Ubuntu
network-manager-openvpn package

/dev/urandom not included in chroot, leads to crashes with static key

Bug #1618363 reported by Robert Sander on 2016-08-30

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	network-manager-openvpn (Debian)	Fix Released	Unknown	debbugs #820554
	network-manager-openvpn (Ubuntu)	Confirmed	High	Unassigned

Bug Description

I am trying to connect to an OpenVPN server with a static key and get these error messages in the logfile:

Aug 30 10:31:37 defiant nm-openvpn[11201]: RAND_bytes() failed
Aug 30 10:31:37 defiant nm-openvpn[11201]: Assertion failed at crypto.c:1386 (rand_bytes (output, len))
Aug 30 10:31:37 defiant nm-openvpn[11201]: Exiting due to fatal error

This looks like Debian bug #820554

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: network-manager-openvpn 1.1.93-1ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
Uname: Linux 4.4.0-36-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Aug 30 10:37:43 2016
InstallationDate: Installed on 2012-06-14 (1537 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
SourcePackage: network-manager-openvpn
UpgradeStatus: Upgraded to xenial on 2016-08-30 (0 days ago)

Tags:

Revision history for this message

Robert Sander (gurubert) wrote on 2016-08-30:

Dependencies.txt Edit (2.6 KiB, text/plain; charset="utf-8")
JournalErrors.txt Edit (108.2 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (387 bytes, text/plain; charset="utf-8")

Revision history for this message

Robert Sander (gurubert) wrote on 2016-08-30:

Solution:

Create a directory /var/lib/openvpn/chroot/dev
Create device nodes for random and urandom within the chroot dev directory:

mknod random c 1 8
mknod urandom c 1 9

Bug Watch Updater (bug-watch-updater) on 2016-08-30

Changed in network-manager-openvpn (Debian):
status:	Unknown → New

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-09-28:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openvpn (Ubuntu):
status:	New → Confirmed

Revision history for this message

Luca Bellinzaghi (luca-bellinzaghi) wrote on 2016-10-03:

Solution proposed by Robert Sander has worked for me. Thank you.

Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial

Revision history for this message

Alberto Salvia Novella (es20490446e) wrote on 2016-10-03:

Does the entire system crash?

When answered please set status back to "confirmed". Thank you.

Changed in network-manager-openvpn (Ubuntu):
status:	Confirmed → Incomplete

Revision history for this message

Robert Sander (gurubert) wrote on 2016-10-04:

No, only the openvpn process crashes.

Changed in network-manager-openvpn (Ubuntu):
status:	Incomplete → Confirmed

Alberto Salvia Novella (es20490446e) on 2016-10-13

Changed in network-manager-openvpn (Ubuntu):
importance:	Undecided → Medium
importance:	Medium → High

Bug Watch Updater (bug-watch-updater) on 2023-01-12

Changed in network-manager-openvpn (Debian):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #820554
[done normal] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntunetwork-manager-openvpn package

/dev/urandom not included in chroot, leads to crashes with static key

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
network-manager-openvpn package