[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Padlock engine problem


  • Subject: Re: [Openvpn-users] Padlock engine problem
  • From: "Prasanna Krishnamoorthy" <prasanna79@xxxxxxxxx>
  • Date: Tue, 22 May 2007 19:22:44 +0530

Sorry for reposting this, but I didn't receive any replies originally,
hoping to get some help this time around.

On 4/19/07, Prasanna Krishnamoorthy <prasanna79@xxxxxxxxx> wrote:
> Hi All,
>
> I've been using OpenVPN with great success for the past year. Thank
> you for your work on such a great choice to IPSEC.
>
> I'm using a Via C3 board which has hardware encryption. With the
> Ubuntu dapper release and kernel (2.6.15-27-386), I have hw support
> for AES. Using this provides a significant boost verified using
> openssl speed.
>
> However, when I add engine padlock to my conf file, my TLS handshake
> itself fails.
>
> The same problem was reported in December, but with no solution
> http://article.gmane.org/gmane.network.openvpn.user/17861/match=padlock+engine+bio
>
> with only one difference:
> Thu Apr 19 16:24:02 2007 192.168.100.10:33525 TLS_ERROR: BIO read
> tls_read_plaintext error: error:1408F455:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac
>
> Any solution for this problem will be greatly appreciated.

To add some more debug information, when I do

time   openvpn  --test-crypto --secret key --cipher aes-128-cbc
--tun-mtu 10000 --verb 0 &> /dev/null

with and without --engine padlock, I can see an about 27% difference.
And all the encryption seems to succeed with and without --engine. But
when I run  the server and try to connect the client, things get
screwed up.

I've even switched off tls, and still get the same error!

With verb 9,

 Incoming Ciphertext -> TLS
 SSL alert (write): fatal: bad record mac
TLS_ERROR: BIO read tls_read_plaintext error: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
 TLS Error: TLS object -> incoming plaintext read error

Any help, or further debugging aids will be greatly appreciated.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users