Hi:
Antonio Quartulli
> Where did you get the ovpn-dco package from?
> Because I have my own dev package, but I hardly believe that was pulled
> upstream.
openwrt had ovpn-dco module since 2022. but the included openvpn
version is 2.5 or 2.6 without dco enabled.
so it seems nobody test it
Antonio Quartulli
> Thanks for testing!
> I'd expect CRYPTO_CHACHA20POLY1305 to pull what's needed. Strange that
> it didn't happen.
> On my workstation I did not have such problem.
> Anyway, I will double check if there is something missing on our side.
These modules will be auto-loaded by
Hi:
> I think you should look for CONFIG_CRYPTO_CHACHA20POLY1305 in the kernel
> config.
after trying and testing, I found besides
"CONFIG_CRYPTO_CHACHA20POLY1305", I also need
"CONFIG_CRYPTO_LIB_POLY1305" and "CONFIG_CRYPTO_LIB_CHACHA". ovpn-dco
will auto-load the three modules when doing
Hi:
Antonio Quartulli
>
> Hi,
>
> On 24/04/2024 11:38, d tbsky wrote:
> > [ 9652.965804] encrypt crypto_alloc_aead failed, err=-2
>
> This is exactly it. The kernel crypto engine is reporting "not found".
>
> I think you should look for CONFIG_CRYPTO_CHA
Hi:
> Can you please check if dmesg is reporting any error while you are
> attempting to connect?
dmesg report like this:
[ 9078.296036] tun100: deleting peer with id 11699696, reason 0
[ 9652.965804] encrypt crypto_alloc_aead failed, err=-2
[ 9652.983698] tun100: deleting peer with id
Hi:
Antonio Quartulli
> Unfortunately there will be no difference as this is an issue between
> openvpn and ovpn-dco.
thanks a lot for hint!
> Could you please re-run with --verb 6 ? That will include DCO specific
> debug messages.
root@OpenWrt:~# openvpn --verb 6 --tls-client --dev tun100
Hi:
Antonio Quartulli
>
> Yes, 2.6.10 requires ovpn-dco-v2.
ok. so I can not downgrade.
> wireguard uses chacha20poly1305, therefore it'd be essential to test
> with this algorithm in order to make a full comparison.
>
> Do you have a full log to provide regarding the error "dco_new_key:
>
Hi:
d tbsky
>
> Antonio Quartulli
> > What is the exact openvpn and dc oversion that you compiled in your last
> > test?
> >
> Hi:
>
> openvpn: 2.6.10
> dco: 0.2.20240320
I finally compiled dco module with full info and test it under
openwrt. using iperf3
Hi:
> What is the exact openvpn and dc oversion that you compiled in your last
> test?
After checking, I found dco modules compiled under openwrt seems
lacking something, like "version"
root@OpenWrt:~# ls -la /sys/module/ovpn_dco_v2/
drwxr-xr-x3 root root 0 Mar 23 06:10 .
Antonio Quartulli
> What is the exact openvpn and dc oversion that you compiled in your last
> test?
>
Hi:
openvpn: 2.6.10
dco: 0.2.20240320
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
Hi:
I want to try openvn dco at openwrt. the official openwrt
distribution stay at openvpn 2.5. so I tried compiled 2.6 and found it
can not find kernel dco module. I thought maybe the distributed dco
module is too old so I compiled lasted kmod_ovpn_dco_v2 module but
"openvpn --version" still
Hi:
I am using openvpn shared key mode for site to site connection.
since it will be removed in the future so I am thinking about
replacing it.
I need to connect to China. the p2p mode seems fine for China
Great Firewall.
currently desktop users with "tls-crypt" can connect but I don't
12 matches
Mail list logo