OpenWrt/LEDE Project

Welcome to the OpenWrt/LEDE Project bug reporting and issue tracking system

Problems to be reported here are for the OpenWrt/LEDE Project targets, sources, toolchain, core packages, build procedures, distribution and infrastructure. Guidelines for submitting a good bug report can be found at the OpenWrt/LEDE Project website. Problems related to LuCI or OpenWrt packages need to be reported in their repositories:

Notifications of all submissions and task changes are sent to lede-bugs@infradead.org.

OpenedIDCategoryTask TypePrioritySeveritySummaryReported InStatus
22.04.20203034Base systemBug ReportVery LowMediumAMD Geode → OpenSSL no HW acceleration for CBC modeopenwrt-19.07Unconfirmed Task Description

Supply the following if possible:
- System: PC Engines Alix Board 2d13
- Software: 19.07.2-x86-geode-combined-squashfs.img.gz

1. Install openssl utility along with library and optional libopenssl-afalg_sync engine (same problem with libopenssl-devcrypto)

2. HW accelerated encryption is available to kernel:

 cat /proc/crypto | grep geode
 driver       : ecb(geode-aes)
 driver       : cbc-aes-geode
 module       : geode_aes
 driver       : ecb-aes-geode
 module       : geode_aes
 driver       : geode-aes
 module       : geode_aes

3. But OpenSSL cannot use CBC mode and falls back to software encryption

 openssl speed -evp aes-128-cbc -engine afalg -elapsed
 dmesg output is full off:
 Error allocating fallback algo cbc(aes)

4. Using libopenssl-devcrypto instead of libopenssl-afalg_sync produces similar results but can employ ECB mode. AES-128-CBC is not available.


22.01.20202761PackagesBug ReportVery LowLowlibopenssl-devcryptoAllUnconfirmed Task Description

Hi All,

I think there is a problem with the package:
libopenssl-devcrypto

As reported in the guide Hardware Accelerators:
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators

when trying to install the package libopenssl-devcrypto, that depends on kmod-cryptodev, but it doesn’t exist.

Obviously, the problem is reproducible in LUCI

15.11.20192601Base systemBug ReportVery LowLowNetgear EX6130 (MT7620A) No wireless Interfaces after i...TrunkUnconfirmed Task Description

Supply the following if possible:
- Device problem occurs on
- Software versions of OpenWrt/LEDE release, packages, etc.
- Steps to reproduce

 

Device: Netgear EX6130 (MT7620A)
Sotfware version: OpenWrt SNAPSHOT r11509-1c6066a867

Reproducable:

- firstboot -y && reboot
- change /etc/config/network to dhcp or static ip in my network
- configure wireless networking to my needs
- remove wpad-basic && remove wpad-mesh-openssl

- both interfaces (radio0/1) are shown as “Device is not active” - both configured networks are shown as “Wireless is not associated”

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device ‘radio0’

      option type 'mac80211'
      option channel '36'
      option hwmode '11a'
      option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
      option htmode 'VHT80'

config wifi-iface ‘default_radio0’

      option device 'radio0'
      option network 'lan'
      option mode 'ap'
      option ssid 'OpenWrt'
      option encryption 'none'

config wifi-device ‘radio1’

      option type 'mac80211'
      option channel '11'
      option hwmode '11g'
      option path 'platform/10180000.wmac'
      option htmode 'HT20'

config wifi-iface ‘default_radio1’

      option device 'radio1'
      option network 'lan'
      option mode 'ap'
      option ssid 'OpenWrt'
      option encryption 'none'


19.08.20192454Base systemBug ReportVery LowLowlibopenssl: Compile error with "Enable Engine support" ...TrunkUnconfirmed Task Description

Supply the following if possible:
- Device problem occurs on

All

- Software versions of OpenWrt/LEDE release, packages, etc.

Latest OpenWRT Trunk

- Steps to reproduce

Try to build a image with “Enable Engine support” enabled and the compilation will spit out an error. Tried to debug it but couldn’t

 configure: WARNING: rpmbuild not found, some optional functionalities will be missing
configure: creating ./config.status
config.status: creating Makefile

quilt version 0.65 configured.

Using '/mnt/sdb/ss_mod/staging_dir/host' for installation prefix.

