| View previous topic :: View next topic |
| Author |
Message |
xtlosx
Apprentice
Joined: 14 Jan 2006
Posts: 219
Location: Chicago
|
 Posted: Thu Apr 27, 2006 2:09 am Post subject: openvpn and openssl problem |
 |
|
hey guys, i am having this problem with OpenVPN.
| Code: |
Apr 26 22:05:02 gretch openvpn[29290]: OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] buil
t on Apr 26 2006
Apr 26 22:05:02 gretch openvpn[29290]: WARNING: you are using user/group/chroot without persist
-key/persist-tun -- this may cause restarts to fail
Apr 26 22:05:02 gretch openvpn[29290]: Cipher algorithm 'BF-CBC' not found (OpenSSL)
Apr 26 22:05:02 gretch openvpn[29290]: Exiting
|
i searched around for a bit, some people said it was a problem with openssl 0.9.7.i.. so as some other said, unmerge openssl, re emerge and it worked for them, tried that, doesn't work.....
output of
| Code: |
gretch dynomyte-lssu # strings /usr/lib/libcrypto.so.0.9.7 | grep BF
BF_set_key
BF_encrypt
BF_version
BF_options
BF_ecb_encrypt
BF_decrypt
BF_cbc_encrypt
BF_cfb64_encrypt
BF_ofb64_encrypt
BF-CBC
BF-ECB
BF-CFB
BF-OFB
BFUa.X
|
what is wrong? |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
xtlosx
Apprentice
Joined: 14 Jan 2006
Posts: 219
Location: Chicago
|
| Posted: Thu Apr 27, 2006 11:45 am Post subject: |
|
|
| Code: |
gretch tom # openvpn --show-ciphers
The following ciphers and cipher modes are available
for use with OpenVPN. Each cipher shown below may be
used as a parameter to the --cipher option. The default
key size is shown as well as whether or not it can be
changed with the --keysize directive. Using a CBC mode
is recommended.
DES-CBC 64 bit default key (fixed)
IDEA-CBC 128 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
DES-EDE3-CBC 192 bit default key (fixed)
AES-128-CBC 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
gretch tom #
|
that's what i get..... |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
xtlosx
Apprentice
Joined: 14 Jan 2006
Posts: 219
Location: Chicago
|
| Posted: Thu Apr 27, 2006 1:04 pm Post subject: |
|
|
so what would you reccomend i do.... i heard of some people unmerging 0.9.7i and going down to like 0.9.7e and installing it from source.... am we able to merge an older version of openssl through emerge? like the last releases. This was the first version of openssl that was installed on this machine as it's less than a month old... .. or maybe i should just unmerge, and install 0.9.7e from source?? Would it be a clean install if i did that, or would it gum up portage if i was to go about doing that..
thanks!
Any ideas? |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
odborg
Tux's lil' helper
Joined: 12 Apr 2002
Posts: 89
Location: Aalborg, Denmark
|
| Posted: Thu Jun 29, 2006 3:24 pm Post subject: |
|
|
I tried the following three times, with succes every time. Before that i could not get it to work (tried 5 times with MAKEOPTS="-j5" in make.conf) .
| Code: | | MAKEOPTS="-j1" emerge openssl |
Hopes it helps. I've reported this as bug #138484 |
|
| Back to top |
|
|
l3u
Advocate
Joined: 26 Jan 2005
Posts: 2616
Location: Konradsreuth (Germany)
|
| Posted: Sun Jul 02, 2006 11:52 am Post subject: |
|
|
| Same Problem here -- your workaround worked here, too. |
|
| Back to top |
|
|
odborg
Tux's lil' helper
Joined: 12 Apr 2002
Posts: 89
Location: Aalborg, Denmark
|
|
| Back to top |
|
|
|
Networking & Security
