Re: [OpenIndiana-discuss] OpenVPN inside a Zone

Sun, 17 Sep 2017 15:47:31 -0700 

Hi Jim
Yes I have those permisions set. The interface gets set up. The connection gets established but OpenVPN Segfaults somewhere during cipher handling. 


What version are you using? Have you needed to modify smf to make 
openvpn work?


Greetings
Till

Am 17.09.2017 um 23:48 schrieb Jim Klimov:

On September 17, 2017 10:17:04 PM GMT+02:00, "Till Wegmüller" 
<toaster...@gmail.com> wrote:

Hello Everyone

I am trying to install openvpn into a zone. However I am getting stuck.

I am getting setpriv error when launching via smf.
I have the priv part of the openindiana.README inside the manifest (it
was there from installation).

If I Launch OpenVPN via console (no daemon) it runs until "TCPv4_SERVER

READ [448] from [AF_INET]$CLIENTIP: P_DATA_V2 kid=0 DATA len=447" after

that it segfaults and dumps core.

pstack core says

core 'core' of 9356:    /usr/sbin/openvpn --config
/etc/openvpn/openvpn.conf
  00000000 ???????? (81791e4, 80467f0, c, 1)
  febc4a3a aesni_gcm_init_key (817cde0, 0, 80467f0, 0) + da
febc0491 EVP_CipherInit_ex (817cde0, 0, 0, 0, 80467f0, ffffffff) + 151
  08071409 cipher_ctx_reset (817cde0, 80467f0, 8, 8066edb) + 19
0806ad62 openvpn_decrypt_aead (a06, 0, 0, 8160648, 814e034, 814d960) +
232
  0806c4c5 openvpn_decrypt (814db44, a06, 0, 0, 8160648, 814e034) + 75
080752be process_incoming_link_part1 (814d30c, 813ca90, 0, 8162690) +
1be
0809a22a multi_process_incoming_link (80469ec, 814d188, 9, 8072ca7, 8,
8046a64) + aa
  08092972 multi_tcp_action (0, 80472ec, 8146ac0, 404, 8046f88,
fefd2482) + 532
  08092fad tunnel_server_tcp (8047454, 8047454, 80fd440, 0, 805c173,
fed3a28a) + 3ed
  0809dcd1 openvpn_main (feffb0a8) + 1f1
0809df8b main     (8047dec, fef5f2c8, 8047e28, 8064e23, 3, 8047e34) +
1b
  08064e23 _start   (3, 8047ef0, 8047f02, 8047f0b, 0, 8047f25) + 83

Does anybody have an idea what the setpriv Error could be?
Has anybody a working OpenVPN Server in a zone?

Thanks in advance for any help
Greetings
Till

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


Yes, our router lives in a zone nicely.

IIRC there are privs to set for the zone itself, so it is permitted to 
manipulate the network, and pass the tun/tap device nodes.

Jim
--
Typos courtesy of K-9 Mail on my Android



_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss






















					Reply via email to