Report bugs to quilt-dev@nongnu.org
[ -f /mnt/sdb/ss_mod/build_dir/host/quilt-0.65/Makefile ]
touch /mnt/sdb/ss_mod/build_dir/host/quilt-0.65/.configured
make -C /mnt/sdb/ss_mod/build_dir/host/quilt-0.65 SHELL="bash" all
make[4]: Entering directory '/mnt/sdb/ss_mod/build_dir/host/quilt-0.65'
bin/quilt.in -> bin/quilt
bin/guards.in -> bin/guards
quilt/mail.in -> quilt/mail
quilt/upgrade.in -> quilt/upgrade
quilt/refresh.in -> quilt/refresh
quilt/fold.in -> quilt/fold
quilt/files.in -> quilt/files
quilt/revert.in -> quilt/revert
quilt/top.in -> quilt/top
quilt/header.in -> quilt/header
quilt/remove.in -> quilt/remove
quilt/annotate.in -> quilt/annotate
quilt/diff.in -> quilt/diff
quilt/applied.in -> quilt/applied
quilt/graph.in -> quilt/graph
quilt/edit.in -> quilt/edit
quilt/pop.in -> quilt/pop
quilt/fork.in -> quilt/fork
quilt/delete.in -> quilt/delete
quilt/new.in -> quilt/new
quilt/import.in -> quilt/import
quilt/previous.in -> quilt/previous
quilt/grep.in -> quilt/grep
quilt/series.in -> quilt/series
quilt/patches.in -> quilt/patches
quilt/snapshot.in -> quilt/snapshot
quilt/add.in -> quilt/add
quilt/push.in -> quilt/push
quilt/setup.in -> quilt/setup
quilt/rename.in -> quilt/rename
quilt/next.in -> quilt/next
quilt/unapplied.in -> quilt/unapplied
quilt/scripts/patchfns.in -> quilt/scripts/patchfns
quilt/scripts/inspect-wrapper.in -> quilt/scripts/inspect-wrapper
quilt/scripts/dependency-graph.in -> quilt/scripts/dependency-graph
quilt/scripts/edmail.in -> quilt/scripts/edmail
quilt/scripts/remove-trailing-ws.in -> quilt/scripts/remove-trailing-ws
quilt/scripts/backup-files.in -> quilt/scripts/backup-files
README.in -> README
quilt.1.in -> quilt.1
/usr/bin/pod2man bin/guards > bin/guards.1
rm -f po/quilt.pot; touch po/quilt.pot
for file in bin/guards.in bin/quilt.in bin/patch-wrapper.in quilt/mail.in quilt/upgrade.in quilt/refresh.in quilt/fold.in quilt/files.in quilt/revert.in quilt/top.in quilt/header.in quilt/remove.in quilt/annotate.in quilt/diff.in quilt/applied.in quilt/graph.in quilt/edit.in quilt/pop.in quilt/fork.in quilt/delete.in quilt/new.in quilt/import.in quilt/previous.in quilt/grep.in quilt/series.in quilt/patches.in quilt/snapshot.in quilt/add.in quilt/push.in quilt/setup.in quilt/rename.in quilt/next.in quilt/unapplied.in compat/column.in compat/date.in compat/getopt.in compat/mktemp.in compat/sendmail.in quilt/scripts/backup-files.in quilt/scripts/patchfns.in quilt/scripts/remove-trailing-ws.in quilt/scripts/inspect-wrapper.in quilt/scripts/edmail.in quilt/scripts/dependency-graph.in ; do						\
  if test -n "`/mnt/sdb/ss_mod/staging_dir/host/bin/sed -ne '1{ /@BASH''@/p }' $file`"		\
       -o "$file" = quilt/scripts/patchfns.in; then		\
    /usr/bin/env bash --dump-po-strings $file ;				\
  elif test -n "`/mnt/sdb/ss_mod/staging_dir/host/bin/sed -ne '1{ /@PERL''@/p }' $file`"; then	\
    /usr/bin/xgettext --from-code=UTF-8 --omit-header --language=Perl	\
		--keyword=_ -o - $file;			\
  else								\
    echo "Don't know how to handle $file" >&2 ;		\
    exit 1;							\
  fi								\
done								\
|/usr/bin/msguniq							\
|/usr/bin/msgcat --force-po -F - po/quilt.pot -o po/quilt.pot
/usr/bin/msgmerge -o po/fr.po po/fr.po po/quilt.pot
..................... done.
/usr/bin/msgfmt --statistics -o po/fr.mo po/fr.po
182 translated messages.
/usr/bin/msgmerge -o po/de.po po/de.po po/quilt.pot
..................... done.
