OpenVPN sometimes stops working with cipher_ctx_update: EVP_CipherUpdate() failed
-
Sorry to resurrect an old post, but I'm seeing the same thing. Same log data as above. Seem to just happen after a period of time. Reboot resolves it.
-
I have "solved" this issue in the same way, by just rebooting this system, and since the day that I have started this thread, I didnt had this problem again.
-
Happened to one of my units today—client was a Netgate SG-3100, running 2.4.4-p2
Nothing I could do from the commandline fixed it, just had to reboot the box.
Uptime was 89 days previous to that.It's a real head scratcher.
-
@luckman212 Unfortunately disabling hardware crypto on the SG-3100 was the "solution" for me. Everything has been reliably stable since.
-
@useru0284t35 Huh. Ok, well good to know I guess. Pros and Cons.
-
This problem that I had one time, was with that unit too, the SG-3100.
-
@useru0284t35 Actually - sad to say that I checked the settings on my affected unit and Crypto hardware was already set to "None"
So I guess that isn't actually the cause, and maybe you were just lucky...
-
Sorry to poke an old thread, but we're also seeing this on just one of our SG-3100 units, after flawless operation for many months:
https://forum.netgate.com/topic/159722/openvpn-client-fatal-error
-
Still and issue on SG-3100 running 2.4.5-p1:
cipher_ctx_update: EVP_CipherUpdate() failed
Exiting due to fatal errorNobody can connect, service crashes and continue crashing after restarting.
The only solution seems to be a full firewall reboot.This sounds like it's a bug in OpenSSL: http://cve.circl.lu/cve/CVE-2021-23840
On our SG-3100 we have 1.0.2u, which is affected. Changelog says it was fixed in 1.1.1j in Feb 2021: https://www.openssl.org/news/changelog.html
Is the fix likely to ever find its way to 2.4.x or was 2.4.5-p1 the final release?
-
A similar problem on 2.4 downgraded from 2.5. Appear randomly.
All three clients cannot connect to the server until manually restart the daemon.
There is nothing unusual in the logs. -
@ptz-m For me restarting the service from web GUI didn't work. It was crashing within seconds. It only came back after a full firewall reboot.
-
P PTZ-M referenced this topic on
