OpenSSL: error:0201502D:system library:ioctl:Operation

mloiterman

I just updated to 2.5.1.r.20210405.0300

Now my OpenVPN client won't connect and I see this error:

Apr  5 11:29:09 pfsense openvpn[66140]: Using peer cipher 'AES-256-CBC'
Apr  5 11:29:09 pfsense openvpn[66140]: OpenSSL: error:0201502D:system library:ioctl:Operation not supported
Apr  5 11:29:09 pfsense openvpn[66140]: EVP cipher init #2
Apr  5 11:29:09 pfsense openvpn[66140]: Exiting due to fatal erro

kossie

@mloiterman

Same issue here, I ended up having to move back to 2.5.0 to get things working normally.

jimp

Was there any other error after that in the logs? Or was that the end of it?

Does it still happen on today's snapshot?

jimp

I found a VM here where I can reproduce that. It appears to be tied to having AES-NI+cryptodev enabled. If you disable that, it should run. It works with AES-NI alone loaded, but not cryptodev.

https://redmine.pfsense.org/issues/11785

mloiterman

@jimp

That was the full error.

I haven't tried today's snap shot, but it definitely started in 2.5.1.r.20210405.0300, but I didn't see the error in 2.5.1.r.20210326.0300

I have tried disabling hardware crypto, but that did not resolve it.

I have NOT yet tried disabling hardware crypto and AES yet, but I will try later today.

jimp

This is OK for me now on the latest snapshot. Update and give it a try and confirm if it's also working for you.

mloiterman

@jimp

Yup. I just updated to the latest snapshot and it's been fixed.

Jim, you're awesome. Thanks so much.