for the crypto operations.

Post Reply