[Openvpn-users] OpenVPN 2.4.3 OpenSSL: error:0607A082

Thu, 29 Jun 2017 00:57:26 -0700 

Hello,

i am running Redhat 7 and use openvpn 2.4.3 from epel but i have got a
big problem since the update from 2.3.x

Jun 28 18:32:38 vpn openvpn-zuvsupport[23218]: TCP connection
established with [AF_INET]x.x.x.x:39682
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_VER=2.4.3
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_PLAT=linux
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_PROTO=2
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_NCP=2
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_LZ4=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_LZ4v2=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_LZO=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_COMP_STUB=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_COMP_STUBv2=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 peer info:
IV_TCPNL=1
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 TLS:
Username/Password authentication succeeded for username 'username' [CN SET]
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 Control
Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: x.x.x.x:39682 [username]
Peer Connection Initiated with [AF_INET]x.x.x.x:39682
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
Options error: Unrecognized option or missing or extra parameter(s) in
/etc/openvpn/ccd/username:1: reset-routes (2.4.3)
Jun 28 18:32:39 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
MULTI_sva: pool returned IPv4=10.8.25.3, IPv6=(Not enabled)
Jun 28 18:32:39 vpn openvpn[23218]: RTNETLINK answers: No such process
Jun 28 18:32:40 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 28 18:32:40 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
OpenSSL: error:0607A082:digital envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key length
Jun 28 18:32:40 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
EVP set key size
Jun 28 18:32:40 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
Exiting due to fatal error
Jun 28 18:32:40 vpn openvpn-zuvsupport[23218]: username/x.x.x.x:39682
Closing TUN/TAP interface

The Configuration looks like this:

# Server Config
local y.y.y.y
port 1203
proto tcp
dev tun2570
topology subnet
server 10.8.25.0 255.255.255.0
mode server
tls-server
persist-key
persist-tun
#client-to-client # Wollen wir das ?
keepalive 10 120
management 127.0.0.1 5564



#Sicherheit
ca vpn_ca.crt
cert vpn.crt
key vpn.key
keysize 128
dh dh1024.pem
auth SHA256
cipher AES-128-CBC
script-security 3 # Leider benötigt damit man ein eigenes
Verifizierungs-Script nutzen kann

#Performance (Sicherlich noch zu verbessern)
#tun-mtu  1500
#fragment 1415
#mssfix 1410

#Authetifizierung
auth-user-pass-verify /etc/openvpn/scripts/verify_user.py via-env
username-as-common-name
client-config-dir /etc/openvpn/ccd
#duplicate-cn
client-cert-not-required
learn-address /etc/openvpn/scripts/ldapAuth.py
ifconfig-pool-persist /etc/openvpn/ipp-zuvsupport.txt

#Logging
status /etc/openvpn/status/zuvsupport.log 10
verb 2
syslog openvpn-zuvsupport
daemon
mute-replay-warnings


Do you have any idea to fix this?

Kind Regards

 Philipp Rehs

 University Düsseldorf



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to