Running OpenVPN on my OpenWRT router works perfect. I have build it with OpenSSL. But as soon as I add “-engine cryptodev” it fails. The ultimate goal is to use hardware encryption, but it fails using just software as well.
The —test-crypto always fails at 560 bytes with the RAND-bytes fail, resulting in an assertion failure. I have a random number generator installed and the “/dev/urandom” is present.
Any ideas what I’m missing??
Openvpn and cryptodev fails test-crypto
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Dec 27, 2017 4:48 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Openvpn and cryptodev fails test-crypto
OK.
Does openvpn work or not ? You have confused me ..
No idea .. perhaps your RNG is not working ..
Your openvpn log may help.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Dec 27, 2017 4:48 pm
Re: Openvpn and cryptodev fails test-crypto
Thanks for the suggestions. I will see if there is a better explanation in the logs besides the RAND_bytes fail.
I think the RNG works, how can I verify that? Is it using something else when using the cryptodev engine in stead of the OpenSSL library?
To be sure: openvpn + OpenSSL works. It just as soon as I add the cryptodev as engine it fails. And always as soon as the test hits 560 bytes.
I think the RNG works, how can I verify that? Is it using something else when using the cryptodev engine in stead of the OpenSSL library?
To be sure: openvpn + OpenSSL works. It just as soon as I add the cryptodev as engine it fails. And always as soon as the test hits 560 bytes.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jun 28, 2018 12:24 pm
Re: Openvpn and cryptodev fails test-crypto
Hi drbrains,
Did you find the solution for this issue?
I am also facing the same problem for openvpn with cryptdev on openwrt.
In addition to that, in client-server mode, I get the following error on openvpn server after some packet exchange among openvpn server and client.
...
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 RAND_bytes() failed
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 ERROR: Random number generator cannot obtain entropy for PRNG
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Exiting due to fatal error
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Closing TUN/TAP interface
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 /sbin/ifconfig tun0 0.0.0.0
ifconfig: SIOCSIFADDR: Operation not permitted
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Linux ip addr del failed: external program exited with error status: 1
...
This works fine without cryptodev.
Did you find the solution for this issue?
I am also facing the same problem for openvpn with cryptdev on openwrt.
In addition to that, in client-server mode, I get the following error on openvpn server after some packet exchange among openvpn server and client.
...
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 RAND_bytes() failed
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 ERROR: Random number generator cannot obtain entropy for PRNG
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Exiting due to fatal error
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Closing TUN/TAP interface
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 /sbin/ifconfig tun0 0.0.0.0
ifconfig: SIOCSIFADDR: Operation not permitted
Thu Jun 28 11:54:51 2018 client2/<<ip>>:57348 Linux ip addr del failed: external program exited with error status: 1
...
This works fine without cryptodev.