#1367 closed Bug / Defect (notabug)
OpenSSL version too old Ubuntu 16.04 OpenSSL 1.0.2g OpenVPN 2.5.0
Reported by: | alicek | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | release 2.5 |
Component: | Generic / unclassified | Version: | OpenVPN 2.5.0 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
I'm trying to run OpenVPN client 2.5.0, but the connection is constantly being re-connected.
Connection reset, restarting [0] SIGUSR1[soft,connection-reset] received, process restarting
I tried to re-build OpenVPN manually and got this error:
checking additionally if OpenSSL is available and version >= 1.0.2... configure: error: OpenSSL version too old
But the documentation says that any version OpenSSL >= 1.0.2 is suitable. https://github.com/OpenVPN/openvpn/blob/master/INSTALL
REQUIRES: ... (2) OpenSSL library, necessary for encryption, version 1.0.2 or higher required, available from http://www.openssl.org/ or ...
Am I wrong? Should the client work with version 1.0.2g?
OpenVPN 2.5.0 OpenSSL 1.0.2g
OpenVPN 2.5.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Originally developed by James Yonan Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Change History (4)
comment:1 Changed 2 years ago by
Resolution: | → notabug |
---|---|
Status: | new → closed |
comment:2 Changed 2 years ago by
Replying to alicek:
I tried to re-build OpenVPN manually and got this error:
checking additionally if OpenSSL is available and version >= 1.0.2... configure: error: OpenSSL version too oldBut the documentation says that any version OpenSSL >= 1.0.2 is suitable. https://github.com/OpenVPN/openvpn/blob/master/INSTALL
The message says that you do not have openssl 1.0.2 or greater on your system.
comment:3 Changed 2 years ago by
Thanks for your reply.
Naturally, I can upgrade the system to version 18.04 or 20.04. Everything works fine on these versions.
I also manually updated OpenSSL from version 1.0.2g to version 1.1.1c, and everything works.
As I indicated above, the OpenSSL 1.0.2g library is installed on my test system, which belongs to version 1.0.2 of OpenSSL (https://www.openssl.org/news/openssl-1.0.2-notes.html). So it should pass the check.
Yes, I'm a bore. But maybe it will be useful to someone. Thank you for your time.
comment:4 Changed 2 years ago by
Well, in that case you'll need to figure out why it is not working on your system.
Configure writes a log where it details what it tests and why it concludes that "your openssl version is too old".
I can tell you that it generally works with OpenSSL 1.0.2 (already did that), and "so that it can be useful to someone" I went out and tested it on my Ubuntu 16.04 system:
gert@ubuntu1604$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.4 LTS" gert@ubuntu1604:~/openvpn.git$ git checkout v2.5.0 ... gert@ubuntu1604:~/openvpn.git$ autoreconf -vif ... gert@ubuntu1604:~/openvpn.git$ ./configure ... checking for OPENSSL... no checking additionally if OpenSSL is available and version >= 1.0.2... ok ... config.status: executing libtool commands gert@ubuntu1604:~/openvpn.git$ make ... gert@ubuntu1604:~/openvpn.git$ src/openvpn/openvpn --version OpenVPN 2.5.0 [git:HEAD/a73072d8f780e888] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 17 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
I have also tested with the 2.5.0 release tarball (to make sure it's not something funky with the "autoreconf" being run on a different system). Works.
So - this is something on your system, not a general OpenVPN build issue. If you do not want to upgrade, you'll have to figure out what you did to break openssl detection.
I just re-checked configure.ac, and it requests 1.0.2 from the system, or newer
so I would guess that there are different openssl versions lying around on your system, and one of them is too old.
My FreeBSD builds use this
and it works fine.
I would just update that ubuntu to 18.04 or 20.04 - not worth spending extra time on systems that are out of support, are no longer receiving bugfixes, etc.