can you add openvpn and libopenssl in buildroot

Question

can you add openvpn and libopenssl in buildroot

junwushi opened this issue 4 years ago · 2 comments

I took the latest configuration OpenVPN 2.5.0 and libopenssl 1.1.1i from the original image of GitHub buidlroot, and found a problem. After OpenVPN is started, when run to TLS_ctx_client_ new(new_ctx); in SSL. C file, it will be stuck ,Sometimes it takes 5 minutes or 20 minutes to get out, sometimes it takes an hour, and then it runs normally. I find that this function goes into libopenssl to do initialization work. I don't know why it's stuck.
In addition, I think the above lib may not use the encryption hardware acceleration of nuc972. What should I do if I want to use it?
who can help me?
Look at the time in bold below. There's a difference of 17 minutes。

cat /tmp/messages | grep "openvpn"

Jan 11 08:39:05 FTGateway daemon.warn openvpn[672]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Jan 11 08:39:05 FTGateway daemon.warn openvpn[672]: WARNING: file '/etc/openvpn/client/gateway1.key' is group or others accessible
Jan 11 08:39:05 FTGateway daemon.notice openvpn[672]: OpenVPN 2.5.0 arm-nuvoton-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 8 2021
Jan 11 08:39:05 FTGateway daemon.notice openvpn[672]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: TCP/UDP: Preserving recently used remote address: [AF_INET]113.98.62.141:1194
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: UDP link local: (not bound)
Jan 11 08:56:11 FTGateway daemon.notice openvpn[758]: UDP link remote: [AF_INET]113.98.62.141:1194

Answer 1 · 2021-01-12T11:51:40.000Z

The openssl utilized H/W crypto is here: https://github.com/OpenNuvoton/NUC970_Linux_Applications/commits/master/openssl-1.1.1
May be the code is stuck because of insufficient entropy? We've seen application takes several minutes to launch because of this. And this issue could be solved by launch the rngd to boost the entropy gathering speed.

Answer 2 · 2021-01-14T02:31:44.000Z

Thank you very much. I solved the problem according to your suggestion。