/usr/bin/msgfmt --statistics -o po/de.mo po/de.po
182 translated messages.
/usr/bin/msgmerge -o po/ja.po po/ja.po po/quilt.pot
...................... done.
/usr/bin/msgfmt --statistics -o po/ja.mo po/ja.po
182 translated messages.
/usr/bin/msgmerge -o po/ru.po po/ru.po po/quilt.pot
...................... done.
/usr/bin/msgfmt --statistics -o po/ru.mo po/ru.po
182 translated messages.
make[4]: Leaving directory '/mnt/sdb/ss_mod/build_dir/host/quilt-0.65'
touch /mnt/sdb/ss_mod/build_dir/host/quilt-0.65/.built
make -C /mnt/sdb/ss_mod/build_dir/host/quilt-0.65 SHELL="bash" install
make[4]: Entering directory '/mnt/sdb/ss_mod/build_dir/host/quilt-0.65'
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/bin
/usr/bin/install -c -m 755 bin/quilt bin/guards /mnt/sdb/ss_mod/staging_dir/host/bin/
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/share/quilt
/usr/bin/install -c -m 755 quilt/mail quilt/add quilt/upgrade quilt/patches quilt/refresh quilt/fold quilt/diff quilt/files quilt/revert quilt/top quilt/header quilt/remove quilt/annotate quilt/applied quilt/graph quilt/edit quilt/pop quilt/fork quilt/delete quilt/new quilt/previous quilt/grep quilt/series quilt/import quilt/snapshot quilt/push quilt/setup quilt/rename quilt/next quilt/unapplied /mnt/sdb/ss_mod/staging_dir/host/share/quilt/
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/share/quilt/scripts
/usr/bin/install -c -m 755 quilt/scripts/inspect-wrapper quilt/scripts/dependency-graph quilt/scripts/edmail quilt/scripts/remove-trailing-ws quilt/scripts/backup-files		\
	   /mnt/sdb/ss_mod/staging_dir/host/share/quilt/scripts
/usr/bin/install -c -m 644 quilt/scripts/patchfns quilt/scripts/utilfns	\
	   /mnt/sdb/ss_mod/staging_dir/host/share/quilt/scripts
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/share/doc/quilt/
/usr/bin/install -c -m 644 doc/README					\
	   /mnt/sdb/ss_mod/staging_dir/host/share/doc/quilt/
/usr/bin/install -c -m 644 doc/quilt.pdf doc/README.MAIL			\
	   /mnt/sdb/ss_mod/staging_dir/host/share/doc/quilt/
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/share/man/man1
/usr/bin/install -c -m 644 doc/quilt.1 bin/guards.1 /mnt/sdb/ss_mod/staging_dir/host/share/man/man1/
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/etc
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/etc/bash_completion.d
/usr/bin/install -c -m 644 bash_completion				\
	   /mnt/sdb/ss_mod/staging_dir/host/etc/bash_completion.d/quilt
/usr/bin/install -c -m 644 quilt.quiltrc /mnt/sdb/ss_mod/staging_dir/host/etc/
/usr/bin/install -c -d /mnt/sdb/ss_mod/staging_dir/host/share/emacs/site-lisp/
/usr/bin/install -c -m 644 lib/quilt.el /mnt/sdb/ss_mod/staging_dir/host/share/emacs/site-lisp/
for lang in fr de ja ru ; do					\
	dir=/mnt/sdb/ss_mod/staging_dir/host/share/locale/$lang/LC_MESSAGES;	\
	/usr/bin/install -c -d $dir;					\
	/usr/bin/install -c -m 644 po/$lang.mo				\
	    $dir/quilt.mo ;					\
done
rm -rf /mnt/sdb/ss_mod/staging_dir/host/share/quilt/compat
make[4]: Leaving directory '/mnt/sdb/ss_mod/build_dir/host/quilt-0.65'
mkdir -p /mnt/sdb/ss_mod/staging_dir/host/stamp
touch /mnt/sdb/ss_mod/build_dir/host/quilt-0.65/.built
touch /mnt/sdb/ss_mod/staging_dir/host/stamp/.quilt_installed
make[3]: Leaving directory '/mnt/sdb/ss_mod/tools/quilt'
time: tools/quilt/compile#3.52#1.32#6.42
make[3]: Entering directory '/mnt/sdb/ss_mod/tools/padjffs2'
mkdir -p /mnt/sdb/ss_mod/build_dir/host/padjffs2-1
