OpenVPN sometimes stops working with cipher_ctx_update: EVP_CipherUpdate() failed



  • Hello,

    I have a OpenVPN client from site to site who have been working without any issue in last 2 months, since it was installed, and today from time to time, it stops working, and cannot turn it on again manually, till a restart is made.

    There is no issues with lack of hardware performance/resourses that could be triggering this, the behaviour is the same like it was until I start having this issue.

    Anyone knows what can be?

    This is the error that it gives:

    Aug 17 15:36:41	openvpn	20992	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    Aug 17 15:36:41	openvpn	20992	MANAGEMENT: CMD 'state 1'
    Aug 17 15:36:41	openvpn	20992	MANAGEMENT: CMD 'status 2'
    Aug 17 15:36:41	openvpn	20992	MANAGEMENT: Client disconnected
    Aug 17 15:37:21	openvpn	20992	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    Aug 17 15:37:21	openvpn	20992	MANAGEMENT: CMD 'state 1'
    Aug 17 15:37:21	openvpn	20992	MANAGEMENT: CMD 'status 2'
    Aug 17 15:37:21	openvpn	20992	MANAGEMENT: Client disconnected
    Aug 17 15:37:24	openvpn	20992	cipher_ctx_update: EVP_CipherUpdate() failed
    Aug 17 15:37:24	openvpn	20992	Exiting due to fatal error
    Aug 17 15:37:24	openvpn	20992	/sbin/route delete -net 10.0.0.0 10.0.9.1 255.255.255.0
    Aug 17 15:37:25	openvpn	20992	Closing TUN/TAP interface
    Aug 17 15:37:25	openvpn	20992	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 1575 10.0.9.2 10.0.9.1 init
    Aug 17 15:38:00	openvpn	11923	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Aug 17 15:38:00	openvpn	11923	OpenVPN 2.4.4 armv6-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 16 2018
    Aug 17 15:38:00	openvpn	11923	library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Aug 17 15:38:00	openvpn	12227	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Aug 17 15:38:00	openvpn	12227	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Aug 17 15:38:00	openvpn	12227	Initializing OpenSSL support for engine 'cryptodev'
    Aug 17 15:38:00	openvpn	12227	Outgoing Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
    Aug 17 15:38:00	openvpn	12227	Outgoing Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    Aug 17 15:38:00	openvpn	12227	Incoming Static Key Encryption: Cipher 'AES-128-CBC' initialized with 128 bit key
    Aug 17 15:38:00	openvpn	12227	Incoming Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    Aug 17 15:38:00	openvpn	12227	ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=mvneta2 HWADDR=00:08:a2:0d:8c:2e
    Aug 17 15:38:00	openvpn	12227	TUN/TAP device ovpnc1 exists previously, keep at program end
    Aug 17 15:38:00	openvpn	12227	TUN/TAP device /dev/tun1 opened
    Aug 17 15:38:00	openvpn	12227	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Aug 17 15:38:00	openvpn	12227	/sbin/ifconfig ovpnc1 10.0.9.2 10.0.9.1 mtu 1500 netmask 255.255.255.255 up
    Aug 17 15:38:00	openvpn	12227	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1575 10.0.9.2 10.0.9.1 init
    Aug 17 15:38:00	openvpn	12227	/sbin/route add -net 10.0.0.0 10.0.9.1 255.255.255.0
    Aug 17 15:38:00	openvpn	12227	TCP/UDP: Preserving recently used remote address: [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
    Aug 17 15:38:00	openvpn	12227	Socket Buffers: R=[65228->65228] S=[65228->65228]
    Aug 17 15:38:00	openvpn	12227	Attempting to establish TCP connection with [AF_INET]x:51195 [nonblock]
    Aug 17 15:38:01	openvpn	12227	TCP connection established with [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
    Aug 17 15:38:01	openvpn	12227	TCPv4_CLIENT link local (bound): [AF_INET]192.168.1.147:0
    Aug 17 15:38:01	openvpn	12227	TCPv4_CLIENT link remote: [AF_INET]OPENVPN_SERVER_EXTERNAL_IP:51195
    Aug 17 15:38:01	openvpn	12227	cipher_ctx_update: EVP_CipherUpdate() failed
    Aug 17 15:38:01	openvpn	12227	Exiting due to fatal error
    

 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy