Menu
▾
▴
Re: [Openvpn-users] Segmentation fault upon client connect
|
From: Jan J. K. <ja...@ni...> - 2019-07-24 10:29:23
|
Hi, On 23/07/19 19:11, Stephen Reese wrote: > > Let me dive into this deeper, but this did not use to happen - > I've used CentOS 6+7 icw OpenVPN for years , including > client-connect scripts and have never seen coredumps like that. > Are you using selinux? auditing? what is your policy on those? > > > I had SELinux disabled (permissive) and did not enable any special > auditing. The image used is from https://github.com/plus3it/spel and > running in AWS. just tried this on a "plain" CentOS 7 box and I am not seeing any seg faults upon client-connect; this is with the EPEL version of OpenVPN 2.4.7. The openssl library on RHEL/CentOS 7 is indeed FIPS compliant, but FIPS mode still needs to be explicitly enabled inside an application, usually using FIPS_mode_set(). You can check whether your version of OpenVPN has been patched to do this by running: # objdump -tT /usr/sbin/openvpn | grep FIPS ( no output, meaning no FIPS calls ) In contrast to: # objdump -tT /usr/bin/openssl | grep FIPS 0000000000000000 DF *UND* 0000000000000000 libcrypto.so.10 FIPS_mode 0000000000000000 DF *UND* 0000000000000000 libcrypto.so.10 FIPS_mode_set I've looked at the github page but it's too much of a bother to actually get/build such an image (for my VMware player). If you can provide me with a prebuilt image, including root access I can have a quick peek. HTH, JJK |
