Current stable net-misc/openvpn-2.3.6 has a bug that causes it so not start up if a null cipher is configured. See link above for details and fix. Reproducible: Always Steps to Reproduce: Start openvpn with a config file like this: client dev tun0 dev-type tap proto udp remote server.example.org 1194 nobind daemon openvpn ca "0xff-keys/ca.crt" cert "0xff-keys/client.crt" key "0xff-keys/client.key" cipher none ns-cert-type server Actual Results: Thu Dec 4 19:11:51 2014 us=957211 OpenVPN 2.3.6 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 3 2014 Thu Dec 4 19:11:51 2014 us=957282 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Thu Dec 4 19:11:51 2014 us=957692 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Dec 4 19:11:51 2014 us=973210 ******* WARNING *******: null cipher specified, no encryption will be used Thu Dec 4 19:11:51 2014 us=973415 Assertion failed at crypto_openssl.c:523 Thu Dec 4 19:11:51 2014 us=973475 Exiting due to fatal error
Those patches don't seem to apply on straight 2.3.6.
Created attachment 395902 [details, diff] fix-cipher-null.patch I have this patch living in my /etc/portage/patches, it applies and fixes the problem described in the report. I don't know the code well enough to say whether it has insecure side-effects, but then, you're running a VPN with a null cipher if you need this so...
(In reply to Peter Gantner (a.k.a. nephros) from comment #2) > Created attachment 395902 [details, diff] [details, diff] > > I have this patch living in my /etc/portage/patches, it applies and fixes > the problem described in the report. Just to clarify, this is identical to the last patch in the linked report (0001-Really-fix-cipher-none.patch), and AFAICS the only one needed.
Thanks. Fixed in openvpn-2.3.6-r1.
