[OpenIndiana-discuss] OpenVPN inside a Zone

Till Wegmüller toasterson at gmail.com
Sun Sep 17 22:46:14 UTC 2017 

Hi Jim

Yes I have those permisions set. The interface gets set up. The 
connection gets established but OpenVPN Segfaults somewhere during 
cipher handling.

What version are you using? Have you needed to modify smf to make 
openvpn work?

Greetings
Till

Am 17.09.2017 um 23:48 schrieb Jim Klimov:
> On September 17, 2017 10:17:04 PM GMT+02:00, "Till Wegmüller" <toasterson at gmail.com> wrote:
>> Hello Everyone
>>
>> I am trying to install openvpn into a zone. However I am getting stuck.
>>
>> I am getting setpriv error when launching via smf.
>> I have the priv part of the openindiana.README inside the manifest (it
>> was there from installation).
>>
>> If I Launch OpenVPN via console (no daemon) it runs until "TCPv4_SERVER
>>
>> READ [448] from [AF_INET]$CLIENTIP: P_DATA_V2 kid=0 DATA len=447" after
>>
>> that it segfaults and dumps core.
>>
>> pstack core says
>>
>> core 'core' of 9356:    /usr/sbin/openvpn --config
>> /etc/openvpn/openvpn.conf
>>   00000000 ???????? (81791e4, 80467f0, c, 1)
>>   febc4a3a aesni_gcm_init_key (817cde0, 0, 80467f0, 0) + da
>> febc0491 EVP_CipherInit_ex (817cde0, 0, 0, 0, 80467f0, ffffffff) + 151
>>   08071409 cipher_ctx_reset (817cde0, 80467f0, 8, 8066edb) + 19
>> 0806ad62 openvpn_decrypt_aead (a06, 0, 0, 8160648, 814e034, 814d960) +
>> 232
>>   0806c4c5 openvpn_decrypt (814db44, a06, 0, 0, 8160648, 814e034) + 75
>> 080752be process_incoming_link_part1 (814d30c, 813ca90, 0, 8162690) +
>> 1be
>> 0809a22a multi_process_incoming_link (80469ec, 814d188, 9, 8072ca7, 8,
>> 8046a64) + aa
>>   08092972 multi_tcp_action (0, 80472ec, 8146ac0, 404, 8046f88,
>> fefd2482) + 532
>>   08092fad tunnel_server_tcp (8047454, 8047454, 80fd440, 0, 805c173,
>> fed3a28a) + 3ed
>>   0809dcd1 openvpn_main (feffb0a8) + 1f1
>> 0809df8b main     (8047dec, fef5f2c8, 8047e28, 8064e23, 3, 8047e34) +
>> 1b
>>   08064e23 _start   (3, 8047ef0, 8047f02, 8047f0b, 0, 8047f25) + 83
>>
>> Does anybody have an idea what the setpriv Error could be?
>> Has anybody a working OpenVPN Server in a zone?
>>
>> Thanks in advance for any help
>> Greetings
>> Till
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> Yes, our router lives in a zone nicely.
> 
> IIRC there are privs to set for the zone itself, so it is permitted to manipulate the network, and pass the tun/tap device nodes.
> 
> Jim
> --
> Typos courtesy of K-9 Mail on my Android
>

More information about the openindiana-discuss mailing list