cp -fpR ./src/* /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/
find /mnt/sdb/ss_mod/build_dir/host/padjffs2-1 -name .svn | xargs -r rm -rf
touch /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/.preparedecc7edeb6ada6b3bdcdbd188ed1d7abb_6664517399ebbbc92a37c5bb081b5c53
touch /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/.configured
make -C /mnt/sdb/ss_mod/build_dir/host/padjffs2-1
make[4]: Entering directory '/mnt/sdb/ss_mod/build_dir/host/padjffs2-1'
gcc  -Wall -Werror -c -o padjffs2.o padjffs2.c
gcc  -o padjffs2 padjffs2.o
make[4]: Leaving directory '/mnt/sdb/ss_mod/build_dir/host/padjffs2-1'
touch /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/.built
cp -fpR /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/padjffs2 /mnt/sdb/ss_mod/staging_dir/host/bin/
mkdir -p /mnt/sdb/ss_mod/staging_dir/host/stamp
touch /mnt/sdb/ss_mod/build_dir/host/padjffs2-1/.built
touch /mnt/sdb/ss_mod/staging_dir/host/stamp/.padjffs2_installed
make[3]: Leaving directory '/mnt/sdb/ss_mod/tools/padjffs2'
time: tools/padjffs2/compile#0.21#0.08#0.43
make[3]: Entering directory '/mnt/sdb/ss_mod/tools/mm-macros'
. /mnt/sdb/ss_mod/include/shell.sh; xzcat /mnt/sdb/ss_mod/dl/mm-common-0.9.12.tar.xz | tar -C /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/.. -xf -
[ ! -d ./src/ ] || cp -fpR ./src/* /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12
touch /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/.preparedb57a3a4d3d4ac73305a42c848cc7171b_6664517399ebbbc92a37c5bb081b5c53
(cd /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/; if [ -x configure ]; then cp -fpR /mnt/sdb/ss_mod/scripts/config.{guess,sub} /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12// && CC="gcc" CFLAGS="-O2 -I/mnt/sdb/ss_mod/staging_dir/host/include " CXX="g++" CPPFLAGS="-I/mnt/sdb/ss_mod/staging_dir/host/include " LDFLAGS="-L/mnt/sdb/ss_mod/staging_dir/host/lib " CONFIG_SHELL="/usr/bin/env bash"  bash ./configure --target=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --program-prefix="" --program-suffix="" --prefix=/mnt/sdb/ss_mod/staging_dir/host --exec-prefix=/mnt/sdb/ss_mod/staging_dir/host --sysconfdir=/mnt/sdb/ss_mod/staging_dir/host/etc --localstatedir=/mnt/sdb/ss_mod/staging_dir/host/var --sbindir=/mnt/sdb/ss_mod/staging_dir/host/bin ; fi )
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for a sed that does not truncate output... /mnt/sdb/ss_mod/staging_dir/host/bin/sed
checking for tar... tar
checking whether to download libstdc++ tags... no
checking for curl... no
checking for wget... wget
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doctags/mm-common-libstdc++.pc
config.status: creating doctags/mm-common-libstdc++-uninstalled.pc
config.status: creating macros/mm-common.m4
config.status: creating util/mm-common-prepare
config.status: creating util/mm-common-util.pc
config.status: creating util/mm-common-util-uninstalled.pc
touch /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/.configured
CFLAGS="-O2 -I/mnt/sdb/ss_mod/staging_dir/host/include " CPPFLAGS="-I/mnt/sdb/ss_mod/staging_dir/host/include " CXXFLAGS="" LDFLAGS="-L/mnt/sdb/ss_mod/staging_dir/host/lib " make -j1 -C /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12  
make[4]: Entering directory '/mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12'
/mnt/sdb/ss_mod/staging_dir/host/bin/sed 's|[@]PACKAGE_STRING[@]|mm-common 0.9.12|g;s|[@]docdir[@]|/mnt/sdb/ss_mod/staging_dir/host/share/doc/mm-common|g' ./util/mm-common-prepare.1.in >util/mm-common-prepare.1
(cd . >/dev/null && tar chof - skeletonmm/autogen.sh skeletonmm/codegen/generate_defs_and_docs.sh skeletonmm/.gitignore skeletonmm/AUTHORS skeletonmm/COPYING skeletonmm/ChangeLog skeletonmm/Makefile.am skeletonmm/README skeletonmm/configure.ac skeletonmm/skeletonmm.doap skeletonmm/build/.gitignore skeletonmm/codegen/Makefile.am skeletonmm/codegen/extradefs/generate_extra_defs_skeleton.cc skeletonmm/codegen/m4/convert.m4 skeletonmm/codegen/m4/convert_skeleton.m4 skeletonmm/codegen/m4/filelist.am skeletonmm/doc/Makefile.am skeletonmm/doc/reference/.gitignore skeletonmm/doc/reference/Doxyfile.in skeletonmm/examples/.gitignore skeletonmm/examples/Makefile.am skeletonmm/examples/example/example.cc skeletonmm/skeleton/.gitignore skeletonmm/skeleton/skeletonmm-uninstalled.pc.in skeletonmm/skeleton/skeletonmm.h skeletonmm/skeleton/skeletonmm.pc.in skeletonmm/skeleton/skeletonmmconfig.h.in skeletonmm/skeleton/skeletonmm/Makefile.am skeletonmm/skeleton/skeletonmm/filelist.am skeletonmm/skeleton/skeletonmm/wrap_init.h skeletonmm/skeleton/skeletonmm/private/.gitignore skeletonmm/skeleton/src/Makefile.am skeletonmm/skeleton/src/filelist.am skeletonmm/skeleton/src/skeleton.ccg skeletonmm/skeleton/src/skeleton.defs skeletonmm/skeleton/src/skeleton.hg skeletonmm/skeleton/src/skeleton_docs.xml skeletonmm/skeleton/src/skeleton_enum.defs skeletonmm/skeleton/src/skeleton_method.defs skeletonmm/skeleton/src/skeleton_signal.defs skeletonmm/skeleton/src/skeleton_vfunc.defs) | gzip -c -n >skeletonmm.tar.gz
make[4]: Leaving directory '/mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12'
touch /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/.built
install -d -m0755 /mnt/sdb/ss_mod/staging_dir/host/share/aclocal
install -m0644 /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/macros/*.m4 /mnt/sdb/ss_mod/staging_dir/host/share/aclocal/
mkdir -p /mnt/sdb/ss_mod/staging_dir/host/stamp
touch /mnt/sdb/ss_mod/build_dir/host/mm-common-0.9.12/.built
touch /mnt/sdb/ss_mod/staging_dir/host/stamp/.mm-macros_installed
make[3]: Leaving directory '/mnt/sdb/ss_mod/tools/mm-macros'
time: tools/mm-macros/compile#0.78#0.35#2.27
make[3]: Entering directory '/mnt/sdb/ss_mod/tools/scons'
./files/pywrap.sh /mnt/sdb/ss_mod/build_dir/host/scons-3.1.1/setup.py install --prefix=/mnt/sdb/ss_mod/staging_dir/host
Traceback (most recent call last):
  File "/mnt/sdb/ss_mod/build_dir/host/scons-3.1.1/setup.py", line 26, in <module>
    import distutils.command.build_scripts
ModuleNotFoundError: No module named 'distutils.command'
make[3]: *** [Makefile:35: /mnt/sdb/ss_mod/staging_dir/host/stamp/.scons_installed] Error 1
make[3]: Leaving directory '/mnt/sdb/ss_mod/tools/scons'
time: tools/scons/compile#0.24#0.06#0.35
make[2]: *** [tools/Makefile:159: tools/scons/compile] Error 2
make[2]: Leaving directory '/mnt/sdb/ss_mod'
make[1]: *** [tools/Makefile:155: /mnt/sdb/ss_mod/staging_dir/target-arm_cortex-a9+vfpv3_musl_eabi/stamp/.tools_compile_yynyynnyyynyyyyynyynnyyyynyyyyyyyyyyyyyyynyynynnyyynnyyy] Error 2
make[1]: Leaving directory '/mnt/sdb/ss_mod'
make: *** [/mnt/sdb/ss_mod/include/toplevel.mk:218: world] Error 2
30.07.20192415PackagesBug ReportVery LowLowNginx or Openssl cannot use http2 on x86_64 platformsTrunkUnconfirmed Task Description

Select compile platform for x86_64,
enable nginx http2 option, start compiling, then enable http2 parameters via conf file, you will find that the website cannot be opened.
Only enable http1 and tls 1.3, no problem.

There is no such problem in the bcm53xx platform test.

Trunk kernel version 4.19.57
openssl version 1.1.1c
nginx version 1.16.0

10.08.20181762Base systemBug ReportVery LowMedium18.06.1 openvpn (mbedtls and openssl) write to TUN/TAP ...openwrt-18.06Unconfirmed Task Description

I have tested this with a tl-wr842n-v3 (ar71xx/generic) and MikroTik rb750gr3 (ramips/mt7621). The problem seems to be architecture independant. This setup works fine with 17.05.1

There is already an issue filed with freifunk-berlin https://github.com/freifunk-berlin/firmware/issues/580

With 18.06.1 I have tested with openvpn-mbedtls and openvpn-openssl. With 17.01.5 I tested with openvpn-mbedtls. Attached are pcapng files for both the wan interface (host filtered) and the ffuplink (vpn) interface. On the ffuplink interface I simply ran a “ping <IPADDR> -I ffuplink”.

Attached is also an example log from 18.06.1 and the configuration for openvpn on the router.

Also worth noting is that there are crc errors being reported which I run tcpdump directly on the router

 ~# tcpdump  -nvvi br-wan host 217.197.83.193
tcpdump: listening on br-wan, link-type EN10MB (Ethernet), capture size 262144 bytes
22:50:56.042355 IP (tos 0x0, ttl 64, id 3801, offset 0, flags [DF], proto UDP (17), length 136)
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0x8450!] UDP, length 108
22:50:57.050206 IP (tos 0x0, ttl 64, id 3838, offset 0, flags [DF], proto UDP (17), length 136) 
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0xcf66!] UDP, length 108
22:50:57.059920 IP (tos 0x0, ttl 59, id 62922, offset 0, flags [DF], proto UDP (17), length 66)
    217.197.83.193.1194 > 192.168.200.3.1194: [udp sum ok] UDP, length 38
22:50:58.058255 IP (tos 0x0, ttl 64, id 3859, offset 0, flags [DF], proto UDP (17), length 136)
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0x0c0a!] UDP, length 108
22:50:59.066179 IP (tos 0x0, ttl 64, id 3941, offset 0, flags [DF], proto UDP (17), length 136)
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0x3675!] UDP, length 108
22:51:00.074120 IP (tos 0x0, ttl 64, id 3973, offset 0, flags [DF], proto UDP (17), length 136)
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0x8ba0!] UDP, length 108
22:51:01.082085 IP (tos 0x0, ttl 64, id 4039, offset 0, flags [DF], proto UDP (17), length 136)
    192.168.200.3.1194 > 217.197.83.193.1194: [bad udp cksum 0xb6b8 -> 0x0392!] UDP, length 108

I unfortunately can not be of much help with debugging this issue before the beginning of Sept (traveling). If anyone wants to test with the same server, you can apply for a freifunk-berlin tunnel cert at http://tunnel.berlin.freifunk.net (hopefully the cert will get approved quickly). To get the extra data files in the /etc/openvpn diretory, please temporarily install berlin-freifunk’s Hedy-1.0.1 firmware (tunnel-berlin version).

I unfortunately don’t have acces to the vpn server (217.197.83.193) so I cannot post the server config. A similar config from a peer server is attached.

28.08.2017990Base systemBug ReportVery LowLowopenvpn-openssl does not build without deprecated OpenS...TrunkUnconfirmed Task Description

With LEDE HEAD (4b3ffecf2bbbfb8df618314e5bec52659b648fac) and no CONFIG_OPENSSL_WITH_DEPRECATED, I get

ccache_cc -DHAVE_CONFIG_H -I. -I../.. -I../../include  -I../../include -I../../src/compat -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-
mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include   -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include   -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -DPLUGIN_LIBDIR=\"/usr/lib/openvpn/plugins\"  -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller
-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections  -std=c99 -MT crypto_openssl.o -MD -MP
-MF .deps/crypto_openssl.Tpo -c -o crypto_openssl.o crypto_openssl.c
In file included from syshead.h:182:0,
                 from crypto_openssl.c:35:
/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
 #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
  ^
In file included from crypto_openssl.c:44:0:
openssl_compat.h: In function 'RSA_set_flags':
openssl_compat.h:326:12: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
         rsa->flags = flags;
            ^
openssl_compat.h: In function 'RSA_get0_key':
openssl_compat.h:346:23: error: dereferencing pointer to incomplete type 'RSA {aka const struct rsa_st}'
         *n = rsa ? rsa->n : NULL;
                       ^
openssl_compat.h: In function 'RSA_set0_key':
openssl_compat.h:380:9: warning: implicit declaration of function 'BN_free' [-Wimplicit-function-declaration]
         BN_free(rsa->n);
         ^
openssl_compat.h: In function 'RSA_bits':
openssl_compat.h:410:16: warning: implicit declaration of function 'BN_num_bits' [-Wimplicit-function-declaration]
     return n ? BN_num_bits(n) : 0;
                ^
openssl_compat.h: In function 'DSA_get0_pqg':
openssl_compat.h:429:23: error: dereferencing pointer to incomplete type 'DSA {aka const struct dsa_st}'
         *p = dsa ? dsa->p : NULL;
                       ^
In file included from crypto_openssl.c:40:0:
openssl_compat.h: In function 'RSA_meth_new':
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
                               ^
buffer.h:1014:61: note: in definition of macro 'ALLOC_OBJ'
         check_malloc_return((dptr) = (type *) malloc(sizeof(type))); \
                                                             ^
openssl_compat.h:470:5: note: in expansion of macro 'ALLOC_OBJ_CLEAR'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
     ^
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
                               ^
buffer.h:1020:34: note: in definition of macro 'ALLOC_OBJ_CLEAR'
         memset((dptr), 0, sizeof(type)); \
                                  ^
In file included from crypto_openssl.c:44:0:
openssl_compat.h:471:13: error: dereferencing pointer to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     rsa_meth->name = string_alloc(name, NULL);
             ^
Makefile:672: recipe for target 'crypto_openssl.o' failed
make[7]: *** [crypto_openssl.o] Error 1

This looks to be due to incomplete backports of openssl1.1 changes into 1.0.2l (or earlier 1.0 releases, I’m not sure). In particular, many of these pieces of code are guarded by #ifdef HAVE_... tests which are currently evaluating to false. For example,
HAVE_DSA_GET0_PQG is unset because

<code>
configure:16116: checking for DSA_get0_pqg
configure:16116: ccache_cc -o conftest -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections -std=c99 -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/lib -znow -zrelro -Wl,–gc-sections conftest.c -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -lcrypto -lssl >&5
/tmp/cczFWI5b.o: In function `main’:
conftest.c:(.text.startup.main+0×2): undefined reference to `DSA_get0_pqg’ <code>

07.09.2016162Base systemBug ReportVery LowLowTwo issues with libuclient-openssl in luci-sslTrunkUnconfirmed Task Description

1: RC4 and 3DES are used when both have security issues. Actually the latter also is true of mbedtls/polarssl.

2: Only TLS 1.2 is supported. This makes multiple clients unable to connect.

BTW, I got this working after modifying the Makefile to luci-ssl to depend on libustream-openssl instead. No idea what the situation is but so far it works without a problem.

Showing tasks 1 - 8 of 8 Page 1 of 1

Available keyboard shortcuts

Tasklist

Task Details

Task